CrowdStrike, Ukraine, and the DNC server: Timeline and facts​
December 03, 2019 | Cynthia Brumfield, CSO

Nicholas Weaver, a senior staff researcher focusing on computer security at the International Computer Science Institute in Berkeley, California, tells CSO that “Russia's hacking of the DNC and Podesta is cloaked in only ‘implausible deniability.’ Those who want to convince themselves otherwise are simply willfully ignoring the mountains of evidence. The only reason to do that is to admit the truth is to go up against the President's personal delusions.”

Encryption and Combating Child Exploitation Imagery​
October 23, 2019 | Nicholas Weaver, Lawfare Blog (ICSI)

The current systems for detecting these child exploitation images rely on bulk surveillance by private companies, and even the most cursory encryption—with “exceptional access” or no—will eliminate this surveillance. If the government is serious about policy changes designed to keep this detection capability in the face of encryption, however, the best policy is not to weaken communication security but instead to mandate endpoint scanning of images as they appear on phones and computers.

China is rolling out a 5G network faster than anyone else
September 26, 2019 | Gwynn Guilford, MSN Money

“Having [supply chain] codependency was useful because it allowed us to at least somewhat enforce sanctions against Iran and North Korea and stuff like that,” [Nicholas Weaver, a computer security expert at the International Computer Science Institute] says. “But a full-on balkanization means that in the future we won’t be able to do that.”

Nicholas Weaver, a researcher at UC Berkeley's International Computer Science Institute, summed up much of this criticism by tweeting: “The thing that bugs me most about Apple these days is that they are all-in on the Chinese market and, as such, refuse to say something like ‘A government intent on ethnic cleansing of a minority population conducted a mass hacking attack on our users.’"

Nicholas Weaver of the International Computer Science Institute at the University of California-Berkeley has some doubts. "Not only is [Grant's approach] not optimal for factoring (the number sieve algorithm is substantially better)," he told me, "but the discrete log problem, on which the other major public key algorithms [including elliptic curve] are based, is not solved by factoring at all."

Consider the words of Serge Egelman, the director of usable security and privacy research the International Computer Science Institute, which found 1,325 malicious Android apps. "Fundamentally, consumers have very few tools and cues that they can use to reasonably control their privacy and make decisions about it," Egelman said earlier this year. "If app developers can just circumvent the system, then asking consumers for permission is relatively meaningless."

No Means No
July 19, 2019 | Dominic Dhil Panakal

Researchers from the International Computer Science Institute found up to 1,325 Android applications (apps) gathering data from devices despite being explicitly denied permission.

Serge Egelman, director of usable security and privacy research at ICSI, will reportedly be sharing the details of the 1,325 apps that have been gathering information without user permission at the Usenix Security conference in August.

Researchers from the International Computer Science Institute found up to 1,325 Android apps that were gathering data from devices even after people explicitly denied them permission. Serge Egelman, director of usable security and privacy research at the ICSI, presented the study in late June at the Federal Trade Commission's PrivacyCon.

Officially, apps generally interact with Android through software hooks known as APIs, giving the operating system the ability to manage their access. “While the Android APIs are protected by the permission system, the file system often is not,” said Serge Egelman, research director of the Usable Security and Privacy Group at the International Computer Science Institute. “There are apps that can be denied access to the data, but then they find it in various parts of the file system.”