Press

Your Apps Know Where You Were Last Night, and They’re Not Keeping It Secret
December 10, 2018 | Jennifer Valentin-DeVries, Natasha Singer, Michael H. Keller and Aaron Krolik, New York Times

The spread of this information raises questions about how securely it is handled and whether it is vulnerable to hacking, said Serge Egelman, a computer security and privacy researcher affiliated with the University of California, Berkeley. “There are really no consequences” for companies that don’t protect the data, he said, “other than bad press that gets forgotten about.”

Arrest of Top Huawei Executive Could Roil Trade Talks with China
December 7, 2018 | Elias Groll, Foreign Policy

“Cell phone networks are deliberately insecure in order to enable wiretapping,” said Nick Weaver, a staff researcher at the International Computer Science Institute. “Using Chinese-built infrastructure is just asking to say, ‘Let Chinese intelligence conduct wiretaps,’ since the infrastructure itself is designed to support such meddling.”

“Their reputation is warranted and they are very good. They have worked for both parties for years now,” said Nicholas Weaver, a computer security expert at the University of California, Berkeley. “Criticism of CrowdStrike's job in both cases is unfair. They are an incident response team: You bring them in AFTER the manure has hit the 3 MW wind turbine. So it is unfair to complain about a mess,” Weaver said in an email.

It's Past Time To Pay Much More Attention To API Security
December 5, 2018 | Taylor Armerding, Forbes

Nicholas Weaver, researcher at the International Computer Science Institute and lecturer at University of California, Berkeley, told Krebs that implementing access controls is “not even Information Security 101, this is Information Security 1,” and that the failure of the USPS and others to do so was “catastrophically bad.”

USPS Site Exposed Data on 60 Million Users​
November 18, 2018 | Brian Krebs, Krebs on Security

Nicholas Weaver, a researcher at the International Computer Science Institute and lecturer at UC Berkeley, said the API should have validated that the account making the request had permission to read the data requested.“It seems like the only access control they had in place was that you were logged in at all. And if you can access other peoples’ data because they aren’t enforcing access controls on reading that data, it’s catastrophically bad and I’m willing to bet they’re not enforcing controls on writing to that data as well.”

How Does Cryptocurrency Work?
November 2, 2018 | Austin Thompson, Mental Floss

Speaking to Vox, Nicholas Weaver of the International Computer Science Institute at UC Berkeley explained that miners—the people who create the blocks and get paid for their efforts—are disproportionately powerful and serve as the central agency that cryptocurrencies are trying to avoid.

Nicholas Weaver, a senior staff researcher at the International Computer Science Institute, wrote that it "[sounds] like Apple patched whatever secure-enclave exploit that GrayKey used to do the on-chip brute force attack."

What you need to know before investing in cryptocurrency
October 5, 2018 | Ahiza Garcia, CNN Business

"Their only value is in the belief that someone later will pay more," says Nicholas Weaver, a senior researcher at The International Computer Science Institute.

Chinese spy chips would be a ‘god-mode’ hack, experts say​
October 04, 2018 | Ashley Carman, The Verge

Nicholas Weaver, a professor at Berkeley’s International Computer Science Institute described an alarming attack. Weaver told The Verge that “This is a ‘god mode’ exploit in the system management subsystem.”

There's No Good Fix If the Supply Chain Gets Hacked
October 4, 2018 | Lily Hay Newman, Wired

"This is a scary-big deal," says Nicholas Weaver, a security researcher at the University of California at Berkeley.

Pages