The Key to Getting People to Be Safer Online: Make the Appeals More Personal
June 7, 2021 | Serge Egelman and Eyal Pe'er for Wall Street Journal

Many of us know that strong passwords are crucial protection against hackers, yet many people still routinely use weak ones. So, how can they be encouraged to create stronger passwords? Our research suggests the answer is to make the appeal more personal.

How it came to have that private key is the key question. Nicholas Weaver, a lecturer at the computer science department at University of California, Berkeley, said the most likely explanation is that law enforcement agents seized money from a specific DarkSide affiliate responsible for bringing the crime gang the initial access to Colonial’s systems.

Want to Stop Ransomware Attacks? Ban Bitcoin and Other Cryptocurrencies.
June 2, 2021 | Jacob Silverman, The New Republic

With conventional banking off-limits, “the ransomware problem is a Bitcoin problem,” wrote Nicholas Weaver, who researches computer security at the International Computer Science Institute. And a full ban may not ultimately be necessary.

Hacker Lexicon: What Is a Supply Chain Attack?
May 31, 2021| Andy Greenberg, Wired | Also appeared in Ars Technica on June 6, 2021

"Supply chain attacks are scary because they're really hard to deal with, and because they make it clear you're trusting a whole ecology," says Nick Weaver, a security researcher at UC Berkeley's International Computer Science Institute. "You're trusting every vendor whose code is on your machine, and you're trusting every vendor's vendor."

The experts on the panel — Angela Campbell, a Georgetown Law professor; Serge Egelman, a research director at UC Berkeley; and Beeban Kidron, founder and chair of 5Rights Foundation — also all testified in opposition to Instagram launching a platform for kids.

The IRS Wants Help Hacking Cryptocurrency Hardware Wallets
April 29, 2021 | Lorenzo Franceschi-Bicchierai, Vice

"It seems like overkill," Nicholas Weaver, a senior researcher at the International Computer Science Institute at UC Berkeley, told Motherboard in an online chat. "For most of these devices a choice of 'Either give us the password or rot in jail for contempt' might be sufficient."

“One of the problems is that there have been a lot of advances in security—good advances aimed at protecting users—that make it a lot harder to intercept the traffic, which at the same time we need to do to see what’s in it,” said [Serge] Egelman.

“This fix is a one-line thing where you remove a line that logs sensitive information to the system log. It doesn’t impact the program, it doesn’t change how it works, ” said Joel Reardon.

The problem is an implementation issue and not inherent to the exposure notification framework, Serge Egelman, the chief technology officer at AppCensus, said in a statement posted on Twitter.

Hyperconnectivity and the Path to 6G
April 22, 2021 | Frank Schirrmeister, Semiconductor Engineering

A recent talk by Professor Gerhard Fettweiss reminded me of the duality of business and consumer drivers for the various generations of cellular communications.