Press

There’s a Huge WiFi Security Hole, But Don’t Panic
October 16, 2017 | Joseph Cox, The Daily Beast

“For those using a pre-shared password—the cliche "what is the WiFi password?"—this is a non-issue,” Nicholas Weaver, a senior researcher at the International Computer Science Institute at UC Berkeley, told The Daily Beast.

Experian Site Can Give Anyone Your Credit Freeze PIN
September 21, 2017 | Brian Krebs, Krebs on Security

“Whenever I’m faced with KBA-type questions I find that database tools like Spokeo, Zillow, etc are my friend because they are more likely to know the answers for me than I am,” said Nicholas Weaver, a senior researcher in networking and security for the International Computer Science Institute (ICSI).

3 faculty, staff members receive Berkeley Visionary of the Year award
September 19, 2017 | Gioia Von Staden, The Daily Californian

Scott Shenker is a computer science professor on campus who “revolutionized the way that data storage happens on the internet,” Daly said. He focuses on software-defined networks, or SDN, which construct and design online networks.

"Although science cannot decide moral questions, given a standard from ethics, science can shed light on how to enforce it, its consequences and how it compares to other standards," said Michael Tschantz, a principle investigator from ICSI, in a news release.

Nicholas Weaver, a computer security researcher at UC Berkeley, called the U.S. government decision “prudent” — he had argued for such a step in July. But he added by email that “for most everybody else, the software is fine.”

"Apple wants to live in a world where the phone in your hands is super valuable, but in anyone else’s hands is a brick...If that messes up police's and customs' forensic dumps? So what. The benefits outweigh the harm."

Researchers Devise Hopeful Defense Against Credential Spear Phishing Attacks
September 5, 2017 | Kevin Touwnsend, Security Week

"Ultimately," conclude the researchers, "our detector's ability to identify both known and novel attacks, and the low volume and burden of alerts it imposes, suggests that our approach provides a practical path towards detecting credential spearphishing attacks."

The app for the drug store allows you to get coupons as well as refill your prescription and find nearby pharmacies. The store-locator feature contains the privacy flaw, which has resulted in the app sending out GPS coordinates to outside entities, said Serge Egelman, director of security and privacy research at the International Computer Science Institute. ICSI is affiliated with the University of California at Berkeley.

A group of researchers recently identified a real-time way to detect credential spearphishing attacks in enterprise settings. The discovery net the researchers $100,000 last week from Facebook, which awards money as part of its annual Internet Defense Prize partnership with USENIX Association.

Berkeley boffins build better spear-phishing black-box bruiser
August 18, 2017 | Thomas Claburn, The Register

In a paper presented at Usenix 2017, titled "Detecting Credential Spearphishing in Enterprise Settings," Grant Ho, Mobin Javed, Vern Paxson, and David Wagner from UC Berkeley, and Aashish Sharma of The Lawrence Berkeley National Laboratory (LBNL), describe a system that utilizes network traffic logs in conjunction with machine learning to provide real-time alerts when employees click on suspect URLs embedded in emails.

Pages