USPS Site Exposed Data on 60 Million Users​
November 18, 2018 | Brian Krebs, Krebs on Security

Nicholas Weaver, a researcher at the International Computer Science Institute and lecturer at UC Berkeley, said the API should have validated that the account making the request had permission to read the data requested.“It seems like the only access control they had in place was that you were logged in at all. And if you can access other peoples’ data because they aren’t enforcing access controls on reading that data, it’s catastrophically bad and I’m willing to bet they’re not enforcing controls on writing to that data as well.”

How Does Cryptocurrency Work?
November 2, 2018 | Austin Thompson, Mental Floss

Speaking to Vox, Nicholas Weaver of the International Computer Science Institute at UC Berkeley explained that miners—the people who create the blocks and get paid for their efforts—are disproportionately powerful and serve as the central agency that cryptocurrencies are trying to avoid.

Nicholas Weaver, a senior staff researcher at the International Computer Science Institute, wrote that it "[sounds] like Apple patched whatever secure-enclave exploit that GrayKey used to do the on-chip brute force attack."

What you need to know before investing in cryptocurrency
October 5, 2018 | Ahiza Garcia, CNN Business

"Their only value is in the belief that someone later will pay more," says Nicholas Weaver, a senior researcher at The International Computer Science Institute.

Chinese spy chips would be a ‘god-mode’ hack, experts say​
October 04, 2018 | Ashley Carman, The Verge

Nicholas Weaver, a professor at Berkeley’s International Computer Science Institute described an alarming attack. Weaver told The Verge that “This is a ‘god mode’ exploit in the system management subsystem.”

There's No Good Fix If the Supply Chain Gets Hacked
October 4, 2018 | Lily Hay Newman, Wired

"This is a scary-big deal," says Nicholas Weaver, a security researcher at the University of California at Berkeley.

AT&T and Verizon want to manage your identity across websites and apps
September 13, 2018 | Jon Brodkin, Ars Technica

But Krebs is still skeptical, and so is security researcher Nicholas Weaver of the International Computer Science Institute at UC Berkeley. Krebs paraphrased Weaver as saying that "this new solution could make mobile phones and their associated numbers even more of an attractive target for cyber thieves."

How Game Apps That Captivate Kids Have Been Collecting Their Data
September 12, 2018 | Jennifer Valentino-DeVries, Natasha Singer, Aaron Krolik, and Michael H. Keller, New York Times

Serge Egelman, a researcher with the International Computer Science Institute affiliated with the University of California, Berkeley, helped lead the study of nearly 6,000 children’s Android apps.

The Gist (Radio Show)
September 11, 2018 | The Gist podcast on

Per the recent NY Times op-ed, some see the word “lodestar” as signature Mike Pence, but as Sadia Afroz explains, stylometry—the analysis of prose to uncover its author’s identity—is a little more complicated than looking at individual words. Afroz is a senior research scientist at the International Computer Science Institute. Interview begins at minute 6:20.

"If it's not sent encrypted, then any of those parties along the way can see the full contents of your message," said Serge Egelman, director of usable security and privacy research at the International Computer Science Institute.