From Pokémon Go to Facebook, here’s how to protect your privacy on apps
December 11, 2019 | Sarah Morrison, Vox Recode
Press
“Consumers aren’t given the information they need to make informed decisions, and the entities supplying that information are not incentivized to give them accurate or useful information,” Serge Egelman, research director of the Usable Security & Privacy Group at the International Computer Science Institute, told Recode.
CrowdStrike, Ukraine, and the DNC server: Timeline and facts
December 03, 2019 | Cynthia Brumfield, CSO
Nicholas Weaver, a senior staff researcher focusing on computer security at the International Computer Science Institute in Berkeley, California, tells CSO that “Russia's hacking of the DNC and Podesta is cloaked in only ‘implausible deniability.’ Those who want to convince themselves otherwise are simply willfully ignoring the mountains of evidence. The only reason to do that is to admit the truth is to go up against the President's personal delusions.”
Encryption and Combating Child Exploitation Imagery
October 23, 2019 | Nicholas Weaver, Lawfare Blog (ICSI)
The current systems for detecting these child exploitation images rely on bulk surveillance by private companies, and even the most cursory encryption—with “exceptional access” or no—will eliminate this surveillance. If the government is serious about policy changes designed to keep this detection capability in the face of encryption, however, the best policy is not to weaken communication security but instead to mandate endpoint scanning of images as they appear on phones and computers.
China is rolling out a 5G network faster than anyone else
September 26, 2019 | Gwynn Guilford, MSN Money
“Having [supply chain] codependency was useful because it allowed us to at least somewhat enforce sanctions against Iran and North Korea and stuff like that,” [Nicholas Weaver, a computer security expert at the International Computer Science Institute] says. “But a full-on balkanization means that in the future we won’t be able to do that.”
Apple takes flak for disputing iOS security bombshell dropped by Google
September 7, 2019 | Dan Goodin, Ars Technica
Nicholas Weaver, a researcher at UC Berkeley's International Computer Science Institute, summed up much of this criticism by tweeting: “The thing that bugs me most about Apple these days is that they are all-in on the Chinese market and, as such, refuse to say something like ‘A government intent on ethnic cleansing of a minority population conducted a mass hacking attack on our users.’"
Snake oil or genius? Crown Sterling tells its side of Black Hat controversy
August 29, 2019 | Sean Gallagher, Ars Technica
Nicholas Weaver of the International Computer Science Institute at the University of California-Berkeley has some doubts. "Not only is [Grant's approach] not optimal for factoring (the number sieve algorithm is substantially better)," he told me, "but the discrete log problem, on which the other major public key algorithms [including elliptic curve] are based, is not solved by factoring at all."
Fight Android malware by quitting Google Play and using F-Droid for Android apps
August 06, 2019 | Rae Hodge
Consider the words of Serge Egelman, the director of usable security and privacy research the International Computer Science Institute, which found 1,325 malicious Android apps. "Fundamentally, consumers have very few tools and cues that they can use to reasonably control their privacy and make decisions about it," Egelman said earlier this year. "If app developers can just circumvent the system, then asking consumers for permission is relatively meaningless."
No Means No
July 19, 2019 | Dominic Dhil Panakal
Researchers from the International Computer Science Institute found up to 1,325 Android applications (apps) gathering data from devices despite being explicitly denied permission.
Android Apps Collect Your Data Without Permission, Report Finds
July 09, 2019 | Adam Smith
Serge Egelman, director of usable security and privacy research at ICSI, will reportedly be sharing the details of the 1,325 apps that have been gathering information without user permission at the Usenix Security conference in August.
More than 1,000 Android apps harvest data even after you deny permissions
July 08, 2019 | Alfred Ng
Researchers from the International Computer Science Institute found up to 1,325 Android apps that were gathering data from devices even after people explicitly denied them permission. Serge Egelman, director of usable security and privacy research at the ICSI, presented the study in late June at the Federal Trade Commission's PrivacyCon.