How to protect your Wi-Fi network from a Krack attack
October 17, 2017 | Alex Scroxton, Computer Weekly

Writing on his blog, Nicholas Weaver, a senior staff researcher focusing on computer security at the International Computer Science Institute in Berkeley, California, and a lecturer in computer science at UC Berkeley, said that although Krack was a novel vulnerability, it did not allow attackers to join the network and relied too much on physical proximity.

There’s a Huge WiFi Security Hole, But Don’t Panic
October 16, 2017 | Joseph Cox, The Daily Beast

“For those using a pre-shared password—the cliche "what is the WiFi password?"—this is a non-issue,” Nicholas Weaver, a senior researcher at the International Computer Science Institute at UC Berkeley, told The Daily Beast.

Experian Site Can Give Anyone Your Credit Freeze PIN
September 21, 2017 | Brian Krebs, Krebs on Security

“Whenever I’m faced with KBA-type questions I find that database tools like Spokeo, Zillow, etc are my friend because they are more likely to know the answers for me than I am,” said Nicholas Weaver, a senior researcher in networking and security for the International Computer Science Institute (ICSI).

3 faculty, staff members receive Berkeley Visionary of the Year award
September 19, 2017 | Gioia Von Staden, The Daily Californian

Scott Shenker is a computer science professor on campus who “revolutionized the way that data storage happens on the internet,” Daly said. He focuses on software-defined networks, or SDN, which construct and design online networks.

"Although science cannot decide moral questions, given a standard from ethics, science can shed light on how to enforce it, its consequences and how it compares to other standards," said Michael Tschantz, a principle investigator from ICSI, in a news release.

Nicholas Weaver, a computer security researcher at UC Berkeley, called the U.S. government decision “prudent” — he had argued for such a step in July. But he added by email that “for most everybody else, the software is fine.”

"Apple wants to live in a world where the phone in your hands is super valuable, but in anyone else’s hands is a brick...If that messes up police's and customs' forensic dumps? So what. The benefits outweigh the harm."

Researchers Devise Hopeful Defense Against Credential Spear Phishing Attacks
September 5, 2017 | Kevin Touwnsend, Security Week

"Ultimately," conclude the researchers, "our detector's ability to identify both known and novel attacks, and the low volume and burden of alerts it imposes, suggests that our approach provides a practical path towards detecting credential spearphishing attacks."

The app for the drug store allows you to get coupons as well as refill your prescription and find nearby pharmacies. The store-locator feature contains the privacy flaw, which has resulted in the app sending out GPS coordinates to outside entities, said Serge Egelman, director of security and privacy research at the International Computer Science Institute. ICSI is affiliated with the University of California at Berkeley.

A group of researchers recently identified a real-time way to detect credential spearphishing attacks in enterprise settings. The discovery net the researchers $100,000 last week from Facebook, which awards money as part of its annual Internet Defense Prize partnership with USENIX Association.