"Although science cannot decide moral questions, given a standard from ethics, science can shed light on how to enforce it, its consequences and how it compares to other standards," said Michael Tschantz, a principle investigator from ICSI, in a news release.

Nicholas Weaver, a computer security researcher at UC Berkeley, called the U.S. government decision “prudent” — he had argued for such a step in July. But he added by email that “for most everybody else, the software is fine.”

"Apple wants to live in a world where the phone in your hands is super valuable, but in anyone else’s hands is a brick...If that messes up police's and customs' forensic dumps? So what. The benefits outweigh the harm."

Researchers Devise Hopeful Defense Against Credential Spear Phishing Attacks
September 5, 2017 | Kevin Touwnsend, Security Week

"Ultimately," conclude the researchers, "our detector's ability to identify both known and novel attacks, and the low volume and burden of alerts it imposes, suggests that our approach provides a practical path towards detecting credential spearphishing attacks."

The app for the drug store allows you to get coupons as well as refill your prescription and find nearby pharmacies. The store-locator feature contains the privacy flaw, which has resulted in the app sending out GPS coordinates to outside entities, said Serge Egelman, director of security and privacy research at the International Computer Science Institute. ICSI is affiliated with the University of California at Berkeley.

A group of researchers recently identified a real-time way to detect credential spearphishing attacks in enterprise settings. The discovery net the researchers $100,000 last week from Facebook, which awards money as part of its annual Internet Defense Prize partnership with USENIX Association.

Berkeley boffins build better spear-phishing black-box bruiser
August 18, 2017 | Thomas Claburn, The Register

In a paper presented at Usenix 2017, titled "Detecting Credential Spearphishing in Enterprise Settings," Grant Ho, Mobin Javed, Vern Paxson, and David Wagner from UC Berkeley, and Aashish Sharma of The Lawrence Berkeley National Laboratory (LBNL), describe a system that utilizes network traffic logs in conjunction with machine learning to provide real-time alerts when employees click on suspect URLs embedded in emails.

"It isn't DNS that is key for sites like StormFront or the Daily Stormer; it’s the CDN infrastructure and [denial of service] protection that keeps these sites alive," Nicholas Weaver, a computer researcher based at the International Computer Science Institute, told Ars. "CloudFlare is the key infrastructure that supports these sites."

Damon McCoy, an NYU Tandon assistant professor of computer science and engineering and one of the paper's co-authors, explained that combining these techniques to identify sex ads by both author and Bitcoin owner represents a considerable advancement in assisting law enforcement and nonprofit organizations. "There are hundreds of thousands of these ads placed every year, and any technique that can surface commonalities between ads and potentially shed light on the owners is a big boost for those working to curb exploitation," he said.

The best mobile VPNs can ensure your privacy anywhere
August 14, 2017 | Steven J. Vaughan Nichols, ZDNet

In particular, CSIRO researchers found you can't trust "free" VPN services. Narseo Vallina-Rodriguez, a researcher at the International Computer Science Institute, told Wired, "The economics didn't make much sense, because when you start looking at these applications, most of them are free, but maintaining online infrastructure is actually very expensive."