Berkeley boffins build better spear-phishing black-box bruiser
August 18, 2017 | Thomas Claburn, The Register

In a paper presented at Usenix 2017, titled "Detecting Credential Spearphishing in Enterprise Settings," Grant Ho, Mobin Javed, Vern Paxson, and David Wagner from UC Berkeley, and Aashish Sharma of The Lawrence Berkeley National Laboratory (LBNL), describe a system that utilizes network traffic logs in conjunction with machine learning to provide real-time alerts when employees click on suspect URLs embedded in emails.

"It isn't DNS that is key for sites like StormFront or the Daily Stormer; it’s the CDN infrastructure and [denial of service] protection that keeps these sites alive," Nicholas Weaver, a computer researcher based at the International Computer Science Institute, told Ars. "CloudFlare is the key infrastructure that supports these sites."

Damon McCoy, an NYU Tandon assistant professor of computer science and engineering and one of the paper's co-authors, explained that combining these techniques to identify sex ads by both author and Bitcoin owner represents a considerable advancement in assisting law enforcement and nonprofit organizations. "There are hundreds of thousands of these ads placed every year, and any technique that can surface commonalities between ads and potentially shed light on the owners is a big boost for those working to curb exploitation," he said.

The best mobile VPNs can ensure your privacy anywhere
August 14, 2017 | Steven J. Vaughan Nichols, ZDNet

In particular, CSIRO researchers found you can't trust "free" VPN services. Narseo Vallina-Rodriguez, a researcher at the International Computer Science Institute, told Wired, "The economics didn't make much sense, because when you start looking at these applications, most of them are free, but maintaining online infrastructure is actually very expensive."

"More than 50 percent of Google Play apps targeted at children under 13—we examined more than 5,000 of the most popular (many of which have been downloaded millions of times)—appear to be failing to protect data. In fact, the apps we examined appear to regularly send potentially sensitive information—including device serial numbers, which are often paired with location data, email addresses, and other personally identifiable information—to third-party advertisers"

Prior to taking in VC funding, the San Francisco-based company has been supported by an SBIR grant, while the Bro project was initially funded by the National Science Foundation at the International Computer Science Institute.

In Depth: The dangers of buying drugs on the dark web
July 12, 2017 | Julia Holden, EU-OCS

Speaking with WIRED in January last year, Berkeley computer science researcher Nick Weaver, who has studied dark web marketplaces, said hidden site admins have learned that if they develop a trustworthy reputation, it will only be a matter of time before they are targeted by police.

Here’s how to find out which apps are leaking your personal data
July 10, 2017 | Phillip Tracy, The Daily Dot

The Lumen Privacy Monitor is a free Android application created by researchers at the International Computer Science Institute (ICSI), IMDEA Networks, Stony Brook University, University of Massachusetts at Amherst, and University of California, Berkeley, that will figure out which of your apps collects sensitive information, like your phone number or location, for advertising or tracking purposes, and who exactly those apps are sharing the information with.

The day a mysterious cyber attack crippled Ukraine
July 4, 2017 | Christian Borys, BBC

But Nicholas Weaver, a longtime cybersecurity veteran specialising in worms (malware that autonomously replicates itself to spread to other computers) believes it was devastating as a weapon. “You're launching your attack against anyone who does business in Ukraine,” says Weaver, “If your goal is to damage Ukrainian business relationships and business interests, I’m hard pressed to think of a better worm. This is significant damage in one sweep.”

Trump voter-fraud panel’s data request a gold mine for hackers, experts warn
July 1, 2017 | Eric Geller and Cory Bennett, Politico

“It is beyond stupid,” said Nicholas Weaver, a computer science professor at the University of California at Berkeley.