Press

Nicholas Weaver, a computer scientist at the University of California, Berkeley, notes that a determined attacker could always send a person to physically compromise a server.

Others we spoke to, like Nicholas Weaver, a senior staff researcher at the International Computer Science Institute in Berkeley, Calif., also pointed to ARP spoofing as the method of attack. "ARP spoofing is effectively the same thing as DHCP spoofing, you're responding to a broadcast request you aren't supposed to," he said.

How to protect your Wi-Fi network from a Krack attack
October 17, 2017 | Alex Scroxton, Computer Weekly

Writing on his blog, Nicholas Weaver, a senior staff researcher focusing on computer security at the International Computer Science Institute in Berkeley, California, and a lecturer in computer science at UC Berkeley, said that although Krack was a novel vulnerability, it did not allow attackers to join the network and relied too much on physical proximity.

There’s a Huge WiFi Security Hole, But Don’t Panic
October 16, 2017 | Joseph Cox, The Daily Beast

“For those using a pre-shared password—the cliche "what is the WiFi password?"—this is a non-issue,” Nicholas Weaver, a senior researcher at the International Computer Science Institute at UC Berkeley, told The Daily Beast.

Experian Site Can Give Anyone Your Credit Freeze PIN
September 21, 2017 | Brian Krebs, Krebs on Security

“Whenever I’m faced with KBA-type questions I find that database tools like Spokeo, Zillow, etc are my friend because they are more likely to know the answers for me than I am,” said Nicholas Weaver, a senior researcher in networking and security for the International Computer Science Institute (ICSI).

3 faculty, staff members receive Berkeley Visionary of the Year award
September 19, 2017 | Gioia Von Staden, The Daily Californian

Scott Shenker is a computer science professor on campus who “revolutionized the way that data storage happens on the internet,” Daly said. He focuses on software-defined networks, or SDN, which construct and design online networks.

Nicholas Weaver, a computer security researcher at UC Berkeley, called the U.S. government decision “prudent” — he had argued for such a step in July. But he added by email that “for most everybody else, the software is fine.”

"Although science cannot decide moral questions, given a standard from ethics, science can shed light on how to enforce it, its consequences and how it compares to other standards," said Michael Tschantz, a principle investigator from ICSI, in a news release.

"Apple wants to live in a world where the phone in your hands is super valuable, but in anyone else’s hands is a brick...If that messes up police's and customs' forensic dumps? So what. The benefits outweigh the harm."

Researchers Devise Hopeful Defense Against Credential Spear Phishing Attacks
September 5, 2017 | Kevin Touwnsend, Security Week

"Ultimately," conclude the researchers, "our detector's ability to identify both known and novel attacks, and the low volume and burden of alerts it imposes, suggests that our approach provides a practical path towards detecting credential spearphishing attacks."

Pages