Press

Roughly 17,000 Android apps collect identifying information that creates a permanent record of the activity on your device, according to research from the International Computer Science Institute. The data collection appears to violate the search giant's policy on collecting data that can be used to target users for advertising in most cases, the researchers said.

Nicholas Weaver made no bones about it: he really, really dislikes cryptocurrencies. Speaking at the Enigma security conference in Burlingame, California, last week, the researcher at UC Berkeley's International Computer Science Institute characterized bitcoin and its many follow-on digital currencies as energy-sucking leeches with no redeeming qualities.

This Time It’s Russia’s Emails Getting Leaked
January 24, 2019 | Kevin Poulsen, The Daily Beast

“A lot of what WikiLeaks will do is organize and re-publish information that’s appeared elsewhere,” said Nicholas Weaver, a researcher at the University of California at Berkeley’s International Computer Science Institute. “They’ve never done that with anything out of Russia.”

For Serge Egelman, a security researcher at the University of California Berkeley's International Computer Science Institute (ICSI), the underlying issue is even larger: Privacy notices across the full spectrum of apps are woefully inadequate.

When Chinese hackers declared war on the rest of us
January 10, 2019 | James Griffiths, MIT Technology Review

Weaver is a network-security expert at the International Computer Science Institute, a research center in Berkeley, California. Together with other researchers, he helped pinpoint the targets of the attack: two GitHub-hosted projects connected to GreatFire.org, a China-based anti-censorship organization.

Things like location data, phone numbers and contact information could be exposed, according to Serge Egelman of the International Computer Science Institute. The institute's surveillance system, under the direction of Egelman, collected evidence that is now before the Federal Trade Commission.

Arrest of Top Huawei Executive Could Roil Trade Talks with China
December 7, 2018 | Elias Groll, Foreign Policy

“Cell phone networks are deliberately insecure in order to enable wiretapping,” said Nick Weaver, a staff researcher at the International Computer Science Institute. “Using Chinese-built infrastructure is just asking to say, ‘Let Chinese intelligence conduct wiretaps,’ since the infrastructure itself is designed to support such meddling.”

Your Apps Know Where You Were Last Night, and They’re Not Keeping It Secret
December 10, 2018 | Jennifer Valentin-DeVries, Natasha Singer, Michael H. Keller and Aaron Krolik, New York Times

The spread of this information raises questions about how securely it is handled and whether it is vulnerable to hacking, said Serge Egelman, a computer security and privacy researcher affiliated with the University of California, Berkeley. “There are really no consequences” for companies that don’t protect the data, he said, “other than bad press that gets forgotten about.”

“Their reputation is warranted and they are very good. They have worked for both parties for years now,” said Nicholas Weaver, a computer security expert at the University of California, Berkeley. “Criticism of CrowdStrike's job in both cases is unfair. They are an incident response team: You bring them in AFTER the manure has hit the 3 MW wind turbine. So it is unfair to complain about a mess,” Weaver said in an email.

It's Past Time To Pay Much More Attention To API Security
December 5, 2018 | Taylor Armerding, Forbes

Nicholas Weaver, researcher at the International Computer Science Institute and lecturer at University of California, Berkeley, told Krebs that implementing access controls is “not even Information Security 101, this is Information Security 1,” and that the failure of the USPS and others to do so was “catastrophically bad.”

Pages