I just published a new paper with Karen Levy of Cornell: “Privacy Threats in Intimate Relationships.” Abstract: This article provides an overview of intimate threats: a class of privacy threats that can arise within our families, romantic partnerships, close friendships, and caregiving relationships. Many common assumptions about privacy are upended in the context of these … Read More “New Research: “Privacy Threats in Intimate Relationships”” »
Category: cybersecurity
Auto Added by WPeMatico
Ben Buchanan has written “A National Security Research Agenda for Cybersecurity and Artificial Intelligence.” It’s really good — well worth reading. Powered by WPeMatico
This is a good explanation of an iOS bug that allowed someone to break out of the application sandbox. A summary: What a crazy bug, and Siguza’s explanation is very cogent. Basically, it comes down to this: XML is terrible. iOS uses XML for Plists, and Plists are used everywhere in iOS (and MacOS). iOS’s … Read More “iOS XML Bug” »
It’s the twentieth anniversary of the ILOVEYOU virus, and here are three interesting articles about it and its effects on software design. Powered by WPeMatico
Microsoft is training a machine-learning system to find software bugs: At Microsoft, 47,000 developers generate nearly 30 thousand bugs a month. These items get stored across over 100 AzureDevOps and GitHub repositories. To better label and prioritize bugs at that scale, we couldn’t just apply more people to the problem. However, large volumes of semi-curated … Read More “Vulnerability Finding Using Machine Learning” »
It has produced several reports outlining what’s wrong and what needs to be fixed. It’s not fixing them: GAO looked at three DoD-designed initiatives to see whether the Pentagon is following through on its own goals. In a majority of cases, DoD has not completed the cybersecurity training and awareness tasks it set out to. … Read More “The DoD Isn’t Fixing Its Security Problems” »
Attack matrix for Kubernetes, using the MITRE ATT&CK framework. A good first step towards understand the security of this suddenly popular and very complex container orchestration system. Powered by WPeMatico
Three weeks ago (could it possibly be that long already?), I wrote about the increased risks of working remotely during the COVID-19 pandemic. One, employees are working from their home networks and sometimes from their home computers. These systems are more likely to be out of date, unpatched, and unprotected. They are more vulnerable to … Read More “Cybersecurity During COVID-19” »
Puerto Rico is considered allowing for Internet voting. I have joined a group of security experts in a letter opposing the bill. Cybersecurity experts agree that under current technology, no practically proven method exists to securely, verifiably, or privately return voted materials over the internet. That means that votes could be manipulated or deleted on … Read More “Internet Voting in Puerto Rico” »
This is bad in several dimensions. The Los Angeles Department of Water and Power has been accused of deliberately keeping widespread gaps in its cybersecurity a secret from regulators in a large-scale coverup involving the city’s mayor. Powered by WPeMatico
