Category: Privacy & Security
-
Guessing passwords with Apple’s full-device encryption
With the recently-introduced iOS 8, Apple has switched to a encrypting a much larger amount of user data by default. Matt Green has provided an excellent initial look at a technical level and big-picture level and Apple has recently released a slightly more detailed specification document and an admirable promise never to include backdoors. This move, and Google’s prompt promise…
-
It’s time to bring Bitcoin and cryptocurrencies into the computer science curriculum
In the privacy technologies grad seminar that I taught last semester, Bitcoin proved to be the most popular topic among students. Two groups did very different and equally interesting final projects on Bitcoin and cryptocurrencies; more on that below. More broadly, we’re seeing a huge demand for learning the computer science underlying Bitcoin, both at…
-
Security Audit of Safeplug "Tor in a Box"
Last month at the FOCI workshop, we presented a security analysis of the Safeplug, a $49 box which promised users “complete security and anonymity” online by sending all of their web traffic through the Tor onion routing network. Safeplug claims to offer greater usability, particularly for non-technical customers, than the state-of-the-art in anonymous Internet browsing:…
-
The Dangers of the New Trade Secrets Acts
First, I want to state how thrilled I am to be joining the great group here at CITP. Every CITP scholar that I’ve gotten to know over the past several years have become friends and influenced my work in areas ranging from voting machine code access to international lawmaking processes. I’m delighted to be a…
-
Takedown 2.0: The Trouble with Broad TROs Targeting Non-Party Online Intermediaries
On August 14, a federal district court in Oregon issued an ex parte temporary restraining order (TRO) in a civil copyright infringement case, ABS-CBN v. Ashby. The defendants in the case are accused of operating several “pirate websites” that infringe the plaintiffs’ copyrights in broadcast television programs. In addition to ordering the defendants to stop…
-
Airport Scanners: How Privacy Risk Leads to Security Risk
Debates about privacy and security tend to assume that the two are in opposition, so that improving privacy tends to degrade security, and vice versa. But often the two go hand in hand so that privacy enhances security. A good example comes from the airport scanner study I wrote about yesterday.
-
Researchers Show Flaws in Airport Scanner
Today at the Usenix Security Symposium a group of researchers from UC San Diego and the University of Michigan will present a paper demonstrating flaws in a full-body scaning machine that was used at many U.S. airports. In this post I’ll summarize their findings and discuss the security and policy implications.
-
Why were CERT researchers attacking Tor?
Yesterday the Tor Project issued an advisory describing a large-scale identification attack on Tor hidden services. The attack started on January 30 and ended when Tor ejected the attackers on July 4. It appears that this attack was the subject of a Black Hat talk that was canceled abruptly. These attacks raise serious questions about…
-
A Scanner Darkly: Protecting User Privacy from Perceptual Applications
“A Scanner Darkly”, a dystopian 1977 Philip K. Dick novel (adapted to a 2006 film), describes a society with pervasive audio and video surveillance. Our paper “A Scanner Darkly”, which appeared in last year’s IEEE Symposium on Security and Privacy (Oakland) and has just received the 2014 PET Award for Outstanding Research in Privacy Enhancing Technologies, takes a closer look at…