Tag: Security
-
T’Mobile: Deleting Stale Data Reduces Liability
T-Mobile’s data breach in August 2021 exposed the social security numbers and drivers license numbers for over 40 million former or prospective customers. I recently discovered that I was one such victim because of an alert that popped up on my phone this weekend from my credit monitoring service. I was surprised because I have…
-
Fast Web-based Attacks to Discover and Control IoT Devices
By Gunes Acar, Danny Y. Huang, Frank Li, Arvind Narayanan, and Nick Feamster Two web-based attacks against IoT devices made the rounds this week. Researchers Craig Young and Brannon Dorsey showed that a well known attack technique called “DNS rebinding” can be used to control your smart thermostat, detect your home address or extract unique…
-
How Tech is Failing Victims of Intimate Partner Violence: Thomas Ristenpart at CITP
What technology risks are faced by people who experience intimate partner violence? How is the security community failing them, and what questions might we need to ask to make progress on social and technical interventions? Speaking Tuesday at CITP was Thomas Ristenpart (@TomRistenpart), an associate professor at Cornell Tech and a member of the Department…
-
Getting serious about research ethics: Security and Internet Measurement
[This blog post is a continuation of our series about research ethics in computer science that we started last week] Research projects in the information security and Internet measurement sub-disciplines typically interact with third-party systems or devices to collect a large amounts of data. Scholars engaging in these fields are interested to collect data about…
-
How to buy physical goods using Bitcoin with improved security and privacy
Bitcoin has found success as a decentralized digital currency, but it is only one step toward decentralized digital commerce. Indeed, creating decentralized marketplaces and mechanisms is a nascent and active area of research. In a new paper, we present escrow protocols for cryptocurrencies that bring us closer to decentralized commerce. In any online sale of…
-
New Workshop on Technology and Consumer Protection
[Joe Calandrino is a veteran of Freedom to Tinker and CITP. As long time readers will remember, he did his Ph.D. here, advised by Ed Felten. He recently joined the FTC as research director of OTech, the Office of Technology Research and Investigation. Today we have an exciting announcement. — Arvind Narayanan.] Arvind Narayanan and…
-
Gone In Six Characters: Short URLs Considered Harmful for Cloud Services
[This is a guest post by Vitaly Shmatikov, professor at Cornell Tech and once upon a time my adviser at the University of Texas at Austin. — Arvind Narayanan.] TL;DR: short URLs produced by bit.ly, goo.gl, and similar services are so short that they can be scanned by brute force. Our scan discovered a large…
-
Classified material in the public domain: what's a university to do?
Yesterday I posted some thoughts about Purdue University’s decision to destroy a video recording of my keynote address at its Dawn or Doom colloquium. The organizers had gone dark, and a promised public link was not forthcoming. After a couple of weeks of hoping to resolve the matter quietly, I did some digging and decided…
-
Threshold signatures for Bitcoin wallets are finally here
Today we are pleased to release our paper presenting a new ECDSA threshold signature scheme that is particularly well-suited for securing Bitcoin wallets. We teamed up with cryptographer Rosario Gennaro to build this scheme. Threshold signatures can be thought of as “stealth multi-signatures.”
-
Consensus in Bitcoin: One system, many models
At a technical level, the Bitcoin protocol is a clever solution to the consensus problem in computer science. The idea of consensus is very general — a number of participants together execute a computation to come to agreement about the state of the world, or a subset of it that they’re interested in. Because of…