Here’s How To Track The Smartphone Apps That Are Tracking You
May 30, 2017 | Glenn Fleishman, Fast Company
Press
The Haystack Project, a collaboration at the International Computer Science Institute (ICSI) at the University of California, Berkeley, among multiple academic institutions, starts with an Android app that captures data right at the source.
7 in 10 smartphone apps share your data with third-party services
May 29, 2017 | Narseo Vallina-Rodriguez and Srikanth Sundaresan for The Conversation
Our research seeks to reveal how much data are potentially being collected without users’ knowledge, and to give users more control over their data. To get a picture of what data are being collected and transmitted from people’s smartphones, we developed a free Android app of our own, called the Lumen Privacy Monitor. It analyzes the traffic apps send out, to report which applications and online services actively harvest personal data.
Fraudsters Exploited Lax Security at Equifax’s TALX Payroll Division
May 18, 2017 | Brian Krebs
“Whenever I’m faced with KBA-type questions I find that database tools like Spokeo, Zillow, etc are my friend because they are more likely to know the answers for me than I am,” said Nicholas Weaver, a senior researcher in networking and security for the International Computer Science Institute (ICSI).
The Shadow Brokers are promising loot boxes — for security exploits
May 16, 2017 | Yi Shu Ng, Mashable
Revealing data from SWIFT and nuclear programs in Russia, China, Iran or North Korea could disrupt ongoing NSA operations, according to Nicholas Weaver, a staff cybersecurity researcher writing on LawFare.
Cyberwar Is Officially Crossing Over Into the Real World
May 16, 2017 | Adrienne Lafrance, The Atlantic
The public has lost confidence in officials’ ability to pinpoint the origins of a cyberattack, as Kaveh Waddell wrote for The Atlantic earlier this year. “Mistrust of attribution would make hacking easier, since it means retribution is harder,” Nicholas Weaver, a professor and security researcher at the University of California, Berkeley, told Waddell at the time. “You need to have attribution for retribution, both to know that you are retaliating against the right actor and to convince the public you are justified in doing so if it is a public retaliation.”
All Things Considered, May 15, 2017
May 15, 2017 | All Things Considered
Transcript available here.
It's been reported that the software behind WannaCry was taken from a secretive group inside the National Security Agency. Now, in a blog post, Microsoft President Brad Smith likened it to the U.S. military's having some of its Tomahawk missiles stolen. Now, for more on the NSA's role in all this, we've reached Nicholas Weaver, a researcher at Berkeley's International Computer Science Institute. Welcome to the program.
Last week’s global cyberattack was just the beginning
May 15, 2017 | Nicholas Weaver, for Washington Post
A massive cyber-extortion attack known as “WannaCry” wrought havoc across the globe last week, taking out much of Britain’s National Health Service and, in a delicious bit of irony, the Russian Interior Ministry. The attack was a long time coming, representing the inevitable merging of two plagues that have long ravaged the Internet: the invention of programs that can rapidly infect digital systems and the rise of Internet crime. Without action, WannaCry represents just the first of what will undoubtedly be a long nightmare of self-propagating criminal attacks.
Huge cyberattack ebbs as investigators work to find culprits
May 15, 2017 | Anick Jesdanun and Barbara Ortutay, AP
Another possible slip-up: Nicholas Weaver, who teaches networking and security at the University of California, Berkeley, said good ransomware usually generates a unique bitcoin address for each payment to make tracing difficult. That didn’t seem to happen here.
US considers cabin laptop ban on flights from UK airports
April 24, 2017 | Chris Johnston, The Guardian
Nicholas Weaver, researcher at the International Computer Science Institute at the University of California, Berkeley, said last month: “It doesn’t match a conventional threat model. If you assume the attacker is interested in turning a laptop into a bomb, it would work just as well in the cargo hold.”
Trove of Stolen NSA Data Is ‘Devastating’ Loss for Intelligence Community
April 17, 2017 | Jenna McLaughlin, Foreign Policy
This article also appeared in the Chicago Tribune.
“These were God mode tools that, used sparingly, were an incredible asset to U.S. intelligence,” Nicholas Weaver, senior researcher at Berkeley’s International Computer Science Institute, wrote to Foreign Policy.