Is machine learning useful for cybersecurity?
January 27, 2020 | Jeff Elder, Avast Blog
Press
This month Avast artificial intelligence researcher Sadia Afroz will explain to San Francisco conference goers at Enigma 2020 how to build robust machine learning systems to defend against real-world attacks. In a paper written with Avast’s head of AI Rajarshi Gupta, Afroz calls for new industry-wide consistency in cybersecurity. “We need a systematic approach to model the adversary of a machine learning system in security. Different papers using different incomparable adversaries make it hard to track progress in this area.” A research scientist at the International Computer Science Institute at UC-Berkeley (ICSI), Afroz works with the Avast team of data scientists and threat researches from the world’s top schools including Berkeley, Stanford, MIG and Charles University. and Avast Software. Avast’s user base of over 435 million makes up one of the world’s largest threat detection networks, allowing us to build the best machine learning models and stop cyberthreats before they do harm.
The Big Lesson From the Bezos Hack: Anyone Can Be a Target
January 24, 2020 | Associated Press
UC Berkeley cybersecurity researcher Bill Marczak cautioned that there's still no conclusive evidence that the Saudi video was malicious, adding that it might be premature to jump to broader conclusions about it.
Two iPhones or the privacy of billions: Why Apple vs. the FBI matters
January 17, 2020 | David Ingram, NBC News
Nicholas Weaver, a computer scientist at the University of California, Berkeley, said that the FBI’s efforts to push Apple to crack its own iPhones were “more disingenuous than normal.” “It’s entirely about legislation, not the courts,” he said.
The FBI Got Data From A Locked iPhone 11 Pro Max — So Why Is It Demanding Apple Unlock Older Phones?
January 15, 2020 | Thomas Brewster, Forbes
Nicholas Weaver, researcher and lecturer at Berkeley's International Computer Science Institute, said that even before the indications that GrayKey would work on the latest iPhones, the FBI's attempts to strongarm Apple into helping amounted to "theatre." He said that Apple had designed its phones so that it wouldn’t be able to provide information if a GrayKey or a competing product couldn’t. "Basically, Apple made a safe where to change the combo you have to unlock the safe, and the FBI is saying 'change the combo' when they know full well you can't change the combo without unlocking the safe first."
Apple Takes a (Cautious) Stand Against Opening a Killer’s iPhones
January 14, 2020 | Jack Nicas and Katie Benner, New York Times
“The iPhone 5 is so old, you are guaranteed that Grayshift and Cellebrite can break into those every bit as easily as Apple could,” said Nicholas Weaver, a lecturer at the University of California, Berkeley, who has taught iPhone security.
CrowdStrike, Ukraine, and the DNC server: Timeline and facts
December 03, 2019 | Cynthia Brumfield, CSO
Nicholas Weaver, a senior staff researcher focusing on computer security at the International Computer Science Institute in Berkeley, California, tells CSO that “Russia's hacking of the DNC and Podesta is cloaked in only ‘implausible deniability.’ Those who want to convince themselves otherwise are simply willfully ignoring the mountains of evidence. The only reason to do that is to admit the truth is to go up against the President's personal delusions.”
Encryption and Combating Child Exploitation Imagery
October 23, 2019 | Nicholas Weaver, Lawfare Blog (ICSI)
The current systems for detecting these child exploitation images rely on bulk surveillance by private companies, and even the most cursory encryption—with “exceptional access” or no—will eliminate this surveillance. If the government is serious about policy changes designed to keep this detection capability in the face of encryption, however, the best policy is not to weaken communication security but instead to mandate endpoint scanning of images as they appear on phones and computers.
China is rolling out a 5G network faster than anyone else
September 26, 2019 | Gwynn Guilford, MSN Money
“Having [supply chain] codependency was useful because it allowed us to at least somewhat enforce sanctions against Iran and North Korea and stuff like that,” [Nicholas Weaver, a computer security expert at the International Computer Science Institute] says. “But a full-on balkanization means that in the future we won’t be able to do that.”
Apple takes flak for disputing iOS security bombshell dropped by Google
September 7, 2019 | Dan Goodin, Ars Technica
Nicholas Weaver, a researcher at UC Berkeley's International Computer Science Institute, summed up much of this criticism by tweeting: “The thing that bugs me most about Apple these days is that they are all-in on the Chinese market and, as such, refuse to say something like ‘A government intent on ethnic cleansing of a minority population conducted a mass hacking attack on our users.’"
Snake oil or genius? Crown Sterling tells its side of Black Hat controversy
August 29, 2019 | Sean Gallagher, Ars Technica
Nicholas Weaver of the International Computer Science Institute at the University of California-Berkeley has some doubts. "Not only is [Grant's approach] not optimal for factoring (the number sieve algorithm is substantially better)," he told me, "but the discrete log problem, on which the other major public key algorithms [including elliptic curve] are based, is not solved by factoring at all."