It's Past Time To Pay Much More Attention To API Security
December 5, 2018 | Taylor Armerding, Forbes
Press
Nicholas Weaver, researcher at the International Computer Science Institute and lecturer at University of California, Berkeley, told Krebs that implementing access controls is “not even Information Security 101, this is Information Security 1,” and that the failure of the USPS and others to do so was “catastrophically bad.”
USPS Site Exposed Data on 60 Million Users
November 18, 2018 | Brian Krebs, Krebs on Security
Nicholas Weaver, a researcher at the International Computer Science Institute and lecturer at UC Berkeley, said the API should have validated that the account making the request had permission to read the data requested.“It seems like the only access control they had in place was that you were logged in at all. And if you can access other peoples’ data because they aren’t enforcing access controls on reading that data, it’s catastrophically bad and I’m willing to bet they’re not enforcing controls on writing to that data as well.”
How Does Cryptocurrency Work?
November 2, 2018 | Austin Thompson, Mental Floss
Speaking to Vox, Nicholas Weaver of the International Computer Science Institute at UC Berkeley explained that miners—the people who create the blocks and get paid for their efforts—are disproportionately powerful and serve as the central agency that cryptocurrencies are trying to avoid.
Report: Apple's iOS 12 now blocks iPhone-hacking tool favored by police
October 24, 2018 | Jack Morse, Mashable
Nicholas Weaver, a senior staff researcher at the International Computer Science Institute, wrote that it "[sounds] like Apple patched whatever secure-enclave exploit that GrayKey used to do the on-chip brute force attack."
What you need to know before investing in cryptocurrency
October 5, 2018 | Ahiza Garcia, CNN Business
"Their only value is in the belief that someone later will pay more," says Nicholas Weaver, a senior researcher at The International Computer Science Institute.
Chinese spy chips would be a ‘god-mode’ hack, experts say
October 04, 2018 | Ashley Carman, The Verge
Nicholas Weaver, a professor at Berkeley’s International Computer Science Institute described an alarming attack. Weaver told The Verge that “This is a ‘god mode’ exploit in the system management subsystem.”
There's No Good Fix If the Supply Chain Gets Hacked
October 4, 2018 | Lily Hay Newman, Wired
"This is a scary-big deal," says Nicholas Weaver, a security researcher at the University of California at Berkeley.
The Gist (Radio Show)
September 11, 2018 | The Gist podcast on Slate.com
Per the recent NY Times op-ed, some see the word “lodestar” as signature Mike Pence, but as Sadia Afroz explains, stylometry—the analysis of prose to uncover its author’s identity—is a little more complicated than looking at individual words. Afroz is a senior research scientist at the International Computer Science Institute. Interview begins at minute 6:20.
Bitcoin's Use in Commerce Keeps Falling Even as Volatility Eases
August 02, 2018 | Olga Kharif, Bloomberg
“It’s not actually usable," Nicholas Weaver, a senior researcher at the International Computer Science Institute, said in an email. Often, he said, "the net cost of a Bitcoin transaction is far more than a credit card transaction." And Bitcoin-based transactions can’t be reversed, an issue when a merchant or a consumer comes up against fraud.
U.S. indictments show technical evidence for Russian hacking accusations
July 13, 2018 | Joseph Menn, Reuters
“The amount of intelligence gathering capability realized by this is astonishing,” said researcher Nicholas Weaver of the International Computer Science Institute, affiliated with the University of California at Berkeley. In particular, emails between Guccifer 2 and the organization believed to be WikiLeaks “suggest that the NSA (U.S. National Security Agency) obtained access to either Guccifer 2’s email account, Wikileaks’ or both.”