Media Coverage

Albert Kwon on "Circuit Fingerprinting Attacks: Passive Deanonymization of Tor Hidden Services"

View the paper and associated media

• Shoring up Tor (MIT News, 7.28.15)
• Ξανά: παραβίαση της ανωνυμίας του Tor (Guru News, 7.29.15)
• MIT boffins identify Tor hidden services with 88 percent accuracy (The Register, 7.29.15)
• MIT researchers figure out how to break Tor anonymity without encryption (ExtremeTech, 7.29.15)
• Researchers mount successful attacks against Tor network—and show how to prevent them (Phys.org, 7.29.15)
• Shoring up Tor (EurekAlert, 7.29.15)
• Vulnerability could make Tor, the anonymous network, less anonymous (Fortune, 7.29.15)
• Cracking Tor (Pacific Standard, 7.30.15)
• Critical Vulnerabilty in TOR puts users Anonymity at Risk (TechWorm, 7.30.15)
• Des chercheurs du MIT démontrent une faille du réseau Tor (Actualité Houssenia Writing, 7.30.15)
• Forscher finden Sicherheitslücke in Tor (com! professional, 7.30.15)
• Investigadores aperfeiçoam método de ataque à Tor (ComputerWorld Portugal, 7.31.15)
• MIT cracks Tor anonymity network and identifies hidden servers with 88% accuracy (International Business Times UK, 7.30.15)
• MIT researchers can break Tor anonymity without even touching encryption (BGR, 7.30.15)
• Анонимность скрытых служб Tor поставлена под сомнение (Computer Review Ukraine, 7.30.15)
• New attack on Tor can deanonymize hidden services with surprising accuracy (ArsTechnica, 7.31.15)
• Researchers improve de-anonymization attacks for websites hiding on Tor (PCWorld, 7.31.15)
• Shoring up Tor (ECN, 7.30.15)
• Researchers mount successful attacks against ppopular anonymity network — and show how to prevent them (ScienceBlog, 7.31.15)
• Tor anonymity called into question as alternative browser surfaces (TechTarget, 7.31.15)
• MIT tuyên bố phá vỡ tính ẩn danh của Tor (VNReview Vietnam, 8.1.15)

Mordechai Guri on "GSMem: Data Exfiltration from Air-Gapped Computers over GSM Frequencies"

View the paper and associated media

• ‘GSMem’ malware designed to infiltrate air-gapped computers, steal data (SC Magazine, 7.27.15)
• Malware steelt data van offline computer via mobiele telefoon (security.nl, 7.27.15)
• Researchers Hack Air-Gapped Computer with Simple Cell Phone (Wired, 7.27.15)
• These Researchers Just Hacked an Air-Gapped Computer Using a Simple Cellphone (Slate, 7.27.15)
• Cellphones can steal data from 'air-gapped computers' (ECN, 7.28.15)
• GSMem : Pirater un PC sans connexion via le réseau GSM (Silicon, 7.28.15)
• שיטה חדשה מאפשרת לדלות מידע ממחשבים מבודדים (nrg, 7.29.15)
• 无需联网 计算机电磁波就泄露了你的数据 (PConline China, 7.29.15)
• Nouvelles découvertes dans le piratage “Air-Gap” (L'Informaticien, 7.28.15)
• Pirater des PC hors réseau avec un GSM (LeMagIT, 7.29.15)
• Vedci hackli počítač odpojený od internetu. Deväťročným mobilom (Zive, 7.29.15)
• Researchers Use Malware to Transmit Data Between Air-Gapped Computers (eWeek, 7.30.15)
• New malware turns your computer into a cellular antenna (PCWorld, 8.6.15)

Susan E. McGregor on "Investigating the Computer Security Practices and Needs of Journalists"

View the paper and associated media

• Computer security tools for journalists lacking in a post-Snowden world (eScience News, 7.22.15)
• Computer Security Tools For Journalists Lacking In A Post-Snowden World (Newsroom America, 7.22.15)
• Computer security tools for journalists lacking in a post-Snowden world (ScienceBlog, 7.22.15)
• Computer security tools for journalists lacking in a post-Snowden world (UW Today, 7.22.15)
• Journalists Lack Tools for Keeping Secrets (Futurity, 7.23.15)
• The secret to strengthening online security tools (Columbia Journalism Review, 8.17.15)

Mathy Vanhoef on "All Your Biases Belong to Us: Breaking RC4 in WPA-TKIP and TLS"

View the paper and associated media

• New RC4 Attack Dramatically Reduces Cookie Decryption Time (ThreatPost, 7.15.15)
• Once-theoretical crypto attack against HTTPS now verges on practicality (ArsTechnica, 7.15.15)
• Onderzoekers onthullen nieuwe aanval op RC4-algoritme (security.nl, 7.16.15)
• RC4 crypto: Get RID of it already, say boffins (The Register, 7.16.15)
• RC4: Forscher zeigen neue Angriffe gegen HTTPS und WPA/TKIP (derStandard.at, 7.16.15)
• Researchers develop quicker RC4 encryption algorithm attack (SC Magazine, 7.16.15)
• Verschlüsselte Verbindungen im Visier (Neue Zürcher Zeitung, 7.16.15)
• Attack breaks RC4 cipher in 75 hours, busts SSL, WPA (The Tech Report, 7.17.15)
• Эксперты показали метод атаки на RC4, снижающий время на расшифровку cookie-файлов (SecurityLab.ru, 7.17.15)
• HTTPS/TLS RC4 Vulnerability Serious Threat to Bitcoin Platforms (Bitcoinist.net, 7.17.15)
• New RC4 Encryption Attacks Reduces Plaintext Recovery Time (Military Technologies, 7.17.15)
• Bitcoin Platforms Serious Threat Due to HTTPS TLS RC4 Vulnerability (BizTek Mojo, 7.18.15)
• 'NOMORE' attack makes RC4 a little weaker again (Virus Bulletin, 7.20.15)
• RC4 NOMORE crypto exploit used to decrypt user cookies in mere hours (ZDNet, 7.20.15)
• SecUpdate: Flash bojuje o přežití a uživatelé jsou zaplaveni důležitými opravami (CDR.cz, 7.20.15)
• RC4 Nomore: Neuer Exploit erlaubt Entschlüsselung von Cookies innerhalb weniger Stunden (ZDNet.de, 7.21.15)
• Ditch RC4 Crypto Before It's Too Late (Bank Info Security, 7.24.15)

Kai Chen on "Finding Unknown Malice in 10 Seconds: Mass Vetting for New Threats at the Google-Play Scale"

View the paper and associated media

• One in every 10 Android apps 'contains malicious code': US-China study (South China Morning Post, 6.26.15)

Roel Verdult on "Dismantling Megamos Crypto: Wirelessly Lockpicking a Vehicle Immobilizer"

View the paper and associated media

• Land Rover praised for recall over software security bug (ComputerWeekly, 7.14.15)
• Researchers reveal electronic car lock hack after 2-year injunction by Volkswagen (ArsTechnica, 8.12.15)
• 'Banned' Article About Faulty Immobilizer Chip Published After Two Years (Slashdot, 8.13.15)
• Don't Want Your Car Hacked? Keep It Simple. (Bloomberg View, 8.14.15)
• Volkswagen hid a car hacking flaw for two years (CNN Money, 8.14.15)
• Volkswagen suppressed a paper about car hacking for 2 years (Mashable, 8.14.15)
• Volkswagen and other keyless ignitions easy to hack; VW spent two years suppressing this in court (Consumer Affairs, 8.14.15)
• VW spent two years trying to hide a security flaw (Automotive News, 8.14.15)
• Volkswagen spent years hiding this huge security flaw (Fortune, 8.14.15)
• Researchers Found Vulnerability In Some Keyless Vehicles, Automakers Blocked Their Findings (Carscoops, 8.16.15)
• Car hacking news: Ransomware threat could reach auto dealerships (Network World, 8.17.15)
• Hackers reveal flaw in over 100 cars kept secret by Volkswagen for TWO YEARS: Bug can be used to unlock everything from a Kia to a Lamborghini (Daily Mail UK, 8.17.15)
• Hack to steal cars with keyless ignition: Volkswagen spent 2 years hiding flaw (ComputerWorld, 8.17.15)
• Secret Volkswagen car hacking research gets released after 2 years (ITProPortal, 8.17.15)
• The Hack Volkswagen Didn't Want Car Thieves to See (Tom's Guide, 8.17.15)
• Volkswagen and Other Companies Hid a Bug That Is Putting Cars in Danger of Getting Stolen (iDigitalTimes Australia, 8.17.15)
• Volkswagen has spent two years trying to hide a big security flaw (The Age, 8.17.15)
• Security flaw affecting more than 100 car models exposed by scientists (The Guardian, 8.18.15)
• Security researchers reveal car hack after two-year injunction (SC Magazine UK, 8.18.15)
• The Unsettling Reality of Connected Vehicles (IT Business Edge, 8.18.15)
• Thousands of cars vulnerable to keyless theft, according to researchers (The Telegraph, 8.18.15)
• Veedub flub hubbub stubs car-jack hack flap (The Register UK, 8.18.15)
• Volkswagen car hack revealed after two year injunction (Computer Business Review, 8.18.15)

Yunmok Son on "Rocking Drones with Intentional Sound Noise on Gyroscopic Sensors"

View the paper and associated media

• Sound: Yet another way to smack down drones (Naked Security, 8.6.15)
• Drone Hack : Blasting a sound at a drone can knock it out of the air (TechWorm, 8.9.15)
• Drones knocked out of the air by sound waves (International Business Times, 8.10.15)

Terry Nelms on "WebWitness: Investigating, Categorizing, and Mitigating Malware Download Paths"

View the paper and associated media

• Damballa Director of Research Terry Nelms to Unveil New Malware Incident Investigation System at USENIX Security Symposium (BusinessWire, 8.10.15)

Kyle Soska on "Measuring the Longitudinal Evolution of the Online Anonymous Marketplace Ecosystem"

View the paper and associated media

• MDMA, Cocaine Sales Help Dark Net Drug Sites Make Over $100 Million Annually, Without Shuttered Silk Road (International Business Times, 8.12.15)

Byoungyoung Lee on "Type Casting Verification: Stopping an Emerging Attack Vector"

View the paper and associated media

• Facebook Awards $100,000 for New Class of Vulnerabilities and Detection Tool (Threatpost, 8.12.15)
• Facebook awards Tech researchers $100,000 for vulnerability discovery tool for C++ (TechWorm, 8.13.15)
• Facebook Awards $100,000 to White-Hat Hackers (Hacked, 8.13.15)
• Facebook issues Internet Defense Prize for vulnerability discovery tool (ZDNet, 8.13.15)
• Facebook offre 100 000 $ à des chercheurs en sécurité (Silicon, 8.13.15)
• Facebook выплатила $100 тыс. за обнаружение нового класса уязвимостей (SecurityLab.ru, 8.13.15)
• 페이스북·유즈닉스, “한국연구원들의 보안논문이 최고” (boannews.com, 8.13.15)
• Found: 11 security flaws in popular internet browsers (Science Codex, 8.13.15)
• Georgia Tech finds 11 security flaws in popular internet browsers (EurekaAlert, 8.13.15)
• Georgia Tech finds 11 security flaws in popular internet browsers (ECNmag.com, 8.13.15)
• Georgia Tech Finds 11 Security Flaws in Popular Internet Browsers Using New Analysis Method (Newswise, 8.13.15)
• Kwetsbaar C++ levert studenten $100.000 op (Webwereld, 8.13.15)
• New Analysis Finds 11 Security Flaws in Popular Web Browsers (Laboratory Equipment, 8.13.15)
• Researchers discover emerging class of C++ bugs, Intel’s diversity report, and Android Experiments—SD Times news digest: Aug. 13, 2015 (SD Times, 8.13.15)
• Researchers win Internet Defense Prize for C++ detection tool (welivesecurity, 8.13.15)
• Team finds 11 security flaws in popular internet browsers using new analysis method (Phys.org, 8.13.15)
• Cyber tool spots 11 new security flaws in internet browsers (Business Standard, 8.14.15)
• Cyber tool spots 11 new security flaws in internet browsers (Can-India News, 8.14.15)
• Cyber tool spots 11 new security flaws in internet browsers (Gizbot, 8.14.15)
• Cyber tool spots 11 new security flaws in internet browsers (Jagran Post, 8.14.15)
• Cyber tool spots 11 new security flaws in internet browsers (New Kerala, 8.14.15)
• Cyber Tool Spots 11 New Security Flaws in Internet Browsers (The New Indian Express, 8.14.15)
• Facebook hands hackers $100k for breaking browsers (The Register UK, 8.14.15)
• FB announces Internet Defence Prize for vulnerability discovery tool (The Hans India, 8.14.15)
• Found: 11 Security Flaws In Popular Internet Browsers (Science 2.0, 8.14.15)
• New Analysis Method Finds 11 Security Flaws in Popular Internet Browsers (Scientific Computing, 8.14.15)
• New Cyber-Security Tool Finds 11 Security Flaws in Internet Browsers (NDTV Gadgets, 8.14.15)
• New cyber-security tool finds 11 security flaws in Internet browsers (BGR India, 8.14.15)
• New tool finds 11 security flaws in internet browsers (The Times of India, 8.14.15)
• Research team discovers eleven security flaws in popular browsers (ITProPortal, 8.14.15)
• New cyber-security tool finds 11 security flaws in Internet browsers (Tech2, 8.15.15)
• Georgia Tech Finds 11 Deep Security Flaws in Chrome, Firefox (eWeek, 8.18.15)

Mike Walker on "Machine vs. Machine: Lessons from the First Year of Cyber Grand Challenge"

View the talk and associated media

• Cybersecurity angle sharpens with Hillary emails — China and South Korea visits loom — Robot hackers might be a one-off (Politico, 8.13.15)

Nikolaos Karapanos on "Sound-Proof: Usable Two-Factor Authentication Based on Ambient Sound"

View the paper and associated media

• The Noise Around You Could Strengthen Your Passwords (Wired, 8.13.15)
• Two-factor system uses ambient sounds to verify your login (Engadget, 8.16.15)
• Ambient sound could speed adoption of 2FA, say security researchers (ComputerWeekly, 8.17.15)
• Boffins nail 2FA with 'ambient sound' login for the lazy (The Register, 8.17.15)
• "Sound Proof" Could Kill Annoying Two-Step Authentication Codes (Gizmodo, 8.17.15)
• Using ambient sound as a two-factor authentication system (nakedsecurity, 8.17.15)
• Ambient sound may help protect your online accounts (phys.org, 8.18.15)