Archives – All Entries
- FreeBSD 9.0 ships with experimental Capsicum support
- Observations from two weeks of SSH brute force attacks
- Call for Papers: 12th Privacy Enhancing Technologies Symposium (PETS 2012)
- Metrics for dynamic networks
- Beware of cybercrime data memes
- Call for Papers: USENIX Security 2012
- Brute force password-guessing attempts on SSH
- Bankers’ Christmas present
- Blood donation and privacy
- Job ad: post-doctoral researcher in security, operating systems, computer architecture
- Privacy event on Wednesday
- Here we go again
- DNSChanger might change the BGPSEC landscape
- Oral evidence to the malware inquiry
- Want to create a really strong password? Don’t ask Google
- Complaining about spam to the ICO
- Sovereignty and Cybercrime
- Will LBT be blocked?
- Trusted Computing 2.1
- Fashion crimes: trending-term exploitation on the web
- Debate at Cambridge Festival of Ideas: Internet Freedom
- PhD Studentship in Mobile Payments
- Trusted Computing 2.0
- PhD studentship available for research on anonymity and privacy
- Randomly-generated passwords at myBART
- Pico: no more passwords (at Usenix Security)
- Measuring Search-Redirection Attacks in the Illicit Online Prescription Drug Trade
- DCMS illustrates the key issue about blocking
- Will Newzbin be blocked?
- Phone hacking, technology and policy
- Security and Human Behaviour 2011
- Workshop on the economics of information security 2011
- TalkTalk’s new blocking system
- Make noise and whisper: a solution to relay attacks
- The Sony hack: passwords vs. financial details
- Resilience of the Internet Interconnection Ecosystem
- Securing and Trusting Internet Names (SATIN 2011)
- The PET Award: Nominations wanted for prestigious privacy award
- Pico: no more passwords!
- Can we Fix Federated Authentication?
- Why the Cabinet Office’s £27bn cyber crime cost estimate is meaningless
- Measuring password re-use empirically
- JPEG canaries: exposing on-the-fly recompression
- Another Gawker bug: handling non-ASCII characters in passwords
- Everyone’s spam is unique
- A Merry Christmas to all Bankers
- Financial Cryptography and Data Security 2011 — Call for Participation
- The Gawker hack: how a million passwords were lost
- Wikileaks, security research and policy
- Resumption of the crypto wars?
- The Smart Card Detective: a hand-held EMV interceptor
- Social network security – an oxymoron?
- Research, public opinion and patient consent
- Capsicum: practical capabilities for UNIX
- Passwords in the wild, part IV: the future
- Passwords in the wild, part III: password standards for the Web
- Passwords in the wild, part II: failures in the market
- Passwords in the wild, part I: the gap between theory and implementation
- Who controls the off switch?
- Security and Human Behaviour 2010
- Database state – latest!
- Workshop on the economics of information security 2010
- A very rapid betrayal
- Digital Activism Decoded: The New Mechanics of Change
- An old scam still works
- IEEE best paper award
- Erasing David
- PINs and the burden on customers
- How to get money back from a bank
- Protecting Europe against large-scale cyber-attacks
- Ineffective self-blocking by the National Enquirer
- Panorama looks at unlawful filesharing
- What’s worrying the spooks?
- Cambridge Science Festival: Science research now!
- A wrecking amendment ?
- More on the SCR
- Evaluating statistical attacks on personal knowledge questions
- Reliability of Chip & PIN evidence in banking disputes
- Opting out of health data collection
- Measuring Typosquatting Perpetrators and Funders
- Call for papers: WEIS 2010 — Submissions due next week
- What’s the Buzz about? Studying user reactions
- Chip and PIN is broken
- Romantic cryptography
- New attacks on HMQV
- The need for privacy ombudsmen
- Why is 3-D Secure a single sign-on system?
- Multichannel protocols against relay attacks
- How online card security fails
- How hard can it be to measure phishing?
- Placebo bomb detectors
- Encoding integers in the EMV protocol
- Mobile Internet access data retention (not!)
- Practical mobile Internet access traceability
- The Real Hustler
- Extending the requirements for traceability
- Relay attack featured on Dutch TV
- When is a leak not a leak ?
- Facebook tosses graph privacy into the bin
- What does Detica detect?
- RIP memes
- How to vote anonymously under ubiquitous surveillance
- RIP part III
- The Real Hustle and the psychology of scam victims
- Interview with Steven Murdoch on Finextra
- TV coverage of online banking card-reader vulnerabilities
- Security psychology
- apComms backs ISP cleanup activity
- Economics of peer-to-peer systems
- Tor on Android
- Tuning in to random numbers
- Which? survey of online banking security
- Defending against wedge attacks in Chip & PIN
- Nuke photos
- User complaints about photos in Facebook ads
- How much did shutting down McColo help?
- The Economics of Privacy in Social Networks
- WEIS 2009 – liveblog
- Static Consent and the Dynamic Web
- Open letter to Google
- Security and Human Behaviour 2009
- How Privacy Fails: The Facebook Applications Debacle
- Attack of the Zombie Photos
- Location privacy
- Security economics video
- Reducing interruptions with screentimelock
- Temporal Correlations between Spam and Phishing Websites
- The Curtain Opens on Facebook’s Democracy Theatre
- Chip and PIN on Trial
- A truly marvellous proof of a transaction
- Facebook Giving a Bit Too Much Away
- The Snooping Dragon
- Democracy Theatre on Facebook
- EFF and Tor Project in Google Summer of Code
- Database State
- National Fraud Strategy
- Hot Topics in Privacy Enhancing Technologies (HotPETs 2009)
- Optimised to fail: Card readers for online banking
- Evil Searching
- When Layers of Abstraction Don’t Get Along: The Difficulty of Fixing Cache Side-Channel Vulnerabilities
- Technical aspects of the censoring of archive.org
- Missing the Wood for the Trees
- New Facebook Photo Hacks
- Variable Length Fields in Cryptographic Protocols
- Hidden Assumptions in Cryptographic Protocols
- Security issues in ubiquitous computing
- Marksmen, on your marks!
- Andy Burnham and the decline of standards
- Card fraud — what can one do?
- Think of the children
- Technical aspects of the censoring of Wikipedia
- Forensic genomics
- Another link spammer
- How can we co-operate to tackle phishing?
- Liberal Democrat leader visits our lab
- Non-cooperation in the fight against phishing
- Making bank reimbursement statutory
- Lords debate “Personal Internet Security”
- Privacy Enhancing Technologies Symposium (PETS 2009)
- ePolicing – Tomorrow the world?
- Root of Trust ?
- Anti-theft Protocols
- An A to Z of confusion
- Zebras and Aardvarks
- An insecurity in OpenID, not many dead
- Listening to the evidence
- Card Wars: The Phantom Menace
- PET Award 2008
- Finland privacy judgment
- Metrics for security and performance in low-latency anonymity systems
- Personal Internet Security: follow-up report
- Security psychology
- An improved clock-skew measurement technique for revealing hidden services
- Operational security failure
- Slow removal of child sexual abuse image websites
- “Covert channel vulnerabilities in anonymity systems” wins best thesis award
- J-PAKE: From Dining Cryptographers to Jugglers
- PED vulnerability paper receives “Most Practical Paper” award at Oakland
- Twisty little passages, all alike
- Hardened stateless session cookies
- Second edition
- Wordpress 2.5 cookie integrity protection vulnerability
- Stealing Phorm Cookies
- New Banking Code shifts more liability to customers
- Adding webwise.net into the CNI
- The Phorm “Webwise” System
- A false accusation of “hacking”
- Award Winners #2
- Securing Network Location Awareness with Authenticated DHCP
- Security Economics and the EU
- The two faces of Privila
- Chip & PIN terminals vulnerable to simple attacks
- Inane security questions
- Computer Misuse in Scotland
- Justice, in one case at least
- Opting out
- Financial Ombudsman losing it?
- www.e-victims.org
- Relay attacks on card payment: vulnerabilities and defences
- Hacking tool guidance finally appears
- How effective is the wisdom of crowds as a security mechanism?
- Fatal wine waiters
- Index on Censorship: Shifting Borders
- Covert channel vulnerabilities in anonymity systems
- Privacy Enhancing Technologies Symposium (PETS 2008)
- A conspicuous contribution !
- Hackers get busted
- Theme is back
- A cryptographic hash function reading guide
- Action Replay Justice
- Wordpress cookie authentication vulnerability
- Government security failure
- Happy Birthday ORG!
- Google as a password cracker
- Government ignores Personal Medical Security
- Government ignores Personal Internet Security
- Upgrade and new theme
- Phishing take-down paper wins ‘Best Paper Award’ at APWG eCrime Researcher’s Summit
- Counters, Freshness, and Implementation
- Time to forget?
- Notes on FPGA DRM (part 1)
- Web content labelling
- Keep your keypads close
- NHS Computer Project Failing
- Embassy email accounts breached by unencrypted passwords
- Analysis of the Storm Javascript exploits
- Mapping the Privila network
- The dinosaurs of five years ago
- The interns of Privila
- Econometrics of wickedness
- Phishing website removal — comparing banks
- Latest on security economics
- Phishing and the gaining of “clue”
- Poor advice from SiteAdvisor
- House of Lords Inquiry: Personal Internet Security
- Chip-and-PIN relay attack paper wins “Best Student Paper” at USENIX Security 2007
- USENIX WOOT07, Exploiting Concurrency Vulnerabilities in System Call Wrappers, and the Evil Genius
- Electoral Commission releases e-voting and e-counting reports
- Economics of Tor performance
- The role of software engineering in electronic elections
- Digital signatures hit the road
- Recent talks: Chip & PIN, traffic analysis, and voting
- “No confidence” in eVoting pilots
- Hacking tools are legal for a little longer
- Phishing, students, and cheating at the lottery
- Should there be a Best Practice for censorship?
- Sampled Traffic Analysis by Internet-Exchange-Level Adversaries
- Distance bounding against smartcard relay attacks
- Results of global Internet filtering survey
- How quickly are phishing websites taken down?
- Follow the money, stupid
- Extreme online risks
- Debug mode = hacking tool?
- There aren’t that many serious spammers any more
- TK Maxx and banking regulation
- Devote your day to democracy
- What is the unit of amplification for DoS?
- e-Government Framework is Rather Broken
- How (not) to write an abstract
- Identity theft without identification infrastructure
- Passports and biometric certificates
- (In)security at the University of Birmingham
- SOCA: we just want your money?
- Financial Ombudsman on Chip & PIN infallibility
- Chip & PIN relay attacks
- Human Rights and Biophysics (strange similarities)
- Chip & PIN terminal playing Tetris
- Health database optout – latest news
- 23rd Chaos Communication Congress
- Health privacy … breaking news …
- Developments on health privacy…
- Kids’ databases
- A backwards way of dealing with image spam
- The ATM Protection Racket
- Traffic Data Retention and Forensic Imaging
- Shishir wins BCS best student award
- Seals, physical security, and usability
- Opting out of the NHS Database
- Yet another insecure banking system
- How to hack your GP’s computer system
- Mainstreaming eCrime
- New website on NHS IT problems
- Kish’s “totally secure” system is insecure
- Boom! Headshot!
- Closing in on suspicious transactions
- Random isn’t always useful
- Which services should remain offline?
- How many Security Officers? (reloaded)
- PerSec 2007 deadline: 24 September
- A Study on The Value of Location Privacy
- The real hustle on BBC3: watch it!
- Hot or Not: Revealing Hidden Services by their Clock Skew
- After ID Cards…
- With a single bound it was free!
- RIP
- Protocol design is hard — Flaws in ScatterChat
- Anonymous data that isn’t
- “Identity fraud” again
- Security Theater at the Grand Coulee Dam
- Stolen mobiles story
- Health IT Report
- Growing epidemic of card cloning
- Powers, Powers, and yet more Powers …
- New card security problem?
- Downtime
- Protecting software distribution with a cryptographic build process
- Security Economics
- Chip and PIN again
- Permissive action links for individual bullets
- Ignoring the “Great Firewall of China”
- Oracle attack on Wordpress
- Censoring science
- Anatomy of an XSS exploit
- Chip and skim 2
- Just which gadget are you recruiting?
- The Rising Tide: DDoS by Defective Designs and Defaults
- TR-666: A pact with the Devil
- How to use a chip card whose PIN you don’t know
- XSS vulnerabilities fixed in Wordpress 2.0.3
- ATMs and Disclosure Laws
- What’s a security problem?
- Watching them watching me
- WEIS 2006
- Cambridge Security Seminars
- Workshop on Privacy in the Electronic Society (WPES 2006)
- The mythical tamper-proof PIN pad?
- Persec 2006 and Naccache on tapping mobile phones
- Why so many CCTVs in UK? (again)
- The Internet and Elections: the 2006 Presidential Election in Belarus
- Covert conflict in social networks
- D-Link settles!
- Browser storage of passwords: a risk or opportunity?
- When firmware attacks! (DDoS by D-Link)
- AV-net – a new solution to the Dining Cryptographers Problem
- Award winners
- Fraud or feature?
- Cat with computer virus
- Chip and skim
- Banks don’t help fight phishing
- Video eavesdropping demo at CeBIT 2006
- BBC article on new Chinese TLDs
- New Chinese TLDs
- Chinese website registration
- Towards a market price for insecurity
- Why so many CCTVs in UK?
- Complexities in criminalising denial of service attacks
- Forensics and terrorism
- EarthLink has just 31 challenge-response CAPTCHAs
- Security research may become a crime in the UK
- Mysterious and Menacing