SHB 2019 – Liveblog

I’ll be trying to liveblog the twelfth workshop on security and human behaviour at Harvard. I’m doing this remotely because of US visa issues, as I did for WEIS 2019 over the last couple of days. Ben Collier is attending as my proxy and we’re trying to build on the experience of telepresence reported here … Continue reading SHB 2019 – Liveblog

Three paper Thursday: Ethics in security research

Good security and cybercrime research often creates an impact and we want to ensure that impact is positive. This week I will discuss three papers on ethics in computer security research in the run up to next week’s Security and Human Behaviour workshop (SHB). Ethical issues in research using datasets of illicit origin (Thomas, Pastrana, … Continue reading Three paper Thursday: Ethics in security research

The lifetime of an Android API vulnerability

By Daniel Carter, Daniel Thomas, and Alastair Beresford Security updates are an important mechanism for protecting users and their devices from attack, and therefore it’s important vendors produce security updates, and that users apply them. Producing security updates is particularly difficult when more than one vendor needs to make changes in order to secure a … Continue reading The lifetime of an Android API vulnerability

Graphical Models of Security (GraMSec 2018)

I was at The Fifth International Workshop on Graphical Models for Security (part of FLoC 2018) this weekend where I presented a paper. Following is a summarized account of the talks that took place there. Slides can be found here. The first speaker was Mike Fisk who was giving an invited talk on Intrusion Tolerance … Continue reading Graphical Models of Security (GraMSec 2018)

Don’t blame Cambridge for Facebook’s privacy crisis

Mark Zuckerberg tried to blame Cambridge University in his recent testimony before the US Senate, saying “We do need to understand whether there was something bad going on in Cambridge University overall, that will require a stronger action from us.” The New Scientist invited me to write a rebuttal piece, and here it is. Dr … Continue reading Don’t blame Cambridge for Facebook’s privacy crisis

Crypto Wars 2.0

Today we unveil a major report on whether law enforcement and intelligence agencies should have exceptional access to cryptographic keys and to our computer and communications data generally. David Cameron has called for this, as have US law enforcement leaders such as FBI Director James Comey. This policy repeats a mistake of the 1990s. The … Continue reading Crypto Wars 2.0