Today researchers disclosed a new security flaw in TLS/SSL, the protocol used to secure web connections. The flaw is significant in itself, but it is also a good example of what can go wrong when government asks to build weaknesses into security systems. Back in the early 1990s, it was illegal to export most products […]
A clear line between offense and defense
February 26, 2015 by
The New York Times, in an editorial today entitled “Arms Control for a Cyberage“, writes, The problem is that unlike conventional weapons, with cyberweapons “there’s no clear line between offense and defense,” as President Obama noted this month in an interview with Re/code, a technology news publication. Defense in cyberwarfare consists of pre-emptively locating the […]
We can de-anonymize programmers from coding style. What are the implications?
February 26, 2015 by
In a recent post, I talked about our paper showing how to identify anonymous programmers from their coding styles. We used a combination of lexical features (e.g., variable name choices), layout features (e.g., spacing), and syntactic features (i.e., grammatical structure of source code) to represent programmers’ coding styles. The previous post focused on the overall […]
Lenovo Pays For Careless Product Decisions
February 23, 2015 by
The discovery last week that Lenovo laptops had been shipping with preinstalled adware that left users wide open to security exploitation triggered a lot of righteous anger in the tech community. David Auerbach at Slate wrote that Lenovo had “betrayed its customers and sold out their security”. Whenever a big company does something so monumentally […]
In Partial Defense of the Seahawks' Play Calling
February 2, 2015 by
The conventional wisdom about last night’s Super Bowl is that the Seahawks made a game-losing mistake by running a passing play from the Patriots’ one yard line in the closing seconds. Some are calling it the worst Super Bowl play call ever. I disagree. I won’t claim it was the right call, but I do […]
