academicpapers – WindowsTechs.com

Identifying People by Their Browsing Histories

Posted on August 25, 2020 by Bruce Schneier

Interesting paper: "Replication: Why We Still Can’t Browse in Peace: On the Uniqueness and Reidentifiability of Web Browsing Histories": We examine the threat to individuals’ privacy based on the feasibility of reidentifying users through distinctive profiles of their browsing history visible to websites and third parties. This work replicates and extends the 2012 paper Why Johnny Can’t Browse in Peace:… Continue reading Identifying People by Their Browsing Histories→

Using Disinformation to Cause a Blackout

Posted on August 18, 2020 by Bruce Schneier

Using Disinformation to Cause a Blackout

Posted on August 18, 2020 by Bruce Schneier

Interesting paper: "How weaponizing disinformation can bring down a city’s power grid": Abstract: Social media has made it possible to manipulate the masses via disinformation and fake news at an unprecedented scale. This is particularly alarming from a security perspective, as humans have proven to be one of the weakest links when protecting critical infrastructure in general, and the power… Continue reading Using Disinformation to Cause a Blackout→

Robocall Results from a Telephony Honeypot

Posted on August 17, 2020 by Bruce Schneier

A group of researchers set up a telephony honeypot and tracked robocall behavior: NCSU researchers said they ran 66,606 telephone lines between March 2019 and January 2020, during which time they said to have received 1,481,201 unsolicited calls — even if they never made their phone numbers public via any source. The research team said they usually received an unsolicited… Continue reading Robocall Results from a Telephony Honeypot→

UAE Hack and Leak Operations

Posted on August 13, 2020 by Bruce Schneier

Interesting paper on recent hack-and-leak operations attributed to the UAE: Abstract: Four hack-and-leak operations in U.S. politics between 2016 and 2019, publicly attributed to the United Arab Emirates (UAE), Qatar, and Saudi Arabia, should be seen as the "simulation of scandal" – deliberate attempts to direct moral judgement against their target. Although "hacking" tools enable easy access to secret information,… Continue reading UAE Hack and Leak Operations→

Adversarial Machine Learning and the CFAA

Posted on July 23, 2020 by Bruce Schneier

Adversarial Machine Learning and the CFAA

Posted on July 23, 2020 by Bruce Schneier

I just co-authored a paper on the legal risks of doing machine learning research, given the current state of the Computer Fraud and Abuse Act: Abstract: Adversarial Machine Learning is booming with ML researchers increasingly targeting commercial ML systems such as those used in Facebook, Tesla, Microsoft, IBM, Google to demonstrate vulnerabilities. In this paper, we ask, "What are the… Continue reading Adversarial Machine Learning and the CFAA→

Fawkes: Digital Image Cloaking

Posted on July 22, 2020 by Bruce Schneier

Fawkes is a system for manipulating digital images so that they aren’t recognized by facial recognition systems. At a high level, Fawkes takes your personal images, and makes tiny, pixel-level changes to them that are invisible to the human eye, in a process we call image cloaking. You can then use these "cloaked" photos as you normally would, sharing them… Continue reading Fawkes: Digital Image Cloaking→

Hacking a Power Supply

Posted on July 21, 2020 by Bruce Schneier

This hack targets the firmware on modern power supplies. (Yes, power supplies are also computers.) Normally, when a phone is connected to a power brick with support for fast charging, the phone and the power adapter communicate with each other to determine the proper amount of electricity that can be sent to the phone without damaging the device — the… Continue reading Hacking a Power Supply→

Securing the International IoT Supply Chain

Posted on July 1, 2020 by Bruce Schneier

Together with Nate Kim (former student) and Trey Herr (Atlantic Council Cyber Statecraft Initiative), I have written a paper on IoT supply chain security. The basic problem we try to solve is: how to you enforce IoT security regulations when most of the stuff is made in other countries? And our solution is: enforce the regulations on the domestic company… Continue reading Securing the International IoT Supply Chain→