The other 'fingerprints' you don't know about -
December 4, 2015
Still, researchers such as Marios Savvides of Carnegie Mellon's CyLab are excited by the possibilities. "As long as the part of the eye over the iris region remains unaltered from disease then iris recognition will not be affected," said Savvides. "We are working on extracting iris features from high resolution visible photos and matching them against other high resolution photos of irises" and have been able to match those, which is "an exciting finding."
FTC appoints privacy expert Lorrie Cranor as Chief Technologist -
December 4, 2015
Lorrie Cranor will join the FTC staff in January and be primarily responsible for advising Chairwoman Ramirez and the Commission on developing technology and policy matters. Cranor is currently a Professor of Computer Science and Engineering and Public Policy at Carnegie Mellon University, where she directs the CyLab Usable Privacy and Security Laboratory
The FTC is getting a new chief technologist: Carnegie Mellon’s Lorrie Cranor -
December 3, 2015
The Federal Trade Commission is one of the government's major online privacy watchdogs. And it's getting a new chief technologist: Carnegie Mellon University CyLab researcher Lorrie Cranor, who will step into the role in January. “Technology is playing an ever more important role in consumers’ lives, whether through mobile devices, personal fitness trackers, or the increasing array of Internet-connected devices we find in homes and elsewhere,” FTC Chairwoman Edith Ramirez said Thursday in a press release announcing the shift. “[Cranor] will play a key role in helping guide the many areas of FTC work involving new technologies and platforms."
Would You Let This Creepy Robot Drive You Around? -
November 30, 2015
"Having a robot driving a car is simply not practical," says Raj Rajkumar, an electrical and computer engineering professor and researcher at Carnegie Mellon CyLab who studies autonomous cars. "Humanoid robots will have even bigger constraints than humans."
Can the federal government kill the password? -
November 4, 2015
The project is chiefly based on threat behavior modeling originally developed through its Cybersecurity Research Consortium partner Carnegie Mellon University's (CMU) cybersecurity institute, CyLab. At CyLab, researchers investigated how sensors on a device track and capture user behavior and compare that data against a user profile automatically derived through machine-learning techniques.
How long does it take for employees to be security conscious? -
November 2, 2015
CyLab professor Jason Hong, an author of the study, believes the research findings still hold true today. “The only thing that’s really new is that there are a lot more communication channels [besides email.] Now people try phishing attacks on Facebook or Twitter, but the general theme is still essentially the same. We haven’t seen any major new innovations in phishing attacks, other than the attacker may have more information about you.”
Best Technology Jobs - Information Security Analyst -
November 2, 2015
David Brumley, director of Carnegie Mellon CyLab, says security analysts focus on three main areas: risk assessment (identifying problems an organization might face), vulnerability assessment (determining an organization’s weaknesses) and defense planning (installing protections, such as firewalls and data encryption programs).
Can Detroit Beat Google to the Self-Driving Car? -
October 29, 2015
In 2007, GM teamed up with Carnegie Mellon University to win the Darpa Urban Challenge, run by the U.S. Defense Department's research arm. GM’s heavily modified Chevy Tahoe successfully navigated a city course on its own to win a $2 million prize. The feat “made this very singular statement that automated driving is no longer science fiction,” says Raj Rajkumar, an engineering professor who co-directs GM’s Autonomous Driving Research Lab at Carnegie Mellon.
How long does it take for employees to be security conscious? -
October 26, 2015
CyLab professor Jason Hong, an author of the study, believes the research findings still hold true today. “The only thing that’s really new is that there are a lot more communication channels [besides email.] Now people try phishing attacks on Facebook or Twitter, but the general theme is still essentially the same. We haven’t seen any major new innovations in phishing attacks, other than the attacker may have more information about you.”
CMU Partners With NSA Day of Cyber Program -
October 22, 2015
Carnegie Mellon is deeply invested in security and privacy through CyLab, a university-wide collaboration involving over 50 faculty from six colleges with a vision to create a world in which people can trust technology. “Bringing more young minds to the field of cybersecurity is exceedingly important to our nation right now,” said David Brumley, director of CyLab and associate professor of electrical and computer engineering.
The Way We Use Social Security Numbers Is Absurd -
October 15, 2015
“Your email address is a form of identification,” said Alessandro Acquisti, an information technology professor and privacy expert at Carnegie Mellon CyLab. “You can share it publicly, so that people can contact you via that address. The password you use to access your email, instead, is a form of authentication: It should stay secret, because you want to be the only one who can access your emails.”
EU court invalidated agreement with U.S. -
October 10, 2015
A decision this week by the European Union’s top court about data privacy will not only have a strong impact on commerce between U.S. and Europe, but could eventually improve security protections for Americans, said a security expert from Carnegie Mellon University. “If we have to change the framework for how we protect European citizens, that may come back to help protect Americans in the long term,” said Lorrie Faith Cranor, director of CMU’s CyLab Usable Privacy and Security Laboratory.
Two Years After Silk Road's Fall, Darknet Drug Markets Thrive -
October 8, 2015
“To this day, more than half of anonymous marketplaces implement websites that are directly derived from the template that Silk Road used, and from formatting all the way to policy Silk Road invented the status quo that actors in this space have come to expect,” Kyle Soska, researcher at Carnegie Mellon CyLab says. Soska and his advisor, Professor Nicolas Christin, released a study earlier this year analyzing darknet markets.
The Rebirth of Mesh Networks -
October 1, 2015
"Over time, mesh networks will function as a backup technology that you use in cases of disaster and as a way of bootstrapping connectivity in developing regions, but they are limited by bandwidth capacity,” said Vyas Sekar, assistant professor in electrical and computer engineering and researcher at Carnegie Mellon CyLab.
Researchers envisage swarms of tiny drones for dangerous rescue missions -
August 25, 2015
"These places are very dangerous for rescuers to go, so we don’t want to just blindly send people inside," said Pei Zhang, an researcher at Carnegie Mellon CyLab. "Instead, we want to get these things in before people go in and determine if there are people that need help," he said, gesturing to several drones on the table in front of him.
What Is The Dark Web? -
August 17, 2015
Services on the dark web would not have been as popular without a means of paying for them. This is something that Bitcoin has made possible. A recent study by Carnegie Mellon CyLab researchers Kyle Soska and Nicolas Christin has calculated that drug sales on the dark net total US$100 million a year. Most, if not all, was paid for in Bitcoin.
If we go to biometric IDs, will hackers try to steal your face? -
August 15, 2015
"Hollywood has done an amazing job of stigmatizing biometrics, and we all gravitate to the negative aspect of it," says Marios Savvides, associate research professor and director of the CyLab Biometrics Center at Carnegie Mellon University. "Once we seek the truth and not urban myths, I think the cloudiness disappears."
Human Weakness in Cybersecurity -
August 13, 2015
CyLab researcher Jason Hong explains, "But ultimately, the human element may also be the most important part today. Nearly every major data breach we have seen in the past few years was due to a human failure. It really doesn’t matter how many firewalls, certificates, or two-factor authentication mechanisms or how much encryption software you have if the person behind the keyboard falls for an attack."
The Biggest Dark Web Markets Rake in Up to $500,000 a Day, Study Says -
August 12, 2015
“At its height, I think Silk Road 2 was probably the most successful one. In February 2014 it was clearing around $400,000 [a day],” Carnegie Mellon CyLab researcher Christin told Motherboard in a phone interview.
Eye-scanning tech used to track terrorists adapted to help find missing children -
August 4, 2015
Physical appearances can be altered, but no two irises are the same," said Marios Savvides, director of the CyLab Biometrics Center at Carnegie Mellon University's College of Engineering. "This is breakthrough technology for locating missing children, especially victims of human trafficking," Savvides told FoxNews.com. "Right now law enforcement has only photos of missing children to work with, but appearance can change."
Event to offer glimpse of cemetery's history at Old St. Luke's -
July 29, 2015
“It's a very happy ending, because we see the physical results and the cultural effects of our work,” said Professor Yang Cai, director of the Carnegie Mellon University CyLab's Visual Intelligence Studio. Cai and his team used sensitive 3-D scanners, computer modeling and simulated lighting to find subtle markings on the stones and reconstruct their carvings.
Researchers claim they’ve developed a better, faster Tor -
July 24, 2015
A group of researchers—Chen Chen, Daniele Enrico Asoni, David Barrera, and Adrian Perrig of Carnegie Mellon CyLab and the Swiss Federal Institute of Technology (ETH) in Zürich and George Danezis of University College London—may have found a new balance between privacy and performance. In a paper published this week, the group described an anonymizing network called HORNET (High-speed Onion Routing at the NETwork layer), an onion-routing network that could become the next generation of Tor.
Surveillance Society: Who has the rights to your face? -
July 13, 2015
“Perhaps Facebook in some not-so-distant future may decide to share biometric data with brick-and-mortar retailers, with shops in the street, so that next time you enter The Gap on Walnut Street, you may be instantly and automatically recognized,” CyLab researcher Alessandro Acquisti said. The salesperson eyeing your instant profile on a tablet then “knows how to nudge you toward buying much more than you intended.”
When Algorithms Discriminate -
July 9, 2015
Carnegie Mellon CyLab researcher Anupam Datta said, “Given the big gender pay gap we’ve had between males and females, this type of targeting helps to perpetuate it.” It would be impossible for humans to oversee every decision an algorithm makes. But companies can regularly run simulations to test the results of their algorithms. Mr. Datta suggested that algorithms “be designed from scratch to be aware of values and not discriminate.”
CMU researchers see disparity in targeted online job ads -
July 8, 2015
“Imagine Google starts serving these ads equally initially, then more male users start clicking on this ad. If that keeps happening since Google’s machine-learning algorithms are trying to optimize the click-through rate to serve the ad to people more likely to click on it, they’ll start serving more of those ads to males,” Carnegie Mellon CyLab researcher Anupam Datta explained.
Fewer women than men are shown Google ads related to high-paying jobs -
July 7, 2015
"This just came out of the blue," Carnegie Mellon CyLab researcher Anupam Datta said of the gender discrimination finding, which was part of a larger study of the operation of Google's Ad Settings Web page, formerly known as Ad Preferences. The finding underscores the importance of using tools such as AdFisher to monitor the online ad ecosystem. "Many important decisions about the ads we see are being made by online systems," Datta said. "Oversight of these 'black boxes' is necessary to make sure they don't compromise our values."
Probing the Dark Side of Google’s Ad-Targeting System -
July 6, 2015
“I think our findings suggest that there are parts of the ad ecosystem where kinds of discrimination are beginning to emerge and there is a lack of transparency,” says Carnegie Mellon CyLab researcher Anupam Datta. “This is concerning from a societal standpoint.” Ad systems like Google’s influence the information people are exposed to and potentially even the decisions they make, so understanding how those systems use data about us is important, he says.
Why Bitcoin Won’t Save Greece -
June 29, 2015
Many people say a major draw of using Bitcoin during financial crises is that it is more democratized—not backed by any one entity and run on computers, meaning anyone can mine them. However, Nicolas Christin, a researcher at Carnegie Mellon CyLab who studies Bitcoin, says that is not necessarily the case. “In practice, Bitcoin has become much more centralized than it was designed to be––a few outfits run the bulk of currency exchanges, a few large mining pools dominate currency production,” he said by email. “So, it is not entirely clear to me it is actually easy to circumvent capital controls using Bitcoin (and that's setting aside the small detail that even attempting to do so might be completely illegal).”
Emoji Passwords Could Be Coming Your Way. Is That A Good Thing? -
June 15, 2015
But not everyone thinks emoji passwords are that great. Lorrie Cranor, a researcher at Carnegie Mellon CyLab who studies cybersecurity and passwords, told NPR, "I think it's a gimmick. I'm not sure that it will make a difference as far as security goes." Cranor says the argument that people will remember images better than they will numbers is true to a certain extent, but the reality is that we all use a lot of different passwords in our digital lives, so they'd be hard to remember whether they were pictures or numbers.
Cyber-Espionage Nightmare -
June 10, 2015
“Clearly the situation has gotten worse, not better,” says Virgil Gligor, who co-directs Carnegie Mellon University’s computer security research center, known as CyLab. “We made access to services and databases and connectivity so convenient that it is also convenient for our adversaries.” Once companies accept that, Gligor says, the most obvious response is a drastic one: unplug.
Sorry, Criminals, Long-Range Iris Scanners Will Ruin Your Career -
June 4, 2015
According to an instructional YouTube video about the software featuring CyLab Biometrics Lab director Marios Savvides, the long-range iris scanner would be used for the purposes of law enforcement: "There's a lot of potential applications [for it] ... saving lives, as you can identify a possible criminal, wanted for murder or other crimes," he said.
CMU professor to study where data and discrimination intersect -
May 17, 2015
Even without illegal price gouging, Carnegie Mellon CyLab researcher Alessandro Acquisti sees potential for creating a system of “winners and losers” by using data from fitness monitors and Internet-connected cars to set health and auto insurance premiums. "Maybe from an economic perspective you could consider this efficient, but there is this little and very important issue of consumers not being aware at all that this is happening and not being able to foresee the consequences of buying a fitness bracelet,” he said.
New Iris Recognition Tech Could Make It Easier To Catch Criminals -- Or Find Protesters -
May 15, 2015
"This project started when I was reading about how soldiers were using devices out in the field, using devices and trying to match just 5 inches away from harm's way," said CyLab Biometrics Lab director Marios Savvides. "I thought that if could we build a way that can protect our soldiers so that they can stand further away, they'd be safer. Capturing and recognizing from a distance could mean the difference from a soldier having to walk up to a person and step on an IED or walk up to a potential terrorist who may be strapped in explosives. Having the ability to detect threat from a distance can save lives."
Lorrie Faith Cranor: Digital Privacy Is Out of Control -
May 14, 2015
CyLab Usable Privacy and Security Laboratory director Lorrie Cranor explains, "Just saying privacy is about control assumes that we all actually have the ability to affect that control. I think that’s where we’re having breakdowns now, especially with technology. We don’t necessarily have the tools for meaningful control."
Long-Range Iris Scanning Is Here -
May 13, 2015
“Fingerprints, they require you to touch something. Iris, we can capture it at a distance, so we’re making the whole user experience much less intrusive, much more comfortable,” CyLab Biometrics Lab director Marios Savvides told me. Unlike other scanners, which required someone to step up to a machine, his scanner can capture someone’s iris and face as they walk by.
This pa$$w0rd is not very secure: CMU studies reveal best and worst in passwords -
May 4, 2015
The bottom line: “Random is best, but random is hard to remember,” so it’s important to find the right balance, Carnegie Mellon CyLab researcher Lorrie Cranor said. “We’ve been looking at what are the ways that you can actually make passwords stronger without actually driving users crazy.”
Carnegie Mellon’s CyLab wins Edison award -
April 27, 2015
“It is a huge honor for our lab to receive an Edison Award,” said Marios Savvides, research professor and founder and director of the CyLab Biometrics Center told the Carnegie Mellon News. “This award is an important verification of our technological innovations and their positive impact on society.”
New Iris Scanning Tech Could Identify You from 40 Feet Away -
April 17, 2015
If ever adopted by law officials, the long-range iris-scanning technique used in CMU’s traffic stop simulation could help police identify drivers more quickly and safely. The tech might also be used to ID suspected criminals on the run who have made attempts to change their appearance. “Even if I grew a beard and looked completely different,” CyLab Biometrics Lab director Marios Savvides explains in the video, “My eyes are going to be exactly the same.”
‘Minority Report’-like eye scanner works from 40 feet away -
April 17, 2015
CyLab Biometrics Lab director Mario Savvides demonstrated the technology for CNN on Friday, which could offer law enforcement authorities a way to safely ID suspects during police stops. “What it’s doing is, as I’m looking at the mirror right now, it’s actually finding my face, detecting my eyes, extracting features and then matching them — running through the database to come up with the identity of who I am. It can really save the officer’s life by making sure he’s far away and safe.”
Iris eye scanners getting longer range -
April 10, 2015
CyLab Biometrics Lab director Marios Savvides explains, "That's our long range iris system at the back, and what it's doing as I'm looking at the mirror right now is: it's actually finding my face, detecting my eyes, extracting features, and then matching them running through the database to come up with the identity of who I am. It can really save the officer's life as by making sure he is far away and safe."
Does Your Cellphone Know Too Much? -
April 6, 2015
“Many of us these days have 50, 100 apps on our smartphones, and we don’t realize how much information these apps are actually collecting,” Carnegie Mellon CyLab researcher Norman Sadeh said. “The settings we have available on smartphones are very limited when it comes to giving us the ability to deny access to this information.”
Are free apps compromising our privacy? -
April 3, 2015
Carnegie Mellon CyLab researcher Norman Sadeh said when people download an Android app, they are told what information the app is permitted to access, but few pay much attention, and fewer understand the implications of those permissions. "The fact that users respond to privacy nudges indicate that they really care about privacy, but were just unaware of how much information was being collected about them," Sadeh said.
Did the Silk Road Investigation Cause Its Collapse? -
April 1, 2015
"All of the transactions that ever took place in bitcoin are recorded forever," Carnegie Mellon CyLab researcher Nicolas Christin explains, "so as soon you have the identity of the party to one of those transactions, you can very easily follow the trail and see what happened. This is what the investigators did to provide some of the pieces of evidence that are in this complaint."
What Do Your Mobile Apps Tell Third Parties? -
March 29, 2015
“App permission managers are better than nothing, but by themselves they aren’t sufficient,” Carnegie Mellon CyLab researcher Norman Sadeh says. “Privacy nudges can play an important role in increasing awareness and in motivating people to review and adjust their privacy settings.”
Apps Snoop on Your Location Way More Than You Think -
March 25, 2015
“There are some applications where you could justify this level of frequency—think for instance of a navigation app,” Carnegie Mellon CyLab researcher Norman Sadeh told WIRED. “So the frequency by itself is not the problem. Instead it is whether the frequency is justified, and obviously whether users are informed of these practices and have some level of control.”
The Smartest Hackers in the Room (Hint: They're Not the Humans) -
March 25, 2015
Since 2011, CyLab Technical Director David Brumley's research has involved automatic "exploit generation,” which involves pinpointing security holes that are either created intentionally by hackers or, as in the case of the Heartbleed bug, unwittingly by software developers -- and then breaking in. "The way we see it is, the competition was written for our research," he said last year.
Study Shows People Act To Protect Privacy When Told How Often Phone Apps Share Personal Information -
March 23, 2015
“The vast majority of people have no clue about what’s going on,” said Norman Sadeh, a researcher at CyLab and a professor in the School of Computer Science’s Institute for Software Research. Most smartphone users, in fact, have no way of obtaining this data about app behavior. But the study shows that when they do, they tend to act rapidly to change their privacy settings.
State Says it Needs to Rebuild Classified Computer Networks after Hack -
March 10, 2015
CyLab Technical Director David Brumley said about the recent State Department attack, "I think that it’s fair to say that State doesn’t have reliable security practices, if it was at zero percent” for encryption and two-factor identification."
Microsoft Student Essay Contest: Cyberspace 2025 -
March 2, 2015
Carnegie Mellon CyLab student Rijnard van Tonder (1st year PhD, ECE) has won first place in the Microsoft Cyberspace 2025 Essay Award.
Why do people ignore security warnings when browsing the web? -
February 24, 2015
“When you’re posting on an online social network, you need to make a decision about to whom your post will be visible,” explains Lujo Bauer, an associate research professor at Carnegie Mellon University’s Cylab security research centre. “It’s not a warning, but it’s a security-related configuration choice that you have to make at that moment.”
Microsoft: Biometrics are the future of Windows 10 security -
February 17, 2015
The subject of passwords was the focus of a panel discussion at the White House Summit on Cyber Security and Consumer Protection last week at Stanford University, with Lorrie Cranor, a researcher at Carnegie Mellon CyLab, discussing the university's research in the area. CMU found obstacles with authentication methodologies, and having users change passwords frequently means passwords get weaker and weaker, she said.
DARPA Hones Skills of Future Cyber Officers -
February 11, 2015
“When we talk about finding vulnerabilities and coming up with exploits,” Carnegie Mellon CyLab researcher Brumley said, “what we're talking about is that [the cadets and midshipmen] are able to take a program and figure out where it could go wrong [and] demonstrate it, so that as [future military leaders], they know this is actually important.”
Social media data as a tool for urban planning? Maybe. -
February 4, 2015
Dan Tasse and Carnegie Mellon CyLab researcher Jason Hong write that current data collection, like the census, can be a very expensive and labor-intensive undertaking while data from social media is quick, public, and relatively easy to access. “We believe that this kind of geotagged social media data, combined with new kinds of analytics tools, will let urban planners, policy analysts, social scientists, and computer scientists explore how people actually use a city, in a manner that is cheap, highly scalable, and insightful.”
Military academy members hone hacking skills at Pittsburgh competition -
January 30, 2015
“There are too few people who know it's a career,” said David Brumley, a cybersecurity expert and researcher at Carnegie Mellon CyLab known for discovering that cyber attackers can use buggy software and the patches provided by developers as a rapid entry point for attack. “We see this as an industry that needs to grow.”
New Ransom-Ware Scam Locking Victims Out Of Their Own Smartphones -
January 30, 2015
“Definitely don’t pay them because that gives them a strong incentive to continue these kinds of attacks,” said Jason Hong, researcher at Carnegie Mellon CyLab. He says if this happens to you “the worst case is you can wipe your phone and start all over. So if you’re Android or iOS, you can download a lot of your data from the Cloud.”
Tracking the Silk Road mastermind -
January 16, 2015
"What it does show is that Mr. Ulbricht had access to the (Silk Road) administrative accounts," said Carnegie Mellon CyLab researcher Nicolas Christin. "What it does not show is that he was not necessarily the only one who had the keys to the kingdom, so to speak, or how long he had that access. That's a lot harder to show"
Carnegie Mellon University hosts portraits of privacy -
January 12, 2015
“Teens actually value privacy a lot, but their threat models are very different from adult threat models,” said Lorrie Faith Cranor, director of CMU’s CyLab Usable Privacy and Security Laboratory, who led Privacy Illustrated. “The kids aren’t really thinking through as much as corporations as part of their threat model.”
'Interview' Controversy: Did Sony Make the Right Move? -
December 19, 2014
CyLab Technical Director David Brumley suggests teaching students to identify exploits before the bad guys do. His students often perform and win hackathons by applying what they learn to stop the next cyber attack.
How a Russian Dark Web Drug Market Outlived the Silk Road (And Silk Road 2) -
November 14, 2014
“It’s more like traditional drug dealing with online support than a real full-fledged anonymous marketplace,” says Carnegie Mellon CyLab research Nicholas Christin, comparing RAMP to Silk Road’s simpler predecessor OVDB, or the Open Vendor Database. “To some extent it’s very primitive. But to some extent it clearly works really well, because these guys are still alive and kicking.”
Study Finds Search Engine Poisoning Persistent, Hard to Solve -
November 13, 2014
Search-redirection attacks climbed to account for nearly 60 percent of results for such queries in late 2012, the study found. “There was a bit of a cat-and-mouse game between the search engines and the miscreants, if you will,” Carnegie Mellon University CyLab researcher Nicolas Christin said. “Google creates defensive countermeasures and the people behind the black-hat search results adapt.”
Games Like Fruit Ninja - Not Facebook - Get Worst Grades On App Privacy -
November 11, 2014
Lead Carnegie Mellon CyLab researcher Jason Hong and his team trawled 1 million apps on Google Play and created a model that predicted people’s expectations for each one and the gap with the app’s actual behavior. “In some of our past research people were ok with ads and their data being used for advertising purposes,” Hong said in an interview, “but only if they were aware with what’s going on. When they don’t, it’s a problem.”
'Darknet' Sites Shut Down -
November 10, 2014
Carnegie Mellon CyLab researcher Nicolas Christin says, "About a year ago, we had the exact same discussion when the original Silk Road was taken down and within a couple of months a number of other sites popped up and replaced it. So I would say that it's fair to expect that we're going to see still some activity just as long as there is customer demand for the type of goods and services offered on these sites."
Biometrics Could Soon Make Plastic Cards A Thing Of The Past -
November 4, 2014
“You can potentially eliminate a lot of fraud right now through utilizing biometrics,” says the director of the Carnegie Mellon CyLab Biometrics Center Marios Savvides. Every time a major retail chain gets hacked dry, Savvides believes the value of biometrics becomes more evident.
JPMorgan hack signals banks and retailers can do more to keep our data safe -
October 31, 2014
Carnegie Mellon CyLab researcher Rahul Telang says, "At the end of the day, if we want more security (just like a safer car), then consumers have to demand it and be willing to pay for it. The hope is that in the long run, security becomes a default rather than an option."
Leading researchers to discuss privacy and security in a connected age -
October 30, 2014
NSF-supported cybersecurity experts are creating solutions to security and privacy challenges using a holistic approach, grounded in technology and extending to research in economics and social and behavioral sciences. NSF and IEEE-USA have gathered experts in cybersecurity and privacy, including Carnegie Mellon CyLab researcher Lorrie Cranor, to explain the nature of these threats and discuss new, innovative ways to combat them.
Here Is A Physical USB 'Key' To Your Google Account -
October 22, 2014
Lorrie Cranor, director of the CyLab Usable Privacy and Security Laboratory at Carnegie Mellon University, says that a security key is unlikely to broaden the appeal of two-factor authentication beyond those who already use it. But the technology might gain wider use if promoted and packaged in the right way, she says.
How Much of Your Data Would You Trade for a Free Cookie? -
October 2, 2014
While most people will say they value privacy, there's a clear dichotomy between "what we say about privacy and what we do," said Alessandro Acquisti, a Carnegie Mellon CyLab researcher and privacy expert. A study published last year by Acquisti and other researchers found that people's willingness to pay for privacy depended on whether they perceived that their data was already protected.
Carnegie Mellon Team Grabs the Most Flags in DEF CON Competition -
August 21, 2014
"Our team competed against universities and also against large defense contractors. This win is a huge accomplishment," said David Brumley, an associate professor of electrical and computer engineering and technical director of Carnegie Mellon CyLab.
Biometrics emerge as pass code alternative -
July 15, 2014
“Passwords are getting easier to crack,” explains Marios Savvides, director of the CyLab Biometrics Center at Carnegie Mellon University. “And when you try to create stronger passwords, you end up writing them down — which defeats the purpose.”
Recognize Your Willingness To Give Up Your Privacy -
July 9, 2014
Carnegie Mellon CyLab researcher Alessandro Acquisti showed how simple it is to identify people from scratch because they leave a data trail in cyber space—and this includes photos. This shows how easy it is for criminals to use Facebook to steal a person’s identity.
Online Security Is a Total Pain, But That May Soon Change -
June 30, 2014
Do we really have to sacrifice convenience for security? Is it that security software designers don’t think hard enough about making things easy to use—or is security just inherently a pain? It’s a bit of both, says Lorrie Cranor, director of Carnegie Mellon’s CyLab Usable Privacy and Security Laboratory. “There isn’t a magic bullet for how to make security usable,” she says. “It’s very much an open research project.”
People will happily run malware if paid ONE CENT – new study -
June 18, 2014
Security white hats, despair: users will run dodgy executables if they are paid as little as one cent. The demoralising findings come from a study lead by Nicolas Christin, research professor at Carnegie Mellon University's CyLab which baited users with a benign Windows executable sold to users under the guise of contributing to a (fictitious) study.
U.S. Contractors Scale Up Search for Heartbleed-Like Flaws -
May 2, 2014
Its product - called Mayhem - has been used to analyze more than 37,000 off-the-shelf software programs and found 14,000 bugs in them, including 152 for which the company has developed exploits, said David Brumley, an assistant professor and researcher at Carnegie Mellon CyLab who is leading the work.
IT security is heating up. Are universities prepared for it? -
March 26, 2014
Though academic institutions generally move like molasses compared to more nimble, digital startups, Carnegie Mellon University is one that got a head start, hiring cybersecurity faculty before the Sept. 11, 2001 terrorist attacks and launching its CyLab in 2003.
Worried about the government? Internet giants also dip their hands in the cookie jar -
March 21, 2014
"There's few restrictions legally on what big companies are allowed to do with your personal data," said Lorrie Cranor, director of CyLab Usable Privacy and Security lab. "What you purchase, which websites you browse ... there's no law legally saying you can't look at that."
Consumers pay high-tech price in privacy for perks -
March 1, 2014
Shoppers cannot do much to keep companies from tracking their purchases online, said Lorrie Cranor, a Carnegie Mellon CyLab researcher who studies privacy issues. "They have to protect your credit card number, obviously, but the fact that you bought this particular item is for the most part not a protected piece of information," she said.
Mt. Gox collapse spurs calls to regulate Bitcoin -
February 28, 2014
"At best, it was very, very poorly managed," said Nicolas Christin, a security researcher at Carnegie Mellon University. "That doesn’t mean that the entire monetary system needs to be thrown out."
DARPA Helps Cadets, Midshipmen Prep for Cyber Mission -
February 14, 2014
Two world-class experts helped to train the teams: David Brumley, technical director of CyLab, Carnegie Mellon University’s campuswide collaborative cybersecurity organization in Pittsburgh, and Dan Guido, CEO at Trail of Bits engineering and hacker in residence at New York University Polytechnic School of Engineering.
Serious wave of cybercrime ahead, experts warn -
February 11, 2014
According to Carnegie Mellon CyLab researcher Nicolas Christin, nearly two dozen companies have experienced data hacks similar to the Target breach this year and many more will suffer a similar fate in the coming months. “You’re going to see more and more people trying this,” Christin told the Wall Street Journal.
Hackers likely hit Target 'lottery' through Sharpsburg firm's remote link -
February 7, 2014
“Really, what attackers are doing is a game of numbers,” said David Brumley, a computer security researcher at Carnegie Mellon CyLab who teaches students to probe companies for security risks. “If they compromise enough individual computers ... one of those will have access to their target computer.”
Why NSA Snooping is About a Lot More Than Just Our Privacy -
January 31, 2014
Carnegie Mellon CyLab researcher Alessandro Acquisti in his TED talk tells us why privacy matters in a world in which it is vanishing. "Privacy is not about having something negative to hide," he says.
Drone Swarms Could Be Lifesaver in Disasters -
January 25, 2014
A crew of ten rotors would move and think one, as if a single robot was “chopped into pieces with a knife,” said Pei Zhang, researcher at Carnegie Mellon CyLab. Technology being developed at Zhang's lab will allow tens of robots to explore different parts of a new environment and make sense of the information they each collect.
College students combat hackers -
January 19, 2014
Carnegie Mellon CyLab researcher David Brumley says, "You have to understand and be able to anticipate how attackers are going to come at you. 'Cause if you're only doing defense, if you don't look at offense at all, you're always reacting and you're always one step behind."
Information On Social Media May Lead to Hiring Discrimination -
November 30, 2013
Carnegie Mellon CyLab researcher Alessandro Acquisti said their experiment revolved on the breaking points between the U.S. laws that protect information and add risk to some personal questions on interviews, and new information technologies such as social networking sites that often lead to the same protected information in the computer screens of other people – and that includes recruiters, interviewers, and employers.
Social Media for Job Screening May Lead to Discrimination -
November 26, 2013
Researchers at Carnegie Mellon CyLab used dummy resumes and Facebook profiles -- profiles for people who weren't real -- and they submitted 4000 of them to job openings across the country.
Bosses May Use Social Media to Discriminate Against Job Seekers -
November 20, 2013
The study, a Carnegie Mellon University experiment involving dummy résumés and social-media profiles, found that between 10% and a third of U.S. firms searched social networks for job applicants' information early in the hiring process.
Carnegie Mellon U, University of Pennsylvania Partner To Secure Commercial Tech for DARPA -
November 14, 2013
"For example, vendors or potentially malicious employees can remotely log in with the default backdoor passwords and hackers can break in via vulnerabilities," CyLab Researcher David Brumley added. "We are working to identify the attack surface of the system, and we propose that achieving these goals requires a holistic systems approach."
CMU CyLab Researchers get $3.9 Grant -
November 13, 2013
CyLab researcher David Brumley said researchers are studying how to improve commercial-off-the-shelf technology that remains vulnerable to attack from older vulnerabilities or hidden codes. Brumley and CyLab Director Virgil Gligor, a professor of electrical and computer engineering, will analyze each commercial system, such as wireless routers and printers, and make certain they are malware-free.
CMU CyLab researchers get $3.9M to secure systems -
November 12, 2013
Researchers from Carnegie Mellon University's CyLab and the University of Pennsylvania received a four-year, $3.9 million contract from the Defense Advanced Research Projects Agency to improve the security of commercial technology used by the military.
CMU Facial Recognition Technology Could Be Future For Catching Criminals -
November 12, 2013
But the CyLab Biometrics Center director Mario Savvides showed us something remarkable. They started by taking a picture of KDKA’s David Highfield and adding it to their computer. But at CMU, from a single picture of Highfield looking straight forward, “We are able to show if we can generate a 3-D model of your face from that single 2-D photo,” Savvides said.
Internet expert stresses using parental controls -
November 12, 2013
CyLab researcher Dena Haritos Tsamitis said parents should also be concerned about the types of apps, or programs, kids are downloading and using. Haritos Tsamitis stressed that kids often find ways around controls, which is why talking to them about safety and the lasting effects of items posted online is one of the most important steps parents can take.
Cybercrime's bottom line: $500 billion -
November 8, 2013
A global survey by Carnegie Mellon's CyLab indicates that boards are beginning to respond: 48 percent have a risk committee - separate from the audit committee - to oversee activities around enterprise risks versus 8 percent in 2008. And, 81 percent of those risk committees oversee both privacy and security.
Secret weapon against hacking: College students -
October 26, 2013
"You have to understand and be able to anticipate how attackers are going to come at you. 'Cause if you're only doing defense, if you don't look at offense at all, you're always reacting and you're always one step behind," says David Brumley, researcher at Carnegie Mellon CyLab.
What Chase And Other Banks Won't Tell You About Selling Your Data -
October 17, 2013
Lorrie Faith Cranor, researcher at Carnegie Mellon CyLab, thought it would be interesting to see if banks actually follow the law and see how they compare with each other. With help from her students, she analyzed 3,422 financial institutions. She found that practices vary wildly, with many freely sharing some of our data, and with 27 appearing to violate regulations on sharing information altogether.
CMU researchers tout snoop-proof smartphone app SafeSlinger -
October 7, 2013
"Even the NSA cannot break this, we believe. This is a lot safer than any security system out there," said Adrian Perrig, a researcher at Carnegie Mellon's CyLab and a professor at ETH (Eidgenössische Technische Hochschule) in Zurich, who oversaw the project.
In Internet age, cars, homes more vulnerable to hackers -
October 5, 2013
The technology raises privacy concerns as well. Smart thermostats can “learn” when people are home so they don't waste energy heating or cooling an empty house. In the wrong hands, that information can turn a person's air conditioner into a spy, Anthony Rowe, researcher at Carnegie Mellon CyLab said.
The black market moves to the deep web -
October 3, 2013
Consider This host Antonio Mora discusses online sales of drugs and other illegal goods with Nicolas Christin, an assistant research professor and researcher at Carnegie Mellon CyLab, and Michael Taylor, a computer science professor at University of California, San Diego.
Alessandro Acquisti On The New Facial Recognition Software -
August 3, 2013
“One of the defining fights of our time will be the fight for control over personal information,” Carnegie Mellon CyLab researcher Allesandro Acquisti said during TedGlobal. Are the privacy trade-offs we make online fair or are we getting more than we bargained for? Information at the push of a button seems like a bigger issue in the grand scheme of things.
Lines on the face help pick out the twin who dunnit -
July 19, 2013
Marios Savvides, researcher at Carnegie Mellon CyLab in Pittsburgh, Pennsylvania, believes the key to distinguishing twins is to look at their behaviour, which is reflected in the face. "When you have an expression or smile, that's when your brain comes into play and you exhibit asymmetry," he says.
Those meters that rate password strength work, until they don't -
June 11, 2013
"Passwords are not going to disappear overnight, or in the next 10 years or 20 years," said Lujo Bauer, researcher at Carnegie Mellon CyLab. Bauer and colleagues at Carnegie Mellon conducted the study with 2,931 subjects who created passwords on sites using one of 14 types of meters with different displays and criteria for determining strength.
Limiting Risks Found in the Cloud -
June 10, 2013
"We're hoping that the cloud service providers understand insider threat," Carnegie Mellon CyLab researcher Dawn Cappelli says. "We have recommendations that we provide for organizations for what they should do to protect themselves against rogue administrators and to protect themselves against theft of intellectual property. Our hope is that cloud service providers understand that as well."
“Hallucinating” a face, new software could have ID’d Boston bomber -
May 29, 2013
Dr. Marios Savvides, the director of the CyLab Biometrics Center, said that the new technology could generate results much more detailed than those made by traditional image enhancement approaches. "The traditional methods yield about a 2 times to 4 times improvement" in the resolution of a facial image, he said. "This method gets us 16 times the resolution."
Facial recognition technology moving toward identifying almost anyone -
May 20, 2013
But when the FBI released blurry, off-angle images of the two suspects in the Boston Marathon bombings, researchers with Carnegie Mellon University's CyLab Biometrics Center began trying to bring them into focus. Marios Savvides, director of the CMU CyLab Biometrics Center, told the Tribune-Review. “It's not exactly him, but it's also not a random face. It does fit him.”
"Big Brother" is big business? -
May 16, 2013
Professor Alessandro Acquisti of Carnegie Mellon CyLab, says smart-phones will make "facial searches" as common as Google searches in the future. "One of the participants, before doing the experiment, told us, 'You're not going to find me because I'm very careful about my photos online.' And we found him," says Acquisti, "Because someone else had uploaded a photo of him."
Study: 45 percent of Bitcoin exchanges end up closing -
April 26, 2013
The study said: "Exchanges handling 275 Bitcoins' worth of transactions each day have a 20 percent chance of being breached, compared to a 70 percent chance for exchanges processing daily transactions worth 5570 Bitcoins." Tyler Moore and Carnegie Mellon CyLab reseacher Nicholas Christin estimate that the median lifespan of any Bitcoin exchange is 381 days, with a 29.9 percent chance that a new exchange will close within a year of opening.
High-volume Bitcoin exchanges less likely to fail, but more likely breached, says study -
April 24, 2013
The study analyzed 40 exchanges that buy and sell the virtual Bitcoin to identify factors that trigger or stave off closure, said the study's authors, computer scientists Tyler Moore, in the Lyle School of Engineering, Southern Methodist University, Dallas, and Nicolas Christin, with the Information Networking Institute and Carnegie Mellon CyLab at Carnegie Mellon University. "The risk of losing funds stored at exchanges is real but uncertain," write Moore and Christin.
Identity Theft: It's Not Just for Grownups! -
April 23, 2013
Imagine finding out that your eight-year-old has a house in foreclosure thousands of miles away. How about getting collection calls because your young teen is several payments behind on a car loan? These are not far-fetched scenarios. According to a study conducted by Carnegie Mellon CyLab, over 10 percent of the children studied reported that someone had used their Social Security number fraudulently.
Researchers create digital database of poisonous plants -
April 15, 2013
The two researchers combined forces, figuring the facial recognition software Carnegie Mellon CyLab researcher Marios Savvides and his team developed could be used to identify plants, too. "That's the most awesome feeling," Mr. Savvides said. "I believe the true home runs left are cross-disciplinary research, that's when we fill in the technology gaps."
The Bitcoin Gamble: Is Now the Time to Invest? -
April 11, 2013
Bitcoins also represent a new concept and technology, so "essentially no regulation exists," says Nicolas Christin, CyLab researcher and associate director of the Information Networking Institute at Carnegie Mellon University who has studied bitcoins since 2011. Bitcoin helps consumers maintain privacy in online payments because it uses cryptography to authenticate the transaction and can’t be reversed. "It’s much better than credit card payments or wires," Christin says.
IEEE Honors Five with Technical Achievement Awards -
April 3, 2013
The IEEE Computer Society is honoring five prominent technologists for their contributions with 2013 Technical Achievement Awards. This year's award winners include Virgil D. Gligor, a Carnegie Mellon University electrical and computing engineering professor and co-director of the University's CyLab. He is the recipient of the NIST and NSA's National Information Security Award, and ACM's Outstanding Innovation Award.
When it comes to privacy, we’re all just a little bit nuts -
April 1, 2013
Much of Carnegie Mellon CyLab researcher Allesandro Acquisti’s work charts the often irrational trade-offs we make each day, whether it’s giving up personal information for the price of a cup of coffee or admitting to cheating on tests. It turns out students are less likely to be honest about their cheatin' arts if they know their teachers might see the results, even if they know their identities will not be revealed. But they are less careful about it if they are distracted by something else at the moment the question is asked.
Everyone Will Have to Decide For Themselves -
April 1, 2013
We don’t always act in our own best interest, Carnegie Mellon CyLab researcher Allesandro Acquisti suggests. We can be easily manipulated by how we are asked for information. Even something as simple as a playfully designed site can nudge us to reveal more of ourselves than a serious-looking one.
Letting Down Our Guard With Web Privacy -
March 30, 2013
Carnegie Mellon CyLab researcher Alessandro Acquisti asked himself a question that would become the guiding force of his career: Do Americans value their privacy? "What worries me," he said, "is that transparency and control are empty words that are used to push responsibility to the user for problems that are being created by others."
CSID Study on Child Identity Theft Finds Disconnect in Parent's Awareness and Action -
March 27, 2013
According to a recent report from Carnegie Mellon's CyLab, the rate of identity theft is 51 times higher for children than for adults. Identity thieves steal children's social security numbers to secure loans and credit, which can go unnoticed for years, causing headaches and hardships for families and huge losses for businesses.
Carnegie Mellon, spy agency seek high school hackers for next generation of US security -
March 22, 2013
"The government has a huge number of concerns," Carnegie Mellon CyLab researcher David Brumley said. "Computer security isn't growing fast enough to keep up with all the threats. If you call any business, they're going to say we can't hire enough security people."
CERT: Insider Threats Can Have Costly Security Consequences -
February 28, 2013
In a presentation Thursday at RSA Conference 2013, Dawn Cappelli, technical manager of the CERT Insider Threat Center at Carnegie Mellon University, described several cases in which current and former employees sabotaged companies by planting malware, stole confidential corporate data or colluded with outsiders to commit fraud. The center has tracked 800 insider threat cases since 2001. In cases involving theft of intellectual property such as business plans or source code, the culprit is often the person who worked on the project, Cappelli said.
Cyberspace offers new frontier to exploit weaknesses, initiate attacks -
February 9, 2013
Future strikes, top military experts warn, could be destructive — even deadly — targeting nuclear power plants, public water systems, railways, air traffic control and hospitals. "People have realized that cyberspace — just like land, air and sea — is another domain that they need to defend, control and protect," said David Brumley, a computer security researcher at Carnegie Mellon CyLab. "Cyber attacks are part of a covert war right now."
Electronic devices and services monitor us 24/7, but there are few ways to block them -
January 29, 2013
"I think most people don't even realize the extent to which they're being tracked," said Lorrie Cranor, director of Carnegie Mellon University's CyLab for Usable Privacy and Security. A flashlight app shouldn't need anything, it's just a flashlight. But you can check your permissions to see if there's any indication the flashlight is doing more than what you see on your phone," said Ms. Cranor.
Carnegie Mellon University's David Brumley Receives New Prestigious Faculty Appointment -
January 26, 2013
Carnegie Mellon CyLab's David Brumley has been appointed the Gerard G. Elia Career Development professor in the Department of Electrical and Computer Engineering (ECE). Brumley's research focuses on the techniques, principles and algorithms for finding flaws in software that hackers use to break into systems. "My goal is to make computer software and systems safe," Brumley said. "Attackers only need to find a single flaw to break into a system. Defenders have the much harder job of plugging all holes."
A shock in the dark: Flashlight app tracks your location -
January 16, 2013
"There's no sensible reason why a flashlight app would need your location," Carnegie Mellon CyLab researcher Jason Hong said. "That was the biggest surprise to people -- 95 percent were surprised it used location data." Of the top 100 Android apps, 56 collected location information, device identifiers and/or contact lists, according to the university’s research. Users, however, often had no idea such data was being collected or how it might be used.
While the cyber war tail wags the national security dog, software security offers a different path to cyber peace -
January 10, 2013
Carnegie Mellon CyLab Distinguished Fellow Richard Power remarks, "It is impossible to sufficiently mitigate the impact of a nuclear attack, but it is possible to mitigate the impact of a cyber attack, IF you are investing in the things you should be investing in anyway, to deal with the other issues."
Smartphone snoops? How your phone data is being shared -
December 26, 2012
Jason Hong, a mobile privacy researcher at Carnegie Mellon CyLab told CBS News' Sharyl Attkisson, "We looked at the top 100 apps and it turns out about half of them had some kind of privacy concerns, in that they were collecting or using some kind of sensitive information. Once the data is outside of your smartphone, it's really hard to know exactly what's going on with the data."
Privacy engineers could hold the key -
December 15, 2012
CyLab Researcher Lorrie Cranor describes, "A privacy engineer is someone who understands the engineering and the privacy sides and works out strategies that allows people to protect privacy without getting in the way of building cool things."
Increasing Control Over Release of Information Leads People To Divulge More Online, Carnegie Mellon Researchers Find -
November 26, 2012
"We found there was a paradox of control. People who felt more in control of their information took more privacy risks more often," said Allesandro Acquisti, researcher at Carnegie Mellon CyLab. "They felt more empowered and more in control of their personal information. But once the information is online, users can't control what people do with it."
QRishing Study: Curiosity Is the Largest Motivating Factor for Scanning QR Codes -
November 8, 2012
Researchers from the Carnegie Mellon University’s CyLab have released the results of a study – "QRishing: The Susceptibility of Smartphone Users to QR Code Phishing Attacks" – which focuses on phishing attacks that rely on QR (Quick Response) codes. "The ease with which such an attack can be mounted against current smartphones is particularly concerning given the long patching cycle and potential for an attacker to gain elevated privileges on the device," the researchers said.
Your apps may be spying on you -
November 4, 2012
When Jason Hong, a researcher at Carnegie Mellon CyLab, surveyed 40 users, all but two were unaware that the game was storing their locations so that they could later be the targets of ads. "When I am giving a talk about this, some people will pull out their smartphones while I am still speaking and erase the game," Hong, an expert in mobile application privacy, said during an interview. "Generally, most people are simply unaware of what is going on."
Why it's so hard to catch online predators -
October 17, 2012
"You can use a proxy machine, meaning instead of connecting directly from my computer, I connect to another computer and from there I make those posts," says CyLab researcher Nicolas Christin, who notes that it's "relatively easy to anonymize" your traffic on the internet. People could also use something like the Tor network, free online software that Christin says is fairly easy to download and is "essentially a peer-to-peer network that is not used for file sharing. It's a peer-to-peer network that is used to anonymize data over the internet."
New Master's for Privacy Engineers -
October 16, 2012
"Privacy breaches, whether through poor design or as the result of attacks, have become a staple of the daily news," said Norman Sadeh, CyLab researcher and co-director of the MSIT-Privacy program. "Leaders in social media, tech and Internet companies, financial service firms and government agencies all tell us that they see an increasing need for privacy engineers who can help them design and maintain systems that protect people's identities and personal information," Sadeh added.
Where everybody is -
August 25, 2012
The day is coming when businesses and others will have those kinds of capabilities, said Alessandro Acquisti, a researcher at Carnegie Mellon CyLab who studies the positive and negative implications of facial recognition technology. “Your phone — or in some years, your glasses, and in a few more, your contact lenses — will tell you the name of that person at the party whose name you always forget,” Acquisti said. “Or it will tell the stalker in the bar the address where you live.”
Study estimates $2 million a month in Bitcoin drug sales -
August 7, 2012
Silk Road buyers are required to provide feedback on their purchases, and these reports are publicly available. This gave Carnegie Mellon CyLab researcher Nicolas Christin a handy way to track the volume of activity on the site. He reports that the volume of transactions on the site increased "from approximately 8,000 BTC/day to approximately 15,000 BTC/day, before seemingly retreating down to 11,000 BTC/day. The latter decrease is, however, an artifact of the Bitcoin sharply appreciating against all major currencies, rather than an indication of a drop in sales."
Black Market Drug Site 'Silk Road' Booming: $22 Million In Annual Sales -
August 6, 2012
Carnegie Mellon CyLab researcher Nicholas Christin cautions that his study only looks at a six month period of Silk Road’s sales, and that a big part of the site’s measured success comes from appreciation in the highly volatile Bitcoin currency Silk Road trades in, which has itself increased close to 70% in value over the course of Christin’s study. But even accounting for changes in that crypto currency, the site’s numbers point to very real growth. “It’s very bursty and spikey, but overall the numbers are moving up,” says Christin. “It’s a stable marketplace, and overall it’s growing steadily.”
What's real and what's not in web security -
July 2, 2012
This is the third in a series of interviews with C-level executives responsible for cyber security and privacy in business and government, who also happen to be thought leaders. (Remember, as Carnegie Mellon CyLab Distinguished Fellow Richard Power mentioned previously, "C-level executive" and "thought leader" are not synonyms.) In this issue, Power discuss a range of issues related to the hard work of web security with Jeremiah Grossman, founder and Chief Technology Officer of WhiteHat Security.
A Robot Takes Stock -
June 29, 2012
Andyvision, as it's called, scans the shelves to generate a real-time interactive map of the store, which customers can browse via an in-store screen. At the same time, the robot performs a detailed inventory check, identifying each item on the shelves, and alerting employees if stock is low or if an item has been misplaced. None of the technologies it uses are new in themselves, says Carnegie Mellon CyLab researcher Priya Narasimhan. It's the combination of different types of algorithms running on a low-power system that makes the system unique.
Admen Spot an Enemy: W3C -
June 19, 2012
One of the biggest sticking points: what even counts as "tracking." The result is a conflict that is pushing the standards body well beyond the nuts and bolts of the Web into hot-button economic and policy issues. "With Do Not Track, the technology issues are the least [of the] concerns," says Lorrie Cranor, a researcher at Carnegie Mellon CyLab who studies privacy technology. "It's about policy."
Facebooked in the Crowd -
June 19, 2012
People who didn’t have any public Facebook photos were mostly immune to identification, says Alessandro Acquisti, Carnegie Mellon CyLab researcher and the study’s lead author (though at least one subject found that he had been tagged publicly in a friend’s photo without his knowledge.) But facial-recognition software is improving rapidly. And software like Face.com’s gets better and learns more every time someone uses the tagging suggestions and clicks “yes” or “no” to indicate whether they were correct. “They’re being smart in a way, or some could say very subtle, in enlisting users as a means of improving the accuracy of their identification,” Acquisti told me.
Few Privacy Regulations Inhibit Facebook -
June 13, 2012
Given how rapidly Facebook has reeled in new users, it seems people are not very concerned about protecting their privacy on the site. But they should be, says Alessandro Acquisti, a researcher at Carnegie Mellon CyLab. He worries about not only what Facebook can do with personal information now, but what could be inferred from such data a few years down the road. For instance, in 2009 he showed that Social Security numbers can be guessed using public data, some of it from social networks.
The Antivirus Era Is Over -
June 11, 2012
Nicolas Christin, of Carnegie Mellon CyLab, who has recently been investigating the economic motivations and business models of cyber attackers, says that makes sense. "The human costs of these sophisticated attacks are the one of the largest," he says. Foiling an attack is no longer a matter of neutralizing a chunk of code from a lone genius, but of defeating skilled groups of people. "You need experts in their field that can also collaborate with others, and they are rare," says Christin. Defense software that can close off the most common tactics makes it even harder for attackers, he says.
A Dollar For Your Data -
June 8, 2012
Individuals struggle to put a value on their data. And within today's market structure, the value can vary dramatically depending on how it's measured, but often information is exchanged for mere pennies, says Alessandro Acquisti, researcher at Carnegie Mellon CyLab. "I would like these services to succeed," Acquisti says. "At least they provide some more transparency. But I fear they may not."
Over-55s pick passwords twice as secure as teenagers' -
June 1, 2012
"This is one of the rare studies based on a large set of passwords that are actively used and have been obtained legitimately," says Lujo Bauer, who studies passwords at Carnegie Mellon CyLab in Pittsburgh, Pennsylvania. Most other studies are based on leaked databases that may be incomplete.
Facial detection cameras ready to creep out San Francisco bar patrons -
May 18, 2012
"These apps are bridgeheads, or perhaps trojan horses, for more powerful (and probably more intrusive) services to come," wrote Carnegie Mellon CyLab researcher Allesandro Acquisti, in an e-mail sent to Ars on Thursday. "What we don't see are the long term risks, that more and more information gathered and analyzed about us will allow others to influence and control us. Perhaps that sense of creepiness many feel when they hear about certain identification technologies is nature's way of telling us that something, down the line, may not be right."
CMU professor tells Congress Social Security IT should embrace the cloud -
May 10, 2012
"In the 30 years since many of the existing (Social Security Administration) systems were first stood up, storage capacities, network bandwidth, processing power, and the cost of these things have all improved by between 4 and 6 orders of magnitude," Carnegie Mellon CyLab researcher William Scherlis said in written testimony. "That’s a factor of a million. If skyscrapers increased in height by that factor, they would scrape the moon."
The Post-Cash, Post-Credit-Card Economy -
April 28, 2012
Alessandro Acquisti, a researcher at Carnegie Mellon CyLab smiled. If today all you need to do is enter your phone number and PIN when you visit a store, perhaps tomorrow, he said, that store will be able to detect your phone by its unique identifier as soon as you enter. Perhaps in the not-too-distant future, he went on, you won’t have to shop at all. Your vast piles of shopping data would be instead collected, analyzed and used to tell you exactly what you need: a new motorcycle from Ducati, perhaps, or purple rain boots in the next size for your growing child. Money will be seamlessly taken from your account. A delivery will arrive at your doorstep.
Big Mac Attack: Apple Security Bruised after OS X Infections -
April 25, 2012
"In the computer community we've been saying for five, six, seven years that Mac is not more immune to computer viruses than Windows PCs or even Linux boxes, " says Nicolas Christin, researcher at Carnegie Mellon CyLab. "The only reason Macs were not massively targeted is that they didn't have enough of a market share to make them interesting for a hacker to devote resources to try to compromise those machines. Now that they've acquired a fairly sizeable market share, it makes sense that the bad guys would focus some attention on the Mac platform."
To Read All Those Web Privacy Policies, Just Take A Month Off Work -
April 19, 2012
"If people were to actually stop and read all of them for every website that they visited, they could spend on the order of 200 to 250 hours a year — about a month of time at work each year that you could spend reading privacy policies," says CyLab researcher Lorrie Cranor. "It's insane."
How to meet the challenges of 21st century security and privacy -
April 18, 2012
CyLab Distinguished Fellow Richard Power asks, "Social media has evolved at a mind-boggling pace, and it has already had a profound impact on politics, geopolitics, culture, media, etc. and this profound impact is on a global scale. For me, Facebook and Twitter are proven to be fascinating laboratories. With social media, the personal and the professional are increasingly entwined, and this entwining has presented us all with unprecedented challenges and opportunities personally and professionally. What are the essential elements of a practical, effective social media policy for major corporations?"
Using Foursquare Data to Redefine a Neighborhood -
April 18, 2012
Norman Sadeh, a researcher at Carnegie Mellon CyLab who is working on Livehoods, says social media can help define an urban space's characteristics because it "really speaks at such a finer level than the data people have been relying on in the past," such as census data.
Using Crowdsourcing to Protect Your Privacy -
April 3, 2012
"The basic idea here is: How do you help people who are not experts in network and computer security understand what an app is doing?" says Jason Hong, a CMU CyLab computer scientist who is one of the leaders of the project. "You are outsourcing people to read privacy settings and tell you what is interesting about it."
Just How Much Is Your Privacy Worth? -
March 21, 2012
"What people say in surveys is that they care about privacy, but what they actually do is spend their time constantly updating their status on Facebook," says Alessandro Acquisti, researcher at Carnegie Mellon CyLab. "This has led some to conclude that people no longer care about privacy. This new data, along with similar work we have done in the U.S., shows this is not the case, and that the desire for privacy is not dead after all."
The Soul of the New Hacktivist -
March 17, 2012
Anonymous rewrote the hacktivist playbook. It began to challenge a far broader political and economic order. "This really is cyberwar, and I don’t use that term in a sensational way," said Richard Power, Distinguished Fellow at Carnegie Mellon CyLab, who chronicled the cybercrime of the 1990s in his book "Tangled Web." "You’re looking at not just one particular cause. You’re attacking the whole power structure. It involves some core critique."
CyLab Intros SafeSlinger Mobile Security App -
March 12, 2012
"With SafeSlinger, users can gain control over their exchanged information through end-to-end encryption, preventing intermediate servers or service providers from reading their messages or other sensitive stored data in their smartphones," said Adrian Perrig, technical director of Carnegie Mellon CyLab and a professor of electrical and computer engineering at CMU.
Carnegie Mellon CyLab Researchers Develop New Smartphone App To Protect Consumers From Cybercriminals And Unsafe Communications -
March 12, 2012
"SafeSlinger provides you with the confidence that the person you are communicating with is actually the person they have represented themselves to be," CyLab Research Programmer Michael Farb said. "Perhaps the most impressive feature is that SafeSlinger provides secure communications and file transfer even if the servers involved are tainted with malware."
The Perilous Path to a New Privacy -
February 27, 2012
CyLab Distinguished Fellow, Richard Power, explains, "Thanks to the weakness of operating system, network and application software security design, and the band-aid nature of most security solutions, our privacy is a like a big fat carp in a barrel for organized cyber criminals. In the 20th century there was an expectation of privacy, privacy was something to be defended, protected, but in the 21st century privacy is something to be created by will and cunning and with ongoing personal effort.)"
Microsoft: Google violates our users' privacy too -
February 21, 2012
A a result, many sites -- including Facebook -- have been exploiting a P3P loophole to get around the privacy settings. A September 2010 paper published by four Carnegie Mellon CyLab researchers found that roughly half of the 33,000 websites they reviewed deliberately tricked Internet Explorer into allowing cookies that would otherwise be blocked.
Google, Facebook bypass IE privacy settings; researchers say Microsoft knew since 2010 -
February 21, 2012
Lorrie Faith Cranor, Director of Carnegie Mellon University's CyLab "Usable Privacy and Security Laboratory" told ZDNet that Microsoft was alerted to this "potential P3P-centric privacy breach in 2010. Here's a paper she and some of her students wrote about it. She also did a blog post on February 18 on the Microsoft-sponsored Technology/Academics/Policy site noting not just Google, but Facebook, also can track IE users via the same P3P loophole."
Professor Patrick Tague Receives NSF CAREER Award -
February 2, 2012
CyLab reseacher Patrick Tague offers, "For me, the CAREER award provides funding for a PhD student for 5 years to work on the project. The project duration is possibly the most important aspect of the award, as it provides the resources to take a very deep dive into the project instead of just scratching the surface. It's an honor to receive the award and to be recognized by NSF and my peers in the community."
Could Google's data hoarding be good for you? -
January 26, 2012
"At the moment in the US, there are almost no protections," says Lorrie Cranor, researcher at Carnegie Mellon CyLab. "It would be good to have some baselines established - certain types of data uses that can't be done. To really make it illegal for companies to go and sell this info to your employer or your insurance company, for instance."
How to Beat Facial-Recognition Software -
January 26, 2012
"The more researchers come up with techniques to hide or mask faces to avoid computer face recognition, the more other researchers will come up with techniques able to bypass those protections," CyLab researcher Alessandro Acquisti said. "The conditions under which a human face will not be recognizable by a computer will be the conditions under which also humans cannot recognize each other."
5 Questions, Answers About The Megaupload Case -
January 20, 2012
"What is interesting is that the Justice Department used the fact that Megaupload had servers in the U.S. to go after them," said Carnegie Mellon CyLab researcher Nicolas Christin. "I think they wanted to make a statement that if you violate copyright laws and do any sort of business in the United States, we can go after you."
In the future, can you remain anonymous? -
January 13, 2012
"To match two photos of people in the United States in real time would take four hours," said Alessandro Acquisti, professor and researcher at Carnegie Mellon CyLab. "That's too long to do in real time. But assuming a steady improvement in cloud computing time, we can soon get much closer to that reality than many of us believed."
Facial recognition technology creates privacy headaches for agencies -
January 5, 2012
While law enforcement agencies experiment with matching images of unknown persons with photos posted on the Internet, the Federal Trade Commission held a December workshop to discuss privacy ramifications. Carnegie Mellon CyLab researcher Alessandro Acquisti demonstrated how to identify strangers using webcams, off-the-shelf facial recognition software and data from social networks.
Consumers turn to do-not-track software to maintain privacy -
December 29, 2011
A study titled "Why Johnny Can't Opt Out," published last month by Carnegie Mellon University's CyLab, found serious usability flaws in nine top anti-tracking systems. "Our research found that these tools are difficult for consumers to use properly," says CyLab researcher Lorrie Faith Cranor.
Face Recognition Makes the Leap From Sci-Fi -
November 13, 2011
“It’s a future where anonymity can no longer be taken for granted — even when we are in a public space surrounded by strangers,” says Alessandro Acquisti, a researcher at Carnegie Mellon CyLab who directed the studies. If his team could so easily “infer sensitive personal information,” he says, marketers could someday use more invasive techniques to identify random people on the street along with, say, their credit scores.
Online Privacy Tools Don't Work Well, CMU Researchers Find -
November 8, 2011
The online tools were challenging to understand and configure. As a result users were "unable to make meaningful choices," researchers found. Users struggled to install and manage blocking lists and often thought just having the tools was enough to block online behavioral advertising, not realizing they were disabled by default and had to be configured first, the report said. A participant spent 47 minutes going through all the opt-out instructions for one tool, which were available only in Japanese, said Lorrie Cranor, researcher at Carnegie Mellon CyLab.
If you tried to opt out of online tracking, it probably didn't work -
November 1, 2011
CyLab researcher Lorrie Cranor says one of the reasons this is so hard is that there's no common standard among the companies. "One way to do it would be to have a common standard and there are some efforts to create such a thing. The other approach is to have a tool that's constantly updating itself to find every tracker out there and adding to the block list. Some of those tools are good, but they block the desirable content. If you want to play some games like Farmville, depending on how you had this thing set up, it might prevent you from doing that."
The Future of Riots -
November 1, 2011
"Your face is a veritable conduit between the off-line and online worlds, and you can't change it," says Alessandro Acquisti, a researcher at Carnegie Mellon CyLab, in Pittsburgh. In research presented just prior to the London riots, Acquisti's team used a combination of off-the-shelf face recognition software, cloud computing, and data publicly available from social networks to uncover information about people just from their photographs.
Guard against Social Security child identity theft -
October 21, 2011
According to Carnegie Mellon Cylab, "one reason that minor Social Security numbers are so valuable is that there is currently no process or organization, like an employee or creditor, to check what name and birth date is officially attached to that Social Security number. As long as an identity thief has a Social Security number with a clean history, the thief can attach any name and date of birth to it."
Bono Mack: Industry Not Doing Enough to Protect Consumers Online -
October 13, 2011
In fact, one witness at the hearing, put the problem with 30-page, small type privacy policies into perspective. Alessandro Acquisti, researcher at Carnegie Mellon CyLab, said that the opportunity cost of everyone actually reading all those policies would be about two-thirds of a trillion dollars.
Stanford Researcher Finds Lots of Leaky Web Sites -
October 11, 2011
Meanwhile, a Carnegie Mellon CyLab researcher named Alessandro Acquisti has taken photographs of random strangers on a college campus and used facial recognition technology to “re-identify” roughly a third of them from a rich trove of publicly available photographs on Facebook. Even more remarkably, so much personal data now lies scattered online that he was able to glean their Social Security numbers in about a fourth of the cases.
As Kids Go Online, Identity Theft Claims More Victims -
October 10, 2011
A recent study based on identity scans of over 40,000 children in the U.S. conducted by Richard Power, Distinguished Fellow at Carnegie Mellon CyLab, found 10.2 percent of the children in the report had someone else using their Social Security number. That figure is 51 times higher than the 0.2 percent rate for adults in the same population.
Here comes anyware -
October 8, 2011
They will also need to monitor closely the impact that new kinds of devices have on individual privacy. Concerns have already been raised about smartphones’ location-tracking capabilities, which can reveal users’ whereabouts if data are not properly protected. Wearable devices that track people’s vital signs are also going to be collecting mountains of extremely sensitive information. “We are all part of a brave new experiment in privacy whose outcome is unclear,” says Alessandro Acquisti, a researcher at Carnegie Mellon CyLab.
Internet routing - Safe passage -
October 3, 2011
The CMU researchers' proposal is known as SCION (which expands, rather ponderously, to Scalability, Control and Isolation on Next-generation Networks). "Even if you make a mistake in SCION, you won't mess up other peoples' traffic," assures CyLab researcher Dr. Adrian Perrig.
Internet Authentication's Wild Ride -
October 3, 2011
O'Brien is among many security experts who believe the answer is in crowdsourced trust as laid out by initiatives such as the Carnegie Mellon University Cylab Perspectives project and Moxie Marlinspike's Convergence system. These solutions depend on a list of "notaries" that a user could choose to use to authenticate a website rather than one centralized CA.
Cloud-Powered Facial Recognition Is Terrifying -
September 29, 2011
The research team at Carnegie Mellon understand the potential problems posed by this convergence of facial recognition technology and the vast Web of publicly available information. CyLab researcher Alessandro Acquisti told Steve Hann at Marketwatch after a demonstration that the prospect of selling his new app or making it available to the public "horrifies him." And while there are certainly limits to what software like PittPatt can distill from the cloud, the closing gap between life offline and life in the cloud is becoming more observable with each progressive breakthrough.
Will advanced biometrics automate future war machines? -
September 28, 2011
The camera-based system, which can work at about 12 meters, is supposed to be able to automatically pan and tilt to capture iris scans throughout a crowd. Dr. Marios Savvides, director of Carnegie-Mellon University's CyLab Biometrics Center, said the gear should properly be mounted on a military vehicle, such as a tank, and used to scan a crowd remotely at a checkpoint. The long-range iris-recognition equipment Carnegie-Mellon University has put together include a "soft biometrics" for identifying individuals based on gender, ethnicity and age, too, plus whether they have a moustache or wear glasses. "We're looking at people trying to evade the system," said Savvides. "We have a beard category."
Facial recognition marks the end of anonymity -
September 26, 2011
CyLab researchers Ralph Gross and Alessandro Acquisti say the software brings us one step closer to both being able to confirm the identify of a familiar face on the street, as we as it being easier for criminals to access your private accounts. Marios Savvides, director of the CyLab Biometrics Lab, demonstrates a wearable facial recognition device and considers, "what next-generation law enforcement may look like."
Facial Recognition: Facebook Photo Matching Just the Start -
September 22, 2011
"The bigger picture here was to show that we're getting closer to a world where online and offline data blend seamlessly, where you can start with an anonymous face in the street and you can end up identifying something extremely sensitive about the person by combining these different technologies," says the leader of the team, Carnegie Mellon CyLab researcher Alessandro Acquisti.
Why It’s Not Easy to Freeze Your Child’s Credit File -
September 21, 2011
A report this spring from CyLab, a research center at Carnegie Mellon University, said an analysis of 43,000 children registered with a commercial identity protection service found that 10 percent of them had someone else using their Social Security number. But the statistical significance of the finding in the general population is undetermined, the report said.
New App Can ID Complete Stranger's Facebook and Social Security No. -
September 9, 2011
Alessandro Acquisti, Ph.D, a researcher at Carnegie Mellon CyLab has designed an iPhone app that functions as a front end for PittPatt's facial recognition technology. As mentioned, it can identify strangers Facebook profiles with startling accuracy. And that's not all it can do. It also incorporates searches of public databases that allows it to make a good guess at your social security number. If it knows your date of birth (e.g. if your Facebook profile is public), there's a good chance it can ID your social security number.
9/11's effect on tech -
September 8, 2011
A couple weeks ago at a conference in Las Vegas, a researcher from Carnegie Mellon CyLab named Alessandro Acquisti showed me a neat trick. He takes out his iPhone and boots up a custom-made app. It's designed to take a picture of a person -- any person -- then using a facial recognition program made by PittPatt, the app compares that picture to profile photos published on Facebook. And bingo -- the person's identity is revealed.
Scotland Yard Tightens the Pincers on Anonymous -
September 6, 2011
The attacker used a fake SSL certificate issued by Dutch root certificate authority DigiNotar. "These certificates could be used as part of attacks designed to harvest user Gmail credentials and gain access to sensitive data," Norman Sadeh, cofounder of Wombat Security Technologies and researcher at Carnegie Mellon CyLab, told TechNewsWorld.
Humans Trump Machines in Facial Recognition -
September 2, 2011
Alessandro Acquisti, an researcher at Carnegie Mellon CyLab and co-author of the recent study on IDing people from a database of Facebook photos, said the technology has progressed but has a long way to go. “The observation that face recognizers’ ability to detect and recognize faces is improving is quite undeniable,” Acquisti wrote in an email. “The observation that they still significantly underperform humans at that task, however, is also undeniable.”
How Secure Is Your Cellphone Privacy? -
August 25, 2011
"It's hard enough for security professionals to protect themselves. It's even harder for nonexperts to protect themselves,” said Dr. Adrian Perrig, technical director of Carnegie Mellon CyLab. In addition to voice mail, he said hackers can also record conversations and follow someone’s every move. "Cellphones could take your photograph without you knowing and also take photos of your surroundings,” said Perrig.
Illegal sites snare users on lawful drug sites -
August 12, 2011
By flooding the search results, Carnegie Mellon CyLab researcher Nicolas Christin said, the advertisers are redirecting Web traffic to their sites and targeting those most likely to make a purchase. "They are getting people who are actually searching for those things, so you can imagine they are getting a lot more interested customers," said Mr. Christin, who is associate director of CMU's Information Networking Institute.
Hackers Hijack Websites In Online Pharmacy Scam -
August 12, 2011
"Legitimate health resources are completely crowded out," says Nicolas Christin, a computer scientist at Carnegie Mellon University and researcher at CyLab who discovered that 32 percent of sites that turn up in search results for prescription drugs had been infected with malicious code. "It's very hard to find legitimate pharmacies, or information like what the [Centers for Disease Control and Prevention] would give you. This is drowned out in a sea of rogue results."
Carnegie Mellon's Nicolas Christin tracks illegal online pharmacies -
August 11, 2011
"We have known for some time that unauthorized online pharmacies have been using email spam to tap the wallets of unwary online consumers, but that method did not blanket enough customers so now the online thieves are infecting websites to redirect unwary consumers to hundreds of illegal online pharmacies,'' Carnegie Mellon CyLab researcher Nicolas Christin says.
Carnegie Mellon's Gregory Ganger and Priya Narasimhan To Head Two New Intel Science and Technology Centers -
August 9, 2011
Carnegie Mellon CyLab researchers Gregory Ganger and Priya Narasimhan will head two new Intel Science and Research Centers (ISTC) based at CMU that will focus on cloud and embedded computing. Each center involves multiple universities and will receive $15 million over the next five years. "This will be an excellent platform for open collaboration research into underlying technologies essential to allowing cloud computing to reach the promise of dramatically improving efficiency, ubiquity and productivity for large-scale and user-facing applications across so many critical areas of information technology, from social networks to medicine, science and government," said Ganger.
Face-ID Tools Pose New Risk -
August 1, 2011
Armed with nothing but a snapshot, researchers at Carnegie Mellon CyLab in Pittsburgh successfully identified about one-third of the people they tested, using a powerful facial-recognition technology recently acquired by Google. Prof. Alessandro Acquisti, the study's author, also found that about 27% of the time, using data gleaned from Facebook profiles of the subjects he identified, he could correctly predict the first five digits of their Social Security numbers.
Face recognition and social media meet in the shadows -
August 1, 2011
"As of today, automated face recognition is still pretty bad, but it keeps improving," says Carnegie Mellon CyLab researcher Alessandro Acquisti. "If you look at the technological trends in cloud computing, the accuracy of face recognizers, and online self-disclosures, it is hard not to conclude that what we present today as a proof-of-concept in our study; will tomorrow become as common as everyday text-based searches on a search engine."
Facial recognition software can ID your SSN -
August 1, 2011
"It is possible to identify strangers and gain their personal information — perhaps even their Social Security numbers — by using face recognition software and social media profiles," Carnegie Mellon University said, in announcing the findings of CyLab researcher Alessandro Acquisti and his team.
Anonymous no more -
July 30, 2011
The study's authors, Alessandro Acquisti, Ralph Gross and Fred Stutzman, all at America’s Carnegie Mellon CyLab, ran several experiments that show how three converging technologies are undermining privacy. By mining public sources, including Facebook profiles and government databases, the researchers could identify at least one personal interest of each student and, in a few cases, the first five digits of a social security number.
Electronic pickpocket apps -
July 26, 2011
When the phone came near one of those RFID credit cards, it activated the phones scanning ability and surreptitiously emailed the credit card information to an email account. In the demonstration it went to his own email account. We checked with researcher Patrick Tague of Carnegie Melons Cylab, who verified, that indeed, this kind of theft is quite possible.
Consumers are willing to pay more to protect their privacy online -
July 14, 2011
Lorrie Cranor, researcher at Carnegie Mellon CyLab, explains, "Well, we set it up so that so that people did a search with a search engine that looked very much like a Google search engine, and when they got their search results, we annotated the search results with a privacy meter. So you could see at a glance which sites had high privacy, medium privacy and low privacy."
Online Consumers Willing to Pay Premium for Net Privacy, Study Finds -
July 11, 2011
Online consumers thought to be motivated primarily by savings are, in fact, often willing to pay a premium for purchases from online vendors with clear, protective privacy policies, according to a new study by Janice Y. Tsai, Serge Egelman, Lorrie Cranor, and Alessandro Acquisti of Carnegie Mellon CyLab. "Our study indicates that when privacy information is made more salient and accessible, some consumers are willing to pay a premium to purchase from privacy protective websites," write the authors.
21st Annual Conference Computers, Freedom & Privacy: "The Future is Now" -
June 9, 2011
CFP2011 is at the intersection of policy, technology, and action. The meeting will involve technology and policy experts and activists in forums designed to also engage the public and policymakers in discussions about the information society and the future of technology, innovation, and freedom. Several Carnegie Mellon CyLab faculty and students from are scheduled to participate in this year's CFP Poster Session. The selected submissions will provide one-on-one discussions of topics.
Social media full of perks, pitfalls for politicians -
June 5, 2011
Social media sites offer politicians unfiltered access to constituents, but the medium's immediacy - hit "send," and the message forever becomes available to the world - combined with its attractiveness to hackers paves the way to pitfalls and pratfalls. If a person enters the public eye, "that person's going to be a bigger target," said Nicolas Christin, researcher at Carnegie Mellon CyLab.
Cybersecurity research consortium: New tech on the way -
June 2, 2011
More industrial control systems are becoming connected to the Internet, said Richard Power, director of strategic communications at CyLab at Carnegie Mellon. "Everything's running on off-the-shelf software," he said. The electrical grid's growing connection to the Internet "has moved forward for performance, it's moved forward for convenience. It's moved forward in many different ways, but not in terms of security."
Northrop Grumman and Academia Cite Progress in Tackling Nation's Most Pressing Cybersecurity Threats -
June 1, 2011
"Cybersecurity is vital to economic prosperity, personal privacy and national security; and academic research is vital to the advancement of cybersecurity," said Richard Power, distinguished fellow, director of strategic communications for Carnegie Mellon CyLab. "The Northrop Grumman Cybersecurity Research Consortium provides us with a new research model, emphasizing technology transition."
University projects to secure cyberspace could soon bear fruit -
June 1, 2011
The consortium is an effort to fund research in forward-looking technologies rather than to respond to the latest attacks. “Keeping good guys ahead of the curve is a difficult proposition,” said Richard Power, director of strategic communications for Carnegie Mellon’s CyLab.
New recovery system restores virus-infected computers, could be used by agencies -
June 1, 2011
The so-called intrusion recovery system is one of about a dozen research projects under way at MIT, as well as Purdue and Carnegie Mellon universities, sponsored by the Northrop Grumman Cybersecurity Research Consortium for possible deployment at government agencies. The industry-academia partnership, which was established in late 2009, shared some of its progress with reporters Wednesday.
Protect Your Privacy Online -
May 9, 2011
Not all companies disclose their practices. When companies do, their privacy policies are often long and incomprehensible. And changes are tough to keep up with, says Alessandro Acquisti, professor and researcher at Carnegie Mellon CyLab. "Technology improves so quickly, by the time consumers understand one issue, there's a new one to worry about.
2011 State of Cyberethics, Cybersafety and Cybersecurity Curriculum in the U.S. Survey -
May 4, 2011
"The survey reveals a critical need for new curricula and teacher training that will encourage safe, secure and responsible behavior among school students," said Dena Haritos Tsamitis, director of Carnegie Mellon University's Information Networking Institute, as well as director of education, training and outreach at the university's CyLab. "It's essential to address this need in order to prepare a cybersavvy workforce for our nation's future."
Sony Breach Ignites Phishing Fears -
April 28, 2011
"The correlation of data is very useful," says Nicolas Christin, researcher at Carnegie Mellon CyLab. "You combine the e-mail address with other information, and it's easy for fraudsters to turn that combined information into cash. People also have to realize that privacy online is hard to maintain. Consumers should be very much on the defensive."
When trusted IT pros go bad -
April 19, 2011
An annual survey by CSO magazine, the U.S. Secret Service and CERT, routinely finds that three quarters of companies that are victimized by insiders handle the incidents internally, says Dawn Cappelli, CyLab researcher and technical manager of CERT's Insider Threat Center. "So we know that [what's made public] is only the tip of the iceberg," she says.
My Baby Has A License? -
April 12, 2011
A Distinguished Fellow at Carnegie Mellon CyLab, Richard Power has examined 40,000 identity records provided by Debix a US Identity monitoring company. Mr. Power states "ID thieves are targeting children because their IDs are pure and the crime will likely go undiscovered for many years."
Epsilon Breach: How to Respond -
April 5, 2011
Nicolas Christin, researcher at Carnegie Mellon CyLab, says the breach is a concern because of the massive number of e-mail addresses Epsilon possesses. "What struck me was the magnitude of the breach," he says. "This is a very, very large marketing company that has access to a number of e-mail addresses."
Child identity theft is on the rise -
April 4, 2011
Richard Power, Distinguished Fellow at Carnegie Mellon CyLab who authored the study (PDF), says that social security numbers were the number one point of entry to this kind of theft. Most parents don't go around posting their kids social security numbers on lampposts but might not even think twice about jotting it down on a registration for soccer, where the data might not be so secure.
Identity theft's next frontier: Your kids -
April 1, 2011
The report’s author and CyLab Distinguished Fellow, Richard Power, concluded: "Although the data’s statistical significance is yet to be determined, it is certainly profoundly significant on a practical, human level to the thousands of children and families who have thus been victimized. Furthermore, from my perspective, having tracked the evolution of cyber crime over two decades, it is only common sense to surmise that the problem goes beyond those breached accounts included in this report, and that there are many thousands more children and their families at risk."
Thieves are stealing children's identities -
April 1, 2011
While 1 in 10 children in the database had their identities stolen, only 0.2% of the adults fell victim in the same way, CyLab Distinguished Fellow Richard Power says, and that stark contrast raises questions. "Are child Social Security numbers a hot commodity?" Power writes. "Are cyber criminals and other fraudsters seeking them out? Are child IDs preferable for fraudsters?"
Privacy: Facebook's Achilles heel -
March 28, 2011
If you make your date and state of birth available to the public on Facebook or any other online profile, there's a good chance most or all of your Social Security number can be predicted--especially if you were born after 1988 in a state with a small population. Carnegie Mellon University researchers Alessandro Acquisti and Ralph Gross explained how this is possible in a research paper also published in 2009.
Is It Time For Privacy Nutrition Labels? -
March 23, 2011
“The quantifying is not actually that challenging,” says one of the Carnegie Mellon CyLab researchers, Lorrie Cranor. “The question is, ‘Is the company doing it or not?’ As a consumer, I just want to know, ‘Are you sharing my data or not?’”
Is the Internet Destroying Privacy? -
March 22, 2011
"It may be that social norms just haven’t completely developed yet, but we end up revealing so much more than we likely would have without the Internet, and we reveal it to a much wider range of people," said Lorrie Cranor, director of the CyLab Usable Privacy and Security Laboratory at Carnegie Mellon University.
New concern: The social media divide -
March 16, 2011
"Not having a mobile phone now would dramatically cut you off from professional and personal life opportunities. It's the same story with social networks," Alessandro Acquisti, a researcher at Carnegie Mellon CyLab, said. "The more people use them for socializing and for their professional life, the more costly it becomes for others (who aren't members) to be loyal to their views."
Why should I care about digital privacy? -
March 10, 2011
"On one end is attitude, and on the other is behavior, but in between there are many steps. It's not obvious what you should do to protect your privacy," said Alessandro Acquisti, a researcher at Carnegie Mellon CyLab. "And the more technology savvy among us have this feeling that we're giving it up, but we realize it is close to impossible to protect your personal information, not even if you start living like the Unabomber in a cabin. If you want to function as a normal person in society you have to."
Study: Social media polarizes our privacy concerns -
March 10, 2011
Alessandro Acquisti, a researcher who studies privacy at Carnegie Mellon CyLab, said he's not surprised that battle lines are being drawn around use of social networks. "Once people make a decision, they tend to become even more militant about their decision," he said. The phenomenon is sometimes called confirmation bias, as people tend to see only factors that confirm the "rightness" of earlier decisions. "First I select myself into my group — for or against social networks — then I prove to myself the decision was right."
Anonymous E-Mails Can Be Traced to Authors, Concordia U. Research Shows -
March 10, 2011
David Brumley, a researcher at Carnegie Mellon CyLab, says tracking down the authors of anonymous e-mails is extremely difficult. “If the person is intelligent in what they do and plans it out, it usually leads to a dead end,” he says.
Pradeep Khosla, Dean of Engineering at Carnegie Mellon University, Appointed as Infosys Prize Jury Chair -
March 3, 2011
The Infosys Science Foundation announced the appointment of Professor Pradeep Khosla, Founding Director of CyLab, Dean of the College of Engineering, and the Philip and Marsha Dowd University Professor at Carnegie Mellon University, as the Jury Chair for the Infosys Prize for Engineering and Computer Science.
A few more facts about QR codes -
March 2, 2011
The information is stored in the blocks that the reader changes into bytes, said Jason Hong, researcher at Carnegie Mellon CyLab. “It’s not a lot, it’s just thousands of bytes, but it’s still useful because it can still contain a hyperlink to Web content, or it can be a very short sound file or a small image.” It’s a physical hyperlink, Hong said, that can connect the real world with the digital one.
Q&A: Cyber-espionage -
February 17, 2011
Pradeep Khosla, founding director of Carnegie Mellon CyLab says, "The individual consumer can't do anything, because we rely on technology supplied by big companies and providers. It's a very complicated thing, because half the story is technology, and half the story is policy. And the policy impacts privacy and investments... Something bad has to happen for us to figure this out."
This football will tell you if it's a touchdown -
January 29, 2011
Priya Narasimhan, a researcher at Carnegie Mellon CyLab, and her team of 10 engineering students have developed a "smart football" with a miniature GPS unit and accelerometer, both contained in a half-ounce microchip inside the ball. The chip can measure factors such as ball speed, spin, trajectory and — even when it's buried under a pile of players — the precise location of the football.
Forum targets online privacy -
January 27, 2011
Concerns over unfortunate photos or embarrassing remarks living in cyberspace could lead to a cottage industry of "personal brand management," said CyLab researcher Lorrie Cranor. That was just one concern raised by five Carnegie Mellon University privacy scholars assembled on Wednesday as part of a daylong showcase on data privacy research.
Loss of privacy highlights cost, CMU professor says -
January 27, 2011
"There are two converging trends people need to consider. First, there is more and more self-disclosure online, where we give away little pieces of data, and the other side of that is the ability of data mining to scour those pieces to build a complete profile of your life," CyLab researcher Alessandro Acquisti said. "It's difficult for us as users to predict how those different pieces of data will be used by others."
Passwords Easily Broken If You Don't Get Creative -
January 19, 2011
CyLab researcher Nicolas Christin suggests the best defense for staying safe is to use long passwords, even as long as 16 characters. Whatever you choose, the idea is to make your keystrokes tricky."I try to think of something relevant, such as the character in a book I like, something that I would know is important to me but nothing that somebody else knows," Christin said.
Security fail: When trusted IT people go bad -
January 18, 2011
An annual survey by CSO magazine, the U.S. Secret Service and CERT routinely finds that three quarters of companies that are victimized by insiders handle the matter internally, says Dawn Cappelli, researcher at Carnegie Mellon CyLab and technical manager of CERT's threat and incident management team. "So we know that [what's made public] is only the tip of the iceberg," she says.
Crooks Can Guess Digits in Your Social Security Number, Study Finds -
January 9, 2011
Carnegie Mellon CyLab researchers Alessandro Acquisti and Ralph Gross took advantage of a couple of practices of the Social Security Administration. As they say, "If one can successfully identify all nine digits of a SSN in fewer than 10, 100 or even 1,000 attempts, that Social Security number is no more secure than a three-digit PIN."
Attacking Websites Is Surprisingly Easy Social Protest -
December 13, 2010
Denial-of-service attacks may be a hassle for companies, but Nicolas Christin, CyLab faculty and associate director of the Information Networking Institute, says they pose little danger to the consumers. The infrastructure that houses personal finance information isn't being accessed by attackers -- they're simply flooding the website with "calls."
Rule targets computer privacy -
December 2, 2010
Dr. Lorrie Cranor, a researcher at Carnegie Mellon CyLab, was among the first experts to testify at one of the FTC's roundtables in Washington, D.C., a year ago, and her input is cited several times in the report. "In general, it's a good idea," she said of the "Do Not Track" option. "From the research we've done at Carnegie Mellon, we know that a lot of Internet users don't like the idea of being tracked online and want an easy way to say 'I don't want that.'"
Alessandro Acquisti Discusses Privacy Attitudes and Behaviors -
November 22, 2010
CyLab researcher Alessandro Acquisti states that he feels it is possible, with current technologies, to have both security and privacy, and to not have to choose one over the other. He points out that for any conceivable transaction you can think of –payments, browsing, e-mail, voting, medical data –there exists technology to allow for secure and private transactions.
How To Stay Protected While Buying, Selling Online -
November 19, 2010
CyLab researcher David Brumley said it is important to update computer anti-virus software and computer software to prevent people from hacking into your hard drive, which enables criminals to steal credit card numbers and other personal information."He'll usually get in through a flaw in your software and so the people who make software like Microsoft periodically look for flaws and release updates to fix it, so if you are up to date, you are protected. If you are not up to date, you are in trouble," Brumley said.
Forcing browsers to use encryption -
November 15, 2010
Hodges wrote the original draft specification for HSTS with Collin Jackson, a former Googler and current researcher at Carnegie Mellon CyLab, "This allows for full-session encryption," Jackson told CNET. "A user won't see an insecure version of the site."
Social networks: A great place to mine your alleged security questions -
November 9, 2010
In fact, the results largely confirm the work of Alessandro Acquisti, a researcher at Carnegie Mellon CyLab. In a nutshell, Acquisti found that you can predict Social Security numbers with the information folks are presenting on social networks.
2010 Women of Influence award winners named -
November 9, 2010
The 2010 winner in academia is Dr. Lorrie Faith Cranor, associate professor of computer science and of engineering and public policy at Carnegie Mellon University, where she is director of the CyLab Usable Privacy and Security Laboratory (CUPS). Dr. Cranor has played a key role in building the usable privacy and security research community. She co-edited the seminal book Security and Usability (O'Reilly 2005), and founded the Symposium On Usable Privacy and Security (SOUPS).
Cyber Smart Kids -
November 3, 2010
“We want to promote safe computing with children before they’ve had the opportunity to develop risky behavior or bad habits,” Dena Haritos Tsamitis, director of education, training, and outreach at Carnegie Mellon CyLab told Ivanhoe. "For each mission, there’s a faculty member who will instruct them about the important parts of the game."
Facebook Snafu Highlights Growing Privacy Concerns -
October 19, 2010
"We tend to weigh more heavily the pleasure that we'll get out of the immediate reward than the risk that may be long term and further off," said Lorrie Cranor, a researcher at Carnegie Mellon CyLab and an expert on marketing strategies and privacy. "We see all sorts of security warnings pop up on our screen and we've gotten so used to just kind of swatting them away, and it's very rare that anything bad ever happens to us."
Internet anonymity at risk as real costs of free speech weighed -
October 16, 2010
Erasing Internet anonymity could result in much more of a surveillance-oriented society, said Lorrie Cranor, director of the CyLab Usable Privacy and Security Laboratory. In situations where an identification credential might be useful, Cranor supports using those created with cryptographic algorithms that would confirm users but not reveal their names, Social Security numbers or other private information.
CMU's Information Networking Institute, WQED Multimedia To Create Cybersecurity Outreach Programs -
October 14, 2010
"Because Carnegie Mellon is a leading research university in the areas that contribute to the interdisciplinary field of cybersecurity - engineering, computer science, public policy and business — we are in a perfect position to help educate the public about the importance of securing the global information network," said Dena Haritos Tsamitis, director of the INI, and director of education, training and outreach at Carnegie Mellon CyLab. "This new collaboration is a bold step forward in achieving our collective goals of safer Internet use."
Wombat Security Makes Online Games That Teach Cybersecurity Awareness, Nabs $750,000 US Airforce Contract -
October 8, 2010
The average person will ignore or forget content from emails with security warnings or company lectures when it comes time to actually apply that knowledge, says Norman Sadeh, co-founder of Wombat and a researcher at Carnegie Mellon CyLab. Wombat was founded on the idea that cybersecurity training is best done by engaging users with games.
Carnegie Mellon Spinoff YinzCam To Help Steelers Football Nation Stay Connected -
October 6, 2010
"The technology provides instant action and real-time action replays from any of four unique camera angles at Heinz Field during a Steelers game, including the NFL's Red Zone Channel," said Priya Narasimhan, a researcher at Carnegie Mellon CyLab and YinzCam, Inc's founder. "Because football is a game of inches, it is extremely important that fans get instant visualization of the entire game, and can stay in touch with the real-time game action, anytime, anywhere."
Intel Labs, Carnegie Mellon Jointly Research Clouds, Embedded Systems -
October 1, 2010
"The amplification [of people working on projects] is tremendous because we're collocated [on the CMU campus] like this," said Priya Narasimhan, director of the CyLab Mobility Research Center. She notes that for every Intel Labs researcher on site, there are about four CMU students. "That's the amplification you get."
CMU Students To Receive Accolades For Security Research From Lockheed Martin -
September 29, 2010
"This is a wonderful honor and a testament to our strong program in training the next generation of cyber warriors and intelligence analysts," said David Brumley, an assistant professor in CMU's Department of Electrical and Computer Engineering and Carnegie Mellon CyLab, one of the largest university-based cybersecurity research and education centers in the U.S.
Making Sci-Fi a Reality -
September 23, 2010
"In the face of hazards like smoke, heat and open electrical lines, the survival rate of individuals drops steeply as the time that they remain trapped increases," said Pei Zhang, CyLab researcher and creator of SensorFly. "In many cases, survivors are not conscious, or are immobilized, and therefore unable to attract the attention of rescue workers outside the building. SensorFly can enter the building in this scenario and search for survivors without risking lives or wasting the time of the rescuers."
Wombat Launches PhishGuru -
September 21, 2010
"Wombat’s unique suite of anti-phishing training solutions is by far the most comprehensive and most effective available today," said Carnegie Mellon CyLab Researcher and Wombat Co-Founder and CEO, Dr. Norman Sadeh. A study recently published in Scientific American, shows that a single campaign can reduce the chance of an employee falling for subsequent phishing attacks by more than 50 percent, with even more impressive reductions seen after just a few campaigns.
Professor's self-experiments in cybernetics have provoked debate in the field -
September 19, 2010
"I believe Professor Warwick's work is very profound," said Yang Cai, CyLab researcher and founder of Carnegie Mellon University's Instinctive Computing Lab, which studies videometrics and visualizations. Dr. Cai brought on Dr. Warwick as an official adviser to his lab last year. "He has had a lot of philosophical impact on issues between biological and robotic systems."
A Loophole Big Enough for a Cookie to Fit Through -
September 17, 2010
Lorrie Faith Cranor, director of the CyLab Usable Privacy and Security Laboratory estimates that more than half represent deliberate efforts to keep I.E. from blocking certain types of third-party cookies based on privacy policies. “I’m hoping companies will do the right thing, and it may take pressure form regulators to make that happen,” she says. “Beyond companies that are basically trying to look good on privacy, there is no incentive because you don’t have to do it.”
Mozilla fixes Firefox's DLL load hijacking bug -
September 8, 2010
Universities push to turn out cyber guards as demand explodes -
September 6, 2010
U.S. agencies face a shortage of professionals to protect America's computers and networks from assault, warns Carnegie Mellon University CyLab researcher Dena Haritos Tsamitis. "The government needs 1,000 people every year," said Tsamitis. "Higher-ed institutions across the country aren't even close to providing enough."
How Your Business Can Avoid Being Collateral Damage In A Cyber War? -
August 23, 2010
"When China moves against the U.S. government or some large corporate entity (again), or vice versa, or some geopolitical dispute between Russia and one of its former states boils over into the EU, or Latin America or the Middle East erupt in hot cyber war, where will your enterprise be? " asks Richard Power, a Distinguished Fellow at Carnegie Mellon CyLab, "How can you possibly prepare?"
One World Pittsburgh: Entrepreneurs from across the globe are finding business success in southwestern Pennsylvania -
August 22, 2010
Priya Narasimhan, Carnegie Mellon CyLab researcher and President and Founder of entertainment tech company YinzCam, Inc., puts it: "Only in Pittsburgh would I have access to the people at a Stanley Cup-winning team or access to our Councilman, in order to drive technology to new places." Dr. Norman Sadeh, another CyLab researcher and founder of Wombat Security Technologies, adds, "What I like the most about the university is its culture of innovation and how it encourages both faculty and students to pursue their own ideas and have an impact in the real world. Entrepreneurship is very much at the core of the culture here."
Hacked smartphones pose military threat -
August 16, 2010
"All phones offer a lot of opportunity for observing what the operator is doing -- e-mail, GPS, finding restaurants," Carnegie Mellon CyLab researcher Adrian Perrig says. Malware can turn phone microphones on or snap photos surreptitiously, he says.
Ball Tracking Technology Headed for the NFL -
August 10, 2010
"We've readied this ball to withstand the impact of an NFL game, especially with people beating up on it," CyLab Researcher Priya Narasimhan said. "We have mechanical engineers in place to figure out the impact. We've had designers whose job was to design the technology to withstand the impact. Electrical engineers were put in place to make sure the technology did not circuit out."
Browsers' private modes leak info, say researchers -
August 10, 2010
"There are some traces left behind [by all browsers] that could reveal some of the sites that you've been to," said Collin Jackson, an assistant research professor at the Silicon Valley campus of Carnegie Mellon University.
The Economics of Privacy Pricing -
July 19, 2010
Carnegie Mellon CyLab researcher Alessandro Acquisti says those experts who say people don’t care about privacy are off-base. "When you have privacy, you value it more," said Mr. Acquisti. "But when the starting point is that we feel we don’t have privacy, we value privacy far less."
You Want My Personal Data? Reward Me for It -
July 16, 2010
In reality, we constantly make transactions involving our personal information," said Alessandro Acquisti, a researcher at Carnegie Mellon CyLab. Every search on Google, Mr. Acquisti notes, is implicitly such a transaction, involving a person "selling" personal information and "buying" search results.
Hackers Using Personal Contact Lists For Online Scheme -
June 30, 2010
CMU CyLab cyber security specialist David Brumley said this kind of hacking is becoming more common. He said the hacker will get into your account and they email everyone in your contact list. "There is a little bit of legitimacy with this to the recipient because it's coming from someone you know. The hope is you will be spear fished into sending this person money," explained Brumley.
Sypris Partners with Carnegie Mellon on Cyber Security Research -
June 29, 2010
"The 21st century cyber security threat matrix demands a 21st century strategy that will leverage the skills and resources from universities, corporations and the U.S. Government," stated Gene Hambrick, Director of Corporate Relations for Carnegie Mellon’s CyLab. "The CyLab and Sypris partnership is an excellent example of developing a strategically important long-term relationship that will impact the next generation of research and development in cyber security, privacy and dependability."
Those Scrambled Word Tests For Stopping Spambots Are Tough For Humans Too -
June 18, 2010
ReCAPTCHA uses a clever method of scanning real books for hard-to-read words, picking out ones that its software can't decipher and further distorting them to use as CAPTCHAs. The company's founder and Carnegie Mellon CyLab researcher Luis Von Ahn told us in 2008 that--unlike most CAPTCHA services including Google's and Microsoft's--their CAPTCHAs had never been "broken" by spammers' software.
Corporate Boards Weak On Security, But Improving -
June 16, 2010
CyLab Governance Study finds more than half of Fortune 1000 companies lack a CISO, but the number of organizations with cross-functional teams for managing security and privacy is up significantly.
Corporations not doing enough to protect data from Internet risk, CMU report says -
June 15, 2010
"The survey results indicate that boards and senior executives need to be more actively involved in the governance of the privacy and security of their computer systems and data, but this year's study shows some important areas of improvement," said Jody Westby, a distinguished fellow in CMU's CyLab, and CEO of Global Cyber Risk LLC, in a statement.
Cyber security may depend on getting employees on board with best practices -
May 31, 2010
Making sure an organization knows what sensitive information it has, identifying its trade secrets, then educating all employees on policies and procedures is key. “The problem we saw with (current training) is it’s boring and dry, and it doesn’t give the opportunity to test what you learned,” said Jason Hong, chief technology officer and co-founder of Wombat Security Technologies, and researcher at Carnegie Mellon CyLab.
Lenders using Facebook, Twitter to gather borrower information -
May 28, 2010
"Financial institutions are starting to look at this information and are using it to make credit decisions," said Lorrie Cranor, a Faculty at Carnegie Mellon CyLab specializing in privacy issues. "There are a lot of things we say to our friends and if someone else reads it and they don't have the right context, it could be misinterpreted."
Who's the biggest threat to business security? Staff or cyber criminals -
May 26, 2010
Dawn Cappelli, technical lead of CERT's insider threat research, says organisations should tweak their definition of an "insider" to keep pace with best security practices. "Our definition of a malicious insider is a current or former employee, contractor or business partner,” she explained. "We've added the business partner aspect to the definition because of recent trends we're seeing."
What if the smart grid has stupid security? -
May 11, 2010
Richard Power, a Distinguished Fellow at Carnegie Mellon CyLab, discusses truth and consequences for critical infrastructure and energy security.
Building an Online Reputation -
April 28, 2010
Richard Power, director of strategic communications for CyLab at Carnegie Mellon University, has invested heavily in building his online reputation --mentoring, engaging and actively reaching out to the community through Internet resources. The benefit of building his online reputation? "Being known and recognized for your work and accomplishments achieved," Power says, as well as "understanding how I can make a difference in the industry as a whole."
Cops Are There When Scammer Calls Grandma -
April 26, 2010
'Ruth' Says Man Pretending To Be Grandson Took Her For $6,000". If [on Facebook] you mention that you're going to visit grandma and you say what town, then they can guess the last name," CyLab's Lorrie Cranor said about scammer that called 'Ruth'.
Spammers Pay Others to Answer Security Tests -
April 25, 2010
Luis von Ahn, a researcher at Carnegie Mellon CyLab who was a pioneer in devising captchas, estimates that thousands of people in developing countries, primarily in Asia, are solving these puzzles for pay. The cost of hiring people, even as cheap as it may appear, should limit the extent of such operations to only spammers who have figured out ways to make money. “It’s only the people who really actually are already profitable that can do this,” von Ahn said.
CMU professor works to give doctors access to patient records -
April 20, 2010
A Carnegie Mellon University health technology expert says he will work with colleagues across the country to open access to electronic health records and protect patient privacy. "The goal here is to work on policy and technology to reduce the barriers to access," said Anupam Datta, assistant research professor in Carnegie Mellon's CyLab.
Better Formats for Privacy Notices: Food Safety labels? Symbols? -
April 15, 2010
Startup Hopes to Stop Phishing With Certified Email -
April 12, 2010
"Phishers keep changing their tactics, while keeping all of the old tactics, too," says Lorrie Cranor, faculty at Carnegie Mellon University CyLab and director of CyLab Usable Privacy and Security Laboratory. "This sort of certification approach will help."
How security professionals monitor their kids -
April 12, 2010
Instead of trying to block her kids from questionable or dangerous content and communication, Dena Haritos Tsamitis, head of the Information Networking Institute and director of outreach for Carnegie Mellon CyLab, approached the security and safety issue by trying to change behavior. Her older kids, now 23 and 21, were her so called 'guinea pigs' when she was developing MySecureCyberspace, an online educational resource that provides families with free materials for staying safe online.
Where Do You Go to Get Back Your Online Reputation? -
April 7, 2010
Director of Outreach and Training for Carnegie Mellon CyLab, Dena Haritos Tsamitis emphasized that protecting and building an online reputation is all the more important for security folks. "Information security is all about reputation and integrity," she says. "If you lose that, you lose everything."
Detecting Malicious Insiders Before Data Breaches Damage Your Business -
April 6, 2010
"If you look at these crimes, you can't detect it with technology alone because a system administrator is going to use his authorized access to do what he does everyday and you can't tell if it's malicious or not unless you know when to look," Dawn Cappelli, technical lead of CERT's insider threat research, said. "Theft of IP; these people are going to take what they work on everyday. They are going to use their authorized access. Unless you put a strategy together that looks at the people, the process and the technology, it's going to be very hard to detect these things."
Carnegie Mellon Student Team Competes In Global Electronic Computer War Games -
April 2, 2010
CyLab's David Brumley said "The game and the team concept is great because it allows students to hone skills and better understand web hacking, binary reverse engineering, exploitation of information, forensics and cryptography."
'MULE' Prototype Uses Location For Authentication -
April 1, 2010
"For example, with MULE, a user can securely store encrypted copies of bank records and tax returns on a laptop, and automatically gain access when opening those files in the home office," CMU CyLab technical director Adrian Perrig and CMU graduate student Ahren Studer write in their paper on MULE. "After a thief steals the laptop, the only way to recover the files is to break into the user's home."
Ready for Your Biometric Social Security Card? -
March 29, 2010
Dean Pradeep Khosla, founding director of Carnegie Mellon's CyLab, estimates that the error rates of [biometric-reading] computerized systems would likely be less than 2% (and could be less than 1%) but says they can never be zero. Khosla says that while current technology makes fingerprints the most feasible biometric marker to use, they're also one of the easiest to steal.
Japan's Anti-Phishing Council and JPCERT/CC Release Customized Version of Wombat's Phil Training Game -
March 18, 2010
"This sale confirms the broad appeal of our training solutions and the ease with which they can be translated into other languages. Given the pre-eminent roles played by Japan's Anti-Phishing Council and JPCERT in cyber security awareness and training in Japan, we are extremely pleased to have been selected to help protect the Japanese public from phishing attacks," said CyLab's Dr. Norman Sadeh, Founder and CEO of Wombat Security Technologies.
How Privacy Vanishes Online -
March 17, 2010
In a paper published last year, CyLab's Alessandro Acquisti and Ralph Gross reported that they could accurately predict the full, nine-digit Social Security numbers for 8.5 percent of the people born in the United States between 1989 and 2003 — nearly five million individuals.
5 Deadly Sins of Job Seekers -
March 17, 2010
Information security is to some extent unique, and so are the people attracted to the profession. "This requires a whole different breed of professionals who need to have the utmost integrity and passion to endlessly keep going and manage the risks properly," says Dena Haritos Tsamitis, director of education, training and outreach at Carnegie Mellon University's CyLab.
HSBC's Massive Breach Is Just The Latest Example Of Big Finance Getting Broadsided -
March 11, 2010
"Our research shows that malicious insiders have the access and opportunity to commit fraud, steal confidential information, and sabotage IT systems," says Dawn Cappelli of Carnegie Mellon's CyLab and CERT. "These actions are very difficult to detect, since they typically perform the same types of actions they do in the course of doing their jobs, and only require the access they need to do their jobs everyday."
As Location-Sharing Services Grow, Privacy Concerns Do Too -
March 10, 2010
The Carnegie Mellon study found that people value the ability to find others in an emergency and get information based on their location. CyLab's Lorrie Cranor, an associate professor of computer science and one of the authors of the study, said people also value location-based advertising in some circumstances — a good thing for the companies that are building a business around precisely that.
Wombat's PhishGuru Expands Anti-Phishing Training -
March 9, 2010
"By implementing PhishGuru as a hosted solution running in the cloud, we are able to make PhishGuru affordable for organizations both large and small," said CyLab's Dr. Norman Sadeh, co-founder and CEO of Wombat Security Technologies.
Redrawing the Route to Online Privacy -
February 27, 2010
CyLab Faculty Lorrie Cranor and Alessandro Acquisti discuss 'privacy nudges', a project to design software that essentially sits over your shoulder and provides real-time reminders — short on-screen messages — that the information you’re about to send has privacy implications.
Web scams up; ID thefts in W.Pa. below average -
February 26, 2010
Lorrie Cranor, who is director of Carnegie Mellon's CyLab Usable Privacy and Security Laboratory, and chief scientist of Wombat Security Technologies, said slightly more than half the 515 participants in the study fell victim to an initial "phishing" attack even though they knew it was coming.
Corporate Espionage: Tomorrow Arrived Yesterday -
February 26, 2010
Distinguished Fellow Richard Power discusses "Corporate espionage isn't a Cold War leftover; China-Google and "Climategate" are your reality today."
Carnegie Mellon's Lorrie Cranor To Address Congressional Subcommittees About Privacy Issues and Location-Based Services -
February 23, 2010
CyLab Faculty Lorrie Cranor will discuss the risk and benefits of online services that collect and use location information to joint meetings of the U.S. Congressional Subcommittee on Commerce, Trade and Consumer Protection and the Subcommittee on Communication and Technology at 10 a.m., Wednesday, Feb. 24 in Washington, D.C.
Carnegie Mellon Provides Cluster to Cloud Computing Test Bed -
February 15, 2010
CyLab Faculty Greg Ganger said much of the research at Carnegie Mellon's new computing cluster likely will focus on the university's strengths -- how to make the cloud computing infrastructure faster, more reliable and more energy efficient and how to use the cloud in innovative ways for new applications. "This site embodies our commitment to the collaborative, open-source research environment that Open Cirrus promotes and to aggressively pursuing cloud computing research on this campus," he said.
Experts warn: Be careful opening those electronic greetings -
February 9, 2010
CyLab Faculty Lorrie Cranor never sends electronic cards, and she rarely opens the ones sent to her. For Dr. Cranor to feel confident that those little greetings aren't bad news, she needs checks and double-checks. Red flags to watch for in e-cards include terms such as "secret admirer," "special friend" and "it's you."
Google's alleged tie-up with NSA raises concerns -
February 5, 2010
It's understandable that corporations might covet the NSA's expertise about quelling cyberattacks; the agency possess unsurpassed intelligence gathering know-how, says Jody Westby, CEO of consulting firm Global Cyber Risk and a distinguished fellow at the Carnegie Mellon CyLab think tank.
Google Focused Research Awards -
February 2, 2010
CyLab Faculty Dave Andersen and Lorrie Cranor were given first-ever Google Focused Research Awards for their respective projects in energy efficient computing and privacy.
Mozilla weighs privacy warnings for Web pages -
February 2, 2010
Lorrie Cranor, a member of the P3P working group who has done extensive work on privacy statements as a faculty member at Carnegie Mellon CyLab, says that the challenge of distilling complex and customized privacy policies into a few icons could be insurmountable.
2010 Carnegie Science Center Awards Announced -
January 28, 2010
CyLab Researcher Luis Von Ahn will be awarded the Information Technology Award for his reCAPTCHA innovation that distinguishes human computer users from Internet robots.
Carnegie Mellon tosses Internet safety net over region's schools -
January 28, 2010
Carnegie Mellon University's Information Networking Institute kicked off a communitywide Internet awareness program Monday at St. Bede's School in Point Breeze to teach children safe online behavior.
U.S. Keeps Foreign Ph.D.s -
January 26, 2010
CyLab Faculty Joy Ying Zhang featured in article, "Despite Fears of a Post-9/11 Drop, Most Science, Engineering Post-Grads Have Stayed"
CMU research aims to improve airport security -
January 24, 2010
From body-part censors to cameras that recognize faces, CyLab 'at the edge of technology'
China-Google quarrel highlights world of cyber espionage -
January 15, 2010
China, Russia, North Korea, Iran, Israel, France, the United States and the United Kingdom are widely known to possess state-of-the-art cyber espionage know-how used for economic and military intelligence gathering, says Jody Westby, CEO of consulting firm Global Cyber Risk and a distinguished fellow at the Carnegie Mellon CyLab think tank.
The Digital Trail of the Maltese Falcon: Private Investigations in the Information Age -
January 5, 2010
What's the impact of IT on private investigations? CyLab Distinguished Fellow Richard Power grills Ed Stroz about the field and what it means for CSOs, government and business.
Bad news for some: Spam actually works -
December 28, 2009
"People are sort of resigned to the fact they're going to get spam. It's just a question of how much," said Lorrie Cranor, CyLab researcher and an associate professor of computer science at Carnegie Mellon University.
Hijacked Facebook accounts pose threat of ID theft -
December 26, 2009
Facebook officials should ask users' permission each time they change privacy settings, said Dena Haritos Tsamitis, director of Carnegie Mellon's Information Networking Institute and education, training and outreach for CyLab.
Obama names Howard Schmidt as cybersecurity coordinator -
December 22, 2009
CyLab Distinguished Adjunct Fellow Howard Schmidt, who was a cyber-adviser in President George W. Bush's White House, will be Obama's new cybersecurity coordinator.
Google Research Awards Announced -
December 22, 2009
A Google Research Award (4th quarter 2009) was given to CyLab researcher Jason Hong and computer science faculty John Zimmerman for their project: Context-Aware Mobile Mash-ups. The project seeks to build tools for non-programmers to create location and context-aware mashups of data for mobile devices that can present time- and place-approriate information.
Snap and Search (No Words Needed) -
December 19, 2009
[Google] Goggles also uses location information to help identify objects, but its ability to recognize millions of images opens up new possibilities. “This is a big step forward in terms of making it work in all these different kinds of situations,” said CyLab researcher Jason Hong.
The Silver Bullet Security Podcast with Lorrie Cranor -
December 18, 2009
Cigital's Gary McGraw and CyLab Researcher Lorrie Cranor discuss how everyday people think about privacy and what we can do to get them to care about it, the relationship between trust and privacy, and why the US is lagging behind the EU on privacy-related issues.
Cybersecurity grant to fund research into critical infrastructure threats -
December 1, 2009
A consortium of cybersecurity researchers from the country's top academic institutions, including CyLab, will collaborate on cybersecurity research and proactively address known and unknown threats to critical infrastructure, public safety and ecommerce.
reCAPTCHA (a.k.a. Those Infernal Squiggly Words) Almost Done Digitizing the New York Times Archive -
November 13, 2009
At some 40 million deciphered words a day, and approximately 100,000 words per book, that means Luis Von Ahn's reCAPTCHA army could in theory chew through hundreds of thousands of books per year.
State Department Deploys Anti-Phishing 'Phil' Game Training -
October 28, 2009
CyLab Start-up Wombat's Anti-Phishing Phil shown to be effective at training people to recognize phishing attacks.
Online Data Present A Privacy Minefield -
October 26, 2009
Alessandro Acquisti studies privacy through the lens of behavioral economics. He's interested in how people "spend" their personal information when they don't really know where it's going.
Red Pill? Blue Pill? Ruminations on the Intersection of Inner Space and Cyber Space -
October 23, 2009
Richard Power looks beyond fear, doubt, and "broken" to cybersecurity's real connection to the evolving world.
Counter-eCrime Coalition Deploys Real-Time Internet Safety Education Program -
October 19, 2009
The Anti-Phishing Working Group (APWG) and CyLab Usable Privacy and Security Laboratory (CUPS) will announce tomorrow the deployment of their real-time counter-eCrime education system.
October 15, 2009
Marios Savvides, a Carnegie Mellon research professor, is enhancing the university’s reputation as a pioneer in facial and iris recognition technology.
Partners of Carnegie Mellon's CyLab warned that 'digital 9/11' threat growing -
October 14, 2009
"It's not, can it happen? It's when," said Melissa Hathaway, the former senior director for cyberspace at the National Security Council and keynote speaker at the 6th Annual CyLab Partners Conference.
Researchers tout 'wimpy nodes' for Net computing -
October 14, 2009
Carnegie Mellon researchers, such as David Andersen, believe some work can be managed with lower expense and lower power consumption.
Building a Better Password -
October 9, 2009
"When we first started waving the flag, not many people paid attention," says Carnegie Mellon professor Lorrie Cranor about usable security. "It's gratifying that people are starting to."
CyLab Founder Khosla To Receive Academic Excellence Award -
October 7, 2009
Carnegie Mellon's Pradeep K. Khosla To Receive Prestigious Academic Excellence Award at 2009 Pan IIT Conference
Homeland Security plans to scan air travelers’ bodily functions -
October 6, 2009
CyLab Researcher Stephen Fienberg on Homeland Security Plan to Scan Air Travelers' Bodily Functions -- "There's not much science here."
Pittsburgh Stars at the G20 -
September 23, 2009
Pittsburgh, including CyLab Researcher Priya Narasimhan, shows other countries visiting it for the G20 how postindustrial America can still bounce back.
Carnegie Mellon's Pradeep Khosla To Be Keynote Speaker At Launch of New Policy Network Critical to G-20 Leaders -
September 22, 2009
Carnegie Mellon University's College of Engineering Dean Pradeep K. Khosla will speak to more than 70 members of a newly formed network of global information technology experts.
Context-aware mobility can have profound benefits in business -
September 21, 2009
Priya Narasimhan co-directs the school's CyLab Mobility Research Center, where she and her students are studying how context affects the mobile experience.
Google Acquires Carnegie Mellon Spin-off ReCAPTCHA -
September 16, 2009
The reCAPTCHA puzzles began as a research project of Luis von Ahn, assistant professor of computer science and CyLab researcher at Carnegie Mellon.
Experts: Hackers might view summit as 'a chance to make a statement' -
September 6, 2009
Critical infrastructure typically runs on internal networks whose security experts usually describe as "not good," said David Brumley, a Carnegie Mellon University professor of electrical and computer engineering and computer science. "And there has been an increased worry that an attacker could target multiple companies," he said.
Carnegie Mellon's Pradeep K. Khosla To Receive Lifetime Achievement Award From Engineering Society -
August 31, 2009
Dean Pradeep Khosla is being recognized for his significant impact on the use of computers in engineering practice and education from the Computer and Information in Engineering Division of American Society of Mechanical Engineers.
Pittsburgh begins receiving problem reports via mobile phone -
August 18, 2009
CyLab's Priya Narasimhan and YinzCam created an iPhone app that allows residents to snap iPhone photos of problems such as potholes and graffiti and send them to the city's 311 complaint system, embedded with Global Positioning System data with the problem's exact location.
Offering an Academic Hand to Minority Schools -
August 11, 2009
CMU Workshop Extends New Opportunities to Information Assurance Educators
Crying Wolf: Do Security Warnings Help? -
July 30, 2009
"People get pop-ups in their browsers and they say something about security and they don't know what they are, so they swat them away," said Lorrie Cranor, CyLab researcher.
"We Want to Be Recognized as the Leading ... School in the World" - Pradeep Khosla, Carnegie Mellon University -
July 28, 2009
An exclusive interview with CyLab Founding Director, Pradeep Khosla.
Security on the (Eye)Ball: Hands-Free Iris Biometrics to Keep Bad Guys at Bay -
July 28, 2009
Carnegie Mellon University CyLab researchers are developing an iris-scanning system that will capture and compare iris images at up to 12 meters away
Have "yinz"' seen the latest in mobile video service? -
July 24, 2009
Wi-Fi-enabled devices let Pittsburgh Penguins fans get in on the action
Private Cell Phone Conversations Not So Private After All -
July 16, 2009
"It's not illegal to buy this and download on a phone you own. Once you install it, what this gives you is the ability to monitor that phone remotely from anywhere else. You can get to anything happening on that phone remotely without the person holding the phone ever knowing your doing it," CyLab Researcher Priya Narasimhan said.
Weakness in Social Security Numbers Is Found -
July 7, 2009
CyLab researcher Alessandro Acquisti, an associate professor of information technology and public policy, and Ralph Gross, a postdoctoral researcher, noted that there was a range of implications from the research, including that it was now possible to routinely reconstruct sensitive personal information from the type of online postings frequently found on social networking sites and other public sources.
Researchers: Social Security Numbers Can Be Guessed -
July 6, 2009
"Our work shows that Social Security numbers are compromised as authentication devices, because if they are predictable from public data, then they cannot be considered sensitive," said Alessandro Acquisti, CyLab researcher, and a co-author of the study.
Context on ice: Penguins fans get mobile extras -
July 2, 2009
CyLab Mobility Research Center's Priya Narasimhan and her team provide context with the mobile video service that delivers Pittsburgh Penguins fans live-action shots and instant replays during game time.
Cyber Security, the Nuclear Threat and You: Cassandra's Guide to the 21st Century -
June 30, 2009
CyLab's Distinguished Fellow Richard Power interviews Martin Hellman and mulls nuclear risk
Virtualization, cloud computing pose new challenges, opportunities -
June 29, 2009
Cloud, virtualization insights from CyLab Researcher Greg Ganger and the Data Center Observatory at Carnegie Mellon.
Carnegie Mellon's Pradeep Khosla Named To New Technology Leadership Strategy Initiative -
June 22, 2009
"An internationally recognized authority on robotics, embedded systems, technology education, innovation and cybersecurity, Carnegie Mellon’s Pradeep K. Khosla is an outstanding addition to our newly formed Technology Leadership Strategy Initiative," said Deborah Wince-Smith, president of the Washington, D.C.-based Council on Competitiveness.
Carnegie Mellon’s College of Engineering To Host Information Technology Media Fellowship -
June 18, 2009
Carnegie Mellon University’s College of Engineering will host four top journalists, June 22-23, for its third annual information technology media fellowship program.
Kobe MSIT-IS Team Wins IT Incident Handling Competition -
June 15, 2009
A team of INI students at Carnegie Mellon CyLab Japan (Kobe MSIT-IS) won first place in an IT incident handling competition for students at a cyber security conference in Japan.
At Pittsburgh hockey games, fans dial up live video, replays from mobile phones -
June 15, 2009
Carnegie Mellon’s YinzCam brings Penguins fans all the video angles.
Carnegie Mellon expert praises creation of office to fight cyberthreats -
May 30, 2009
"Bringing cybersecurity to the White House level is absolutely step No. 1. Access to the president is what this issue needs," said Pradeep Khosla, dean of Carnegie Mellon University's College of Engineering and founder of Carnegie Mellon CyLab.
CMU Developing Terrorist-Fighting Tool -
May 22, 2009
CMU professor Marios Savvides is developing new technology at CMU’s CyLab that will be able to distinguish the good guys from the bad guys at a distance.
Online life can be convenient as well as dangerous -
May 18, 2009
"The solution to these problems is public education. These things that look too good to be true, are." CyLab's Lorrie Cranor said.
This Profound Moment in Cybersecurity, and Three Challenges that Frame It -
May 12, 2009
CyLab's Richard Power looks at the big picture and how security must move forward
Pittsburgh TEQ honors Dr. Priya Narasimhan on "Women of the Year" list -
May 11, 2009
CyLab's Priya Narasimhan makes the list for her Yinzcam project, teaming with the Pittsburgh Penguins to deliver live, high definition video of the game from various unique angles along with automatic instant replays straight to each fan’s wi-fi-enabled phone or iPod Touch.
The Silver Bullet Security Podcast Interview with CyLab Co-Director Virgil Gligor -
April 21, 2009
Gary McGraw and Virgil Gligor discuss how information security has changed over the last 35 years, why software security will be with us forever, and how Virgil’s childhood in Romania has shaped his views on security.
Why give up privacy? Because everyone else is! -
April 21, 2009
"When people observe more disclosure, they become more likely to disclose similarly sensitive information," said privacy and economics researcher Alessandro Acquisti.
A New Tool to Ease Finding Pages from Browser History -
April 10, 2009
Jason Hong, CyLab faculty, says, "Most people either found Web history too hard to use or didn't even know that it existed."
Why all the cyber-scares? -
April 10, 2009
CyLab's Richard Power talks about media surrounding recent cyber incidents, like the Conficker virus.
Now You Can Track Colleagues and Students on Your Laptop -
March 4, 2009
Loccacino, a location-centered social application developed by CyLab's Norman Sadeh, emphasizes customizable privacy settings.
Software Engineering Institute CERT's Richard D. Pethia Receives CSO Compass Award -
February 12, 2009
Richard Pethia, CERT Director and CyLab Co-Director, will receive the CSO Compass Award, which recognizes individuals for their leadership and ability to execute security strategy while bringing business value.
Carnegie Science Center Announces 2009 Carnegie Science Awards -
January 29, 2009
CyLab Researcher and ECE Professor Priya Narasimhan is the winner of the 2009 Emerging Female Scientist Award announced by the Carnegie Science Center of Pittsburgh.
Building a Better Spam-Blocking CAPTCHA -
January 23, 2009
So with all that, can CAPTCHA be saved? According to Carnegie Mellon computer scientists, the answer is yes. The first of their redesigns of CAPTCHA, according to Luis von Ahn, a professor of computer science at the university, is the aptly named reCAPTCHA.