Press Coverage
About our CCS’13 paper
• iOS and Android weaknesses allow stealthy pilfering of website credentials (opens in new tab), Ars Technica, August 27, 2013
About our Oakland’12 paper
• Study Finds Major Weaknesses in Single Sign-on Systems (opens in new tab), Network World, March 27, 2012
• Flawed sign-in services from Google and Facebook imperil user account (opens in new tab), Ars Technica, March 25, 2012
• Trial finds EIGHT WAYS to defeat Google, PayPal and other SSOs (opens in new tab), The Register, March 20, 2012
• Researchers discover flaws in SSO that leave websites vulnerable (opens in new tab), Infosecurity, March 20
• Web Services Single Sign-On Contain Big Flaws (opens in new tab), Dark Reading, March 19, 2012
• Researchers discover “worrisome” authentication flaws in many online services (opens in new tab), ZDNet, March 16, 2012
About our finding of an OpenID authentication bug
• OpenID Warns Of Serious Bug (opens in new tab), InformationWeek, May 9, 2011
• OpenID warns of ‘psychic paper’ authentication attack (opens in new tab), Register, May 9, 2011
• OpenID Foundation warns of identity transmission bug (opens in new tab), ZDNet UK, May 9, 2011
• OpenID Foundation Warns Websites of Authentication Flaw (opens in new tab), eWeek, May 9, 2011
About our Oakland’11 paper
• How to Shop for Free Online (opens in new tab) (video interview), Channel 9, May 17, 2011
• Vulnerabilities in Online Payment Systems (opens in new tab), Schneier on Security, May 9, 2011
(Shaz Qadeer and I didn’t directly participate in the following interviews because of a non-academic reason.)
• Researchers find major flaws in online payment systems (opens in new tab). CNN, April 13, 2011.
• Exploit-wielding boffins go on free online shopping binge — World’s biggest e-commerce sites wide open (opens in new tab), Register, April 12, 2011
• Could criminals shop for free online? (opens in new tab) CNET, April 11, 2011
• Security Researchers Exploit Logic Flaws to Shop for Free Online (opens in new tab), Network World, April 11, 2011
About our finding of a Facebook authentication bug
- Informatics students discover, alert Facebook to threat allowing access to private data (opens in new tab), PhysOrg, Feb 3, 2011
• New Facebook vulnerability patched (opens in new tab), ComputerWorld, Feb 2, 2011
• Facebook Fixes Security Vulnerability (opens in new tab),eWeek, Feb 2, 2011
• Facebook plugs gnarly authentication flaw, (opens in new tab) Register, Feb 2, 2011
• Facebook flaw allowed websites to steal users’ personal data without consent (opens in new tab), Graham Cluley’s blog, Feb 2, 2011
About our Oakland’10 paper
• Side Channel Attacks in SSL (opens in new tab), ha.ckers.org, June 21st, 2010
• SaaS Apps May Leak Data Even When Encrypted, Study Says (opens in new tab), Dark Reading, March 26th, 2010
• Side-Channel Attacks on Encrypted Web Traffic (opens in new tab), Schneier on Security, March 26th, 2010
• Researchers sound alarm on Web app “side channel” data leaks (opens in new tab), Network World, March 25th, 2010
• Your health, tax, and search data siphoned: Software-as-a-service springs SSL leak (opens in new tab), The Register, March 23rd, 2010.
• Side-Channel Leaks in Web Applications (opens in new tab), Freedom To Tinker, March 23rd, 2010
About our Oakland’09 paper
• Browser flaws expose users to man-in-the-middle attacks (opens in new tab), ZDNet, August 7th, 2009
• Mozilla patches 11 Firefox bugs, six critical. Plugs SSL hole reported by Microsoft researchers (opens in new tab), Computer World, June 12, 2009
• Breaking Web Browsers’ Trust (opens in new tab), Technology Review, May 21st, 2009