People who didn’t have any public Facebook photos were mostly immune to identification, says Alessandro Acquisti, Carnegie Mellon CyLab researcher and the study’s lead author (though at least one subject found that he had been tagged publicly in a friend’s photo without his knowledge.) But facial-recognition software is improving rapidly. And software like Face.com’s gets better and learns more every time someone uses the tagging suggestions and clicks “yes” or “no” to indicate whether they were correct. “They’re being smart in a way, or some could say very subtle, in enlisting users as a means of improving the accuracy of their identification,” Acquisti told me.
Making Headlines
Those meters that rate password strength work, until they don't June 11, 2013
"Passwords are not going to disappear overnight, or in the next 10 years or 20 years," said Lujo Bauer, researcher at Carnegie Mellon CyLab. Bauer and colleagues at Carnegie Mellon conducted the study with 2,931 subjects who created passwords on sites using one of 14 types of meters with different displays and criteria for determining strength.
Limiting Risks Found in the Cloud June 10, 2013
"We're hoping that the cloud service providers understand insider threat," Carnegie Mellon CyLab researcher Dawn Cappelli says. "We have recommendations that we provide for organizations for what they should do to protect themselves against rogue administrators and to protect themselves against theft of intellectual property. Our hope is that cloud service providers understand that as well."
“Hallucinating” a face, new software could have ID’d Boston bomber May 29, 2013
Dr. Marios Savvides, the director of the CyLab Biometrics Center, said that the new technology could generate results much more detailed than those made by traditional image enhancement approaches. "The traditional methods yield about a 2 times to 4 times improvement" in the resolution of a facial image, he said. "This method gets us 16 times the resolution."
Facial recognition technology moving toward identifying almost anyone May 20, 2013
But when the FBI released blurry, off-angle images of the two suspects in the Boston Marathon bombings, researchers with Carnegie Mellon University's CyLab Biometrics Center began trying to bring them into focus. Marios Savvides, director of the CMU CyLab Biometrics Center, told the Tribune-Review. “It's not exactly him, but it's also not a random face. It does fit him.”
"Big Brother" is big business? May 16, 2013
Professor Alessandro Acquisti of Carnegie Mellon CyLab, says smart-phones will make "facial searches" as common as Google searches in the future. "One of the participants, before doing the experiment, told us, 'You're not going to find me because I'm very careful about my photos online.' And we found him," says Acquisti, "Because someone else had uploaded a photo of him."
Study: 45 percent of Bitcoin exchanges end up closing April 26, 2013
The study said: "Exchanges handling 275 Bitcoins' worth of transactions each day have a 20 percent chance of being breached, compared to a 70 percent chance for exchanges processing daily transactions worth 5570 Bitcoins." Tyler Moore and Carnegie Mellon CyLab reseacher Nicholas Christin estimate that the median lifespan of any Bitcoin exchange is 381 days, with a 29.9 percent chance that a new exchange will close within a year of opening.
High-volume Bitcoin exchanges less likely to fail, but more likely breached, says study April 24, 2013
The study analyzed 40 exchanges that buy and sell the virtual Bitcoin to identify factors that trigger or stave off closure, said the study's authors, computer scientists Tyler Moore, in the Lyle School of Engineering, Southern Methodist University, Dallas, and Nicolas Christin, with the Information Networking Institute and Carnegie Mellon CyLab at Carnegie Mellon University. "The risk of losing funds stored at exchanges is real but uncertain," write Moore and Christin.
Identity Theft: It's Not Just for Grownups! April 23, 2013
Imagine finding out that your eight-year-old has a house in foreclosure thousands of miles away. How about getting collection calls because your young teen is several payments behind on a car loan? These are not far-fetched scenarios. According to a study conducted by Carnegie Mellon CyLab, over 10 percent of the children studied reported that someone had used their Social Security number fraudulently.
Researchers create digital database of poisonous plants April 15, 2013
The two researchers combined forces, figuring the facial recognition software Carnegie Mellon CyLab researcher Marios Savvides and his team developed could be used to identify plants, too. "That's the most awesome feeling," Mr. Savvides said. "I believe the true home runs left are cross-disciplinary research, that's when we fill in the technology gaps."
The Bitcoin Gamble: Is Now the Time to Invest? April 11, 2013
Bitcoins also represent a new concept and technology, so "essentially no regulation exists," says Nicolas Christin, CyLab researcher and associate director of the Information Networking Institute at Carnegie Mellon University who has studied bitcoins since 2011. Bitcoin helps consumers maintain privacy in online payments because it uses cryptography to authenticate the transaction and can’t be reversed. "It’s much better than credit card payments or wires," Christin says.
Letting down our guard with Internet privacy April 7, 2013
Often, we turn over our data in exchange for a deal we can’t refuse. Alessandro Acquisti, a behavioral economist and researcher at Carnegie Mellon CyLab in Pittsburgh, studies how we make these choices. In a series of provocative experiments, he has shown that despite how much we say we value our privacy — and we do, again and again — we tend to act inconsistently. “Privacy is delayed gratification," he warned.
IEEE Honors Five with Technical Achievement Awards April 3, 2013
The IEEE Computer Society is honoring five prominent technologists for their contributions with 2013 Technical Achievement Awards. This year's award winners include Virgil D. Gligor, a Carnegie Mellon University electrical and computing engineering professor and co-director of the University's CyLab. He is the recipient of the NIST and NSA's National Information Security Award, and ACM's Outstanding Innovation Award.
Everyone Will Have to Decide For Themselves April 1, 2013
We don’t always act in our own best interest, Carnegie Mellon CyLab researcher Allesandro Acquisti suggests. We can be easily manipulated by how we are asked for information. Even something as simple as a playfully designed site can nudge us to reveal more of ourselves than a serious-looking one.
When it comes to privacy, we’re all just a little bit nuts April 1, 2013
Much of Carnegie Mellon CyLab researcher Allesandro Acquisti’s work charts the often irrational trade-offs we make each day, whether it’s giving up personal information for the price of a cup of coffee or admitting to cheating on tests. It turns out students are less likely to be honest about their cheatin' arts if they know their teachers might see the results, even if they know their identities will not be revealed. But they are less careful about it if they are distracted by something else at the moment the question is asked.
Letting Down Our Guard With Web Privacy March 30, 2013
Carnegie Mellon CyLab researcher Alessandro Acquisti asked himself a question that would become the guiding force of his career: Do Americans value their privacy? "What worries me," he said, "is that transparency and control are empty words that are used to push responsibility to the user for problems that are being created by others."
CSID Study on Child Identity Theft Finds Disconnect in Parent's Awareness and Action March 27, 2013
According to a recent report from Carnegie Mellon's CyLab, the rate of identity theft is 51 times higher for children than for adults. Identity thieves steal children's social security numbers to secure loans and credit, which can go unnoticed for years, causing headaches and hardships for families and huge losses for businesses.
Carnegie Mellon, spy agency seek high school hackers for next generation of US security March 22, 2013
"The government has a huge number of concerns," Carnegie Mellon CyLab researcher David Brumley said. "Computer security isn't growing fast enough to keep up with all the threats. If you call any business, they're going to say we can't hire enough security people."
CERT: Insider Threats Can Have Costly Security Consequences February 28, 2013
In a presentation Thursday at RSA Conference 2013, Dawn Cappelli, technical manager of the CERT Insider Threat Center at Carnegie Mellon University, described several cases in which current and former employees sabotaged companies by planting malware, stole confidential corporate data or colluded with outsiders to commit fraud. The center has tracked 800 insider threat cases since 2001. In cases involving theft of intellectual property such as business plans or source code, the culprit is often the person who worked on the project, Cappelli said.
Cyberspace offers new frontier to exploit weaknesses, initiate attacks February 9, 2013
Future strikes, top military experts warn, could be destructive — even deadly — targeting nuclear power plants, public water systems, railways, air traffic control and hospitals. "People have realized that cyberspace — just like land, air and sea — is another domain that they need to defend, control and protect," said David Brumley, a computer security researcher at Carnegie Mellon CyLab. "Cyber attacks are part of a covert war right now."
Electronic devices and services monitor us 24/7, but there are few ways to block them January 29, 2013
"I think most people don't even realize the extent to which they're being tracked," said Lorrie Cranor, director of Carnegie Mellon University's CyLab for Usable Privacy and Security. A flashlight app shouldn't need anything, it's just a flashlight. But you can check your permissions to see if there's any indication the flashlight is doing more than what you see on your phone," said Ms. Cranor.
Carnegie Mellon University's David Brumley Receives New Prestigious Faculty Appointment January 26, 2013
Carnegie Mellon CyLab's David Brumley has been appointed the Gerard G. Elia Career Development professor in the Department of Electrical and Computer Engineering (ECE). Brumley's research focuses on the techniques, principles and algorithms for finding flaws in software that hackers use to break into systems. "My goal is to make computer software and systems safe," Brumley said. "Attackers only need to find a single flaw to break into a system. Defenders have the much harder job of plugging all holes."
A shock in the dark: Flashlight app tracks your location January 16, 2013
"There's no sensible reason why a flashlight app would need your location," Carnegie Mellon CyLab researcher Jason Hong said. "That was the biggest surprise to people -- 95 percent were surprised it used location data." Of the top 100 Android apps, 56 collected location information, device identifiers and/or contact lists, according to the university’s research. Users, however, often had no idea such data was being collected or how it might be used.
While the cyber war tail wags the national security dog, software security offers a different path to cyber peace January 10, 2013
Carnegie Mellon CyLab Distinguished Fellow Richard Power remarks, "It is impossible to sufficiently mitigate the impact of a nuclear attack, but it is possible to mitigate the impact of a cyber attack, IF you are investing in the things you should be investing in anyway, to deal with the other issues."
Smartphone snoops? How your phone data is being shared December 26, 2012
Jason Hong, a mobile privacy researcher at Carnegie Mellon CyLab told CBS News' Sharyl Attkisson, "We looked at the top 100 apps and it turns out about half of them had some kind of privacy concerns, in that they were collecting or using some kind of sensitive information. Once the data is outside of your smartphone, it's really hard to know exactly what's going on with the data."
Privacy engineers could hold the key December 15, 2012
CyLab Researcher Lorrie Cranor describes, "A privacy engineer is someone who understands the engineering and the privacy sides and works out strategies that allows people to protect privacy without getting in the way of building cool things."
Increasing Control Over Release of Information Leads People To Divulge More Online, Carnegie Mellon Researchers Find November 26, 2012
"We found there was a paradox of control. People who felt more in control of their information took more privacy risks more often," said Allesandro Acquisti, researcher at Carnegie Mellon CyLab. "They felt more empowered and more in control of their personal information. But once the information is online, users can't control what people do with it."
QRishing Study: Curiosity Is the Largest Motivating Factor for Scanning QR Codes November 8, 2012
Researchers from the Carnegie Mellon University’s CyLab have released the results of a study – "QRishing: The Susceptibility of Smartphone Users to QR Code Phishing Attacks" – which focuses on phishing attacks that rely on QR (Quick Response) codes. "The ease with which such an attack can be mounted against current smartphones is particularly concerning given the long patching cycle and potential for an attacker to gain elevated privileges on the device," the researchers said.
Your apps may be spying on you November 4, 2012
When Jason Hong, a researcher at Carnegie Mellon CyLab, surveyed 40 users, all but two were unaware that the game was storing their locations so that they could later be the targets of ads. "When I am giving a talk about this, some people will pull out their smartphones while I am still speaking and erase the game," Hong, an expert in mobile application privacy, said during an interview. "Generally, most people are simply unaware of what is going on."
Why it's so hard to catch online predators October 17, 2012
"You can use a proxy machine, meaning instead of connecting directly from my computer, I connect to another computer and from there I make those posts," says CyLab researcher Nicolas Christin, who notes that it's "relatively easy to anonymize" your traffic on the internet. People could also use something like the Tor network, free online software that Christin says is fairly easy to download and is "essentially a peer-to-peer network that is not used for file sharing. It's a peer-to-peer network that is used to anonymize data over the internet."
New Master's for Privacy Engineers October 16, 2012
"Privacy breaches, whether through poor design or as the result of attacks, have become a staple of the daily news," said Norman Sadeh, CyLab researcher and co-director of the MSIT-Privacy program. "Leaders in social media, tech and Internet companies, financial service firms and government agencies all tell us that they see an increasing need for privacy engineers who can help them design and maintain systems that protect people's identities and personal information," Sadeh added.
Where everybody is August 25, 2012
The day is coming when businesses and others will have those kinds of capabilities, said Alessandro Acquisti, a researcher at Carnegie Mellon CyLab who studies the positive and negative implications of facial recognition technology. “Your phone — or in some years, your glasses, and in a few more, your contact lenses — will tell you the name of that person at the party whose name you always forget,” Acquisti said. “Or it will tell the stalker in the bar the address where you live.”
Study estimates $2 million a month in Bitcoin drug sales August 7, 2012
Silk Road buyers are required to provide feedback on their purchases, and these reports are publicly available. This gave Carnegie Mellon CyLab researcher Nicolas Christin a handy way to track the volume of activity on the site. He reports that the volume of transactions on the site increased "from approximately 8,000 BTC/day to approximately 15,000 BTC/day, before seemingly retreating down to 11,000 BTC/day. The latter decrease is, however, an artifact of the Bitcoin sharply appreciating against all major currencies, rather than an indication of a drop in sales."
Black Market Drug Site 'Silk Road' Booming: $22 Million In Annual Sales August 6, 2012
Carnegie Mellon CyLab researcher Nicholas Christin cautions that his study only looks at a six month period of Silk Road’s sales, and that a big part of the site’s measured success comes from appreciation in the highly volatile Bitcoin currency Silk Road trades in, which has itself increased close to 70% in value over the course of Christin’s study. But even accounting for changes in that crypto currency, the site’s numbers point to very real growth. “It’s very bursty and spikey, but overall the numbers are moving up,” says Christin. “It’s a stable marketplace, and overall it’s growing steadily.”
What's real and what's not in web security July 2, 2012
This is the third in a series of interviews with C-level executives responsible for cyber security and privacy in business and government, who also happen to be thought leaders. (Remember, as Carnegie Mellon CyLab Distinguished Fellow Richard Power mentioned previously, "C-level executive" and "thought leader" are not synonyms.) In this issue, Power discuss a range of issues related to the hard work of web security with Jeremiah Grossman, founder and Chief Technology Officer of WhiteHat Security.
A Robot Takes Stock June 29, 2012
Andyvision, as it's called, scans the shelves to generate a real-time interactive map of the store, which customers can browse via an in-store screen. At the same time, the robot performs a detailed inventory check, identifying each item on the shelves, and alerting employees if stock is low or if an item has been misplaced. None of the technologies it uses are new in themselves, says Carnegie Mellon CyLab researcher Priya Narasimhan. It's the combination of different types of algorithms running on a low-power system that makes the system unique.
Facebooked in the Crowd June 19, 2012
Admen Spot an Enemy: W3C June 19, 2012
One of the biggest sticking points: what even counts as "tracking." The result is a conflict that is pushing the standards body well beyond the nuts and bolts of the Web into hot-button economic and policy issues. "With Do Not Track, the technology issues are the least [of the] concerns," says Lorrie Cranor, a researcher at Carnegie Mellon CyLab who studies privacy technology. "It's about policy."
Few Privacy Regulations Inhibit Facebook June 13, 2012
Given how rapidly Facebook has reeled in new users, it seems people are not very concerned about protecting their privacy on the site. But they should be, says Alessandro Acquisti, a researcher at Carnegie Mellon CyLab. He worries about not only what Facebook can do with personal information now, but what could be inferred from such data a few years down the road. For instance, in 2009 he showed that Social Security numbers can be guessed using public data, some of it from social networks.
The Antivirus Era Is Over June 11, 2012
Nicolas Christin, of Carnegie Mellon CyLab, who has recently been investigating the economic motivations and business models of cyber attackers, says that makes sense. "The human costs of these sophisticated attacks are the one of the largest," he says. Foiling an attack is no longer a matter of neutralizing a chunk of code from a lone genius, but of defeating skilled groups of people. "You need experts in their field that can also collaborate with others, and they are rare," says Christin. Defense software that can close off the most common tactics makes it even harder for attackers, he says.
A Dollar For Your Data June 8, 2012
Individuals struggle to put a value on their data. And within today's market structure, the value can vary dramatically depending on how it's measured, but often information is exchanged for mere pennies, says Alessandro Acquisti, researcher at Carnegie Mellon CyLab. "I would like these services to succeed," Acquisti says. "At least they provide some more transparency. But I fear they may not."
Over-55s pick passwords twice as secure as teenagers' June 1, 2012
"This is one of the rare studies based on a large set of passwords that are actively used and have been obtained legitimately," says Lujo Bauer, who studies passwords at Carnegie Mellon CyLab in Pittsburgh, Pennsylvania. Most other studies are based on leaked databases that may be incomplete.
Facial detection cameras ready to creep out San Francisco bar patrons May 18, 2012
"These apps are bridgeheads, or perhaps trojan horses, for more powerful (and probably more intrusive) services to come," wrote Carnegie Mellon CyLab researcher Allesandro Acquisti, in an e-mail sent to Ars on Thursday. "What we don't see are the long term risks, that more and more information gathered and analyzed about us will allow others to influence and control us. Perhaps that sense of creepiness many feel when they hear about certain identification technologies is nature's way of telling us that something, down the line, may not be right."
We may not trust Facebook, but we don't quit it either, shows poll May 17, 2012
Alessandro Acquisti, an economist who studies privacy at Carnegie-Mellon CyLab, told Bob Sullivan, "The privacy issue may be polarizing because the penalty for avoiding social networks is becoming more severe over time." Acquisti continued: "Not having a mobile phone now would dramatically cut you off from professional and personal life opportunities. It's the same story with social networks."
CMU professor tells Congress Social Security IT should embrace the cloud May 10, 2012
"In the 30 years since many of the existing (Social Security Administration) systems were first stood up, storage capacities, network bandwidth, processing power, and the cost of these things have all improved by between 4 and 6 orders of magnitude," Carnegie Mellon CyLab researcher William Scherlis said in written testimony. "That’s a factor of a million. If skyscrapers increased in height by that factor, they would scrape the moon."
The Post-Cash, Post-Credit-Card Economy April 28, 2012
Alessandro Acquisti, a researcher at Carnegie Mellon CyLab smiled. If today all you need to do is enter your phone number and PIN when you visit a store, perhaps tomorrow, he said, that store will be able to detect your phone by its unique identifier as soon as you enter. Perhaps in the not-too-distant future, he went on, you won’t have to shop at all. Your vast piles of shopping data would be instead collected, analyzed and used to tell you exactly what you need: a new motorcycle from Ducati, perhaps, or purple rain boots in the next size for your growing child. Money will be seamlessly taken from your account. A delivery will arrive at your doorstep.
Big Mac Attack: Apple Security Bruised after OS X Infections April 25, 2012
"In the computer community we've been saying for five, six, seven years that Mac is not more immune to computer viruses than Windows PCs or even Linux boxes, " says Nicolas Christin, researcher at Carnegie Mellon CyLab. "The only reason Macs were not massively targeted is that they didn't have enough of a market share to make them interesting for a hacker to devote resources to try to compromise those machines. Now that they've acquired a fairly sizeable market share, it makes sense that the bad guys would focus some attention on the Mac platform."
To Read All Those Web Privacy Policies, Just Take A Month Off Work April 19, 2012
"If people were to actually stop and read all of them for every website that they visited, they could spend on the order of 200 to 250 hours a year — about a month of time at work each year that you could spend reading privacy policies," says CyLab researcher Lorrie Cranor. "It's insane."
Using Foursquare Data to Redefine a Neighborhood April 18, 2012
Norman Sadeh, a researcher at Carnegie Mellon CyLab who is working on Livehoods, says social media can help define an urban space's characteristics because it "really speaks at such a finer level than the data people have been relying on in the past," such as census data.
How to meet the challenges of 21st century security and privacy April 18, 2012
CyLab Distinguished Fellow Richard Power asks, "Social media has evolved at a mind-boggling pace, and it has already had a profound impact on politics, geopolitics, culture, media, etc. and this profound impact is on a global scale. For me, Facebook and Twitter are proven to be fascinating laboratories. With social media, the personal and the professional are increasingly entwined, and this entwining has presented us all with unprecedented challenges and opportunities personally and professionally. What are the essential elements of a practical, effective social media policy for major corporations?"
Using Crowdsourcing to Protect Your Privacy April 3, 2012
"The basic idea here is: How do you help people who are not experts in network and computer security understand what an app is doing?" says Jason Hong, a CMU CyLab computer scientist who is one of the leaders of the project. "You are outsourcing people to read privacy settings and tell you what is interesting about it."
Just How Much Is Your Privacy Worth? March 21, 2012
"What people say in surveys is that they care about privacy, but what they actually do is spend their time constantly updating their status on Facebook," says Alessandro Acquisti, researcher at Carnegie Mellon CyLab. "This has led some to conclude that people no longer care about privacy. This new data, along with similar work we have done in the U.S., shows this is not the case, and that the desire for privacy is not dead after all."
The Soul of the New Hacktivist March 17, 2012
Anonymous rewrote the hacktivist playbook. It began to challenge a far broader political and economic order. "This really is cyberwar, and I don’t use that term in a sensational way," said Richard Power, Distinguished Fellow at Carnegie Mellon CyLab, who chronicled the cybercrime of the 1990s in his book "Tangled Web." "You’re looking at not just one particular cause. You’re attacking the whole power structure. It involves some core critique."
Carnegie Mellon CyLab Researchers Develop New Smartphone App To Protect Consumers From Cybercriminals And Unsafe Communications March 12, 2012
"SafeSlinger provides you with the confidence that the person you are communicating with is actually the person they have represented themselves to be," CyLab Research Programmer Michael Farb said. "Perhaps the most impressive feature is that SafeSlinger provides secure communications and file transfer even if the servers involved are tainted with malware."
CyLab Intros SafeSlinger Mobile Security App March 12, 2012
"With SafeSlinger, users can gain control over their exchanged information through end-to-end encryption, preventing intermediate servers or service providers from reading their messages or other sensitive stored data in their smartphones," said Adrian Perrig, technical director of Carnegie Mellon CyLab and a professor of electrical and computer engineering at CMU.
The Perilous Path to a New Privacy February 27, 2012
CyLab Distinguished Fellow, Richard Power, explains, "Thanks to the weakness of operating system, network and application software security design, and the band-aid nature of most security solutions, our privacy is a like a big fat carp in a barrel for organized cyber criminals. In the 20th century there was an expectation of privacy, privacy was something to be defended, protected, but in the 21st century privacy is something to be created by will and cunning and with ongoing personal effort.)"
Google, Facebook bypass IE privacy settings; researchers say Microsoft knew since 2010 February 21, 2012
Lorrie Faith Cranor, Director of Carnegie Mellon University's CyLab "Usable Privacy and Security Laboratory" told ZDNet that Microsoft was alerted to this "potential P3P-centric privacy breach in 2010. Here's a paper she and some of her students wrote about it. She also did a blog post on February 18 on the Microsoft-sponsored Technology/Academics/Policy site noting not just Google, but Facebook, also can track IE users via the same P3P loophole."
Microsoft: Google violates our users' privacy too February 21, 2012
A a result, many sites -- including Facebook -- have been exploiting a P3P loophole to get around the privacy settings. A September 2010 paper published by four Carnegie Mellon CyLab researchers found that roughly half of the 33,000 websites they reviewed deliberately tricked Internet Explorer into allowing cookies that would otherwise be blocked.
Professor Patrick Tague Receives NSF CAREER Award February 2, 2012
CyLab reseacher Patrick Tague offers, "For me, the CAREER award provides funding for a PhD student for 5 years to work on the project. The project duration is possibly the most important aspect of the award, as it provides the resources to take a very deep dive into the project instead of just scratching the surface. It's an honor to receive the award and to be recognized by NSF and my peers in the community."
How to Beat Facial-Recognition Software January 26, 2012
"The more researchers come up with techniques to hide or mask faces to avoid computer face recognition, the more other researchers will come up with techniques able to bypass those protections," CyLab researcher Alessandro Acquisti said. "The conditions under which a human face will not be recognizable by a computer will be the conditions under which also humans cannot recognize each other."
Could Google's data hoarding be good for you? January 26, 2012
"At the moment in the US, there are almost no protections," says Lorrie Cranor, researcher at Carnegie Mellon CyLab. "It would be good to have some baselines established - certain types of data uses that can't be done. To really make it illegal for companies to go and sell this info to your employer or your insurance company, for instance."
5 Questions, Answers About The Megaupload Case January 20, 2012
"What is interesting is that the Justice Department used the fact that Megaupload had servers in the U.S. to go after them," said Carnegie Mellon CyLab researcher Nicolas Christin. "I think they wanted to make a statement that if you violate copyright laws and do any sort of business in the United States, we can go after you."
In the future, can you remain anonymous? January 13, 2012
"To match two photos of people in the United States in real time would take four hours," said Alessandro Acquisti, professor and researcher at Carnegie Mellon CyLab. "That's too long to do in real time. But assuming a steady improvement in cloud computing time, we can soon get much closer to that reality than many of us believed."
Facial recognition technology creates privacy headaches for agencies January 5, 2012
While law enforcement agencies experiment with matching images of unknown persons with photos posted on the Internet, the Federal Trade Commission held a December workshop to discuss privacy ramifications. Carnegie Mellon CyLab researcher Alessandro Acquisti demonstrated how to identify strangers using webcams, off-the-shelf facial recognition software and data from social networks.
Consumers turn to do-not-track software to maintain privacy December 29, 2011
A study titled "Why Johnny Can't Opt Out," published last month by Carnegie Mellon University's CyLab, found serious usability flaws in nine top anti-tracking systems. "Our research found that these tools are difficult for consumers to use properly," says CyLab researcher Lorrie Faith Cranor.
Face Recognition Makes the Leap From Sci-Fi November 13, 2011
“It’s a future where anonymity can no longer be taken for granted — even when we are in a public space surrounded by strangers,” says Alessandro Acquisti, a researcher at Carnegie Mellon CyLab who directed the studies. If his team could so easily “infer sensitive personal information,” he says, marketers could someday use more invasive techniques to identify random people on the street along with, say, their credit scores.
Online Privacy Tools Don't Work Well, CMU Researchers Find November 8, 2011
The online tools were challenging to understand and configure. As a result users were "unable to make meaningful choices," researchers found. Users struggled to install and manage blocking lists and often thought just having the tools was enough to block online behavioral advertising, not realizing they were disabled by default and had to be configured first, the report said. A participant spent 47 minutes going through all the opt-out instructions for one tool, which were available only in Japanese, said Lorrie Cranor, researcher at Carnegie Mellon CyLab.
The Future of Riots November 1, 2011
"Your face is a veritable conduit between the off-line and online worlds, and you can't change it," says Alessandro Acquisti, a researcher at Carnegie Mellon CyLab, in Pittsburgh. In research presented just prior to the London riots, Acquisti's team used a combination of off-the-shelf face recognition software, cloud computing, and data publicly available from social networks to uncover information about people just from their photographs.
If you tried to opt out of online tracking, it probably didn't work November 1, 2011
CyLab researcher Lorrie Cranor says one of the reasons this is so hard is that there's no common standard among the companies. "One way to do it would be to have a common standard and there are some efforts to create such a thing. The other approach is to have a tool that's constantly updating itself to find every tracker out there and adding to the block list. Some of those tools are good, but they block the desirable content. If you want to play some games like Farmville, depending on how you had this thing set up, it might prevent you from doing that."
Guard against Social Security child identity theft October 21, 2011
According to Carnegie Mellon Cylab, "one reason that minor Social Security numbers are so valuable is that there is currently no process or organization, like an employee or creditor, to check what name and birth date is officially attached to that Social Security number. As long as an identity thief has a Social Security number with a clean history, the thief can attach any name and date of birth to it."
Bono Mack: Industry Not Doing Enough to Protect Consumers Online October 13, 2011
In fact, one witness at the hearing, put the problem with 30-page, small type privacy policies into perspective. Alessandro Acquisti, researcher at Carnegie Mellon CyLab, said that the opportunity cost of everyone actually reading all those policies would be about two-thirds of a trillion dollars.
Carnegie Mellon's Information Networks Institute and Web Wise Kids Launch Free, Educational Social Networking Mobile App for Kids October 12, 2011
"In creating this mobile app, we're combining the strengths of two organizations with experience and passion for online safety. We have mutual respect for each other's use of educational games to engage young Internet users and teach lasting lessons in cyber citizenship. We've also joined forces with global security leader Trend Micro and The Wireless Foundation, two organizations dedicated to online security, privacy and the education of kids and families about all of these issues. I feel it's a tremendous opportunity to reach teens through mobile devices," says Dena Haritos Tsamitis, director of the Information Networking Institute and head of education, training and outreach for Carnegie Mellon CyLab.
Stanford Researcher Finds Lots of Leaky Web Sites October 11, 2011
Meanwhile, a Carnegie Mellon CyLab researcher named Alessandro Acquisti has taken photographs of random strangers on a college campus and used facial recognition technology to “re-identify” roughly a third of them from a rich trove of publicly available photographs on Facebook. Even more remarkably, so much personal data now lies scattered online that he was able to glean their Social Security numbers in about a fourth of the cases.
As Kids Go Online, Identity Theft Claims More Victims October 10, 2011
A recent study based on identity scans of over 40,000 children in the U.S. conducted by Richard Power, Distinguished Fellow at Carnegie Mellon CyLab, found 10.2 percent of the children in the report had someone else using their Social Security number. That figure is 51 times higher than the 0.2 percent rate for adults in the same population.
Here comes anyware October 8, 2011
They will also need to monitor closely the impact that new kinds of devices have on individual privacy. Concerns have already been raised about smartphones’ location-tracking capabilities, which can reveal users’ whereabouts if data are not properly protected. Wearable devices that track people’s vital signs are also going to be collecting mountains of extremely sensitive information. “We are all part of a brave new experiment in privacy whose outcome is unclear,” says Alessandro Acquisti, a researcher at Carnegie Mellon CyLab.
Internet routing - Safe passage October 3, 2011
The CMU researchers' proposal is known as SCION (which expands, rather ponderously, to Scalability, Control and Isolation on Next-generation Networks). "Even if you make a mistake in SCION, you won't mess up other peoples' traffic," assures CyLab researcher Dr. Adrian Perrig.
Internet Authentication's Wild Ride October 3, 2011
O'Brien is among many security experts who believe the answer is in crowdsourced trust as laid out by initiatives such as the Carnegie Mellon University Cylab Perspectives project and Moxie Marlinspike's Convergence system. These solutions depend on a list of "notaries" that a user could choose to use to authenticate a website rather than one centralized CA.
Cloud-Powered Facial Recognition Is Terrifying September 29, 2011
The research team at Carnegie Mellon understand the potential problems posed by this convergence of facial recognition technology and the vast Web of publicly available information. CyLab researcher Alessandro Acquisti told Steve Hann at Marketwatch after a demonstration that the prospect of selling his new app or making it available to the public "horrifies him." And while there are certainly limits to what software like PittPatt can distill from the cloud, the closing gap between life offline and life in the cloud is becoming more observable with each progressive breakthrough.
Will advanced biometrics automate future war machines? September 28, 2011
The camera-based system, which can work at about 12 meters, is supposed to be able to automatically pan and tilt to capture iris scans throughout a crowd. Dr. Marios Savvides, director of Carnegie-Mellon University's CyLab Biometrics Center, said the gear should properly be mounted on a military vehicle, such as a tank, and used to scan a crowd remotely at a checkpoint. The long-range iris-recognition equipment Carnegie-Mellon University has put together include a "soft biometrics" for identifying individuals based on gender, ethnicity and age, too, plus whether they have a moustache or wear glasses. "We're looking at people trying to evade the system," said Savvides. "We have a beard category."
Facial recognition marks the end of anonymity September 26, 2011
CyLab researchers Ralph Gross and Alessandro Acquisti say the software brings us one step closer to both being able to confirm the identify of a familiar face on the street, as we as it being easier for criminals to access your private accounts. Marios Savvides, director of the CyLab Biometrics Lab, demonstrates a wearable facial recognition device and considers, "what next-generation law enforcement may look like."
Facial Recognition: Facebook Photo Matching Just the Start September 22, 2011
"The bigger picture here was to show that we're getting closer to a world where online and offline data blend seamlessly, where you can start with an anonymous face in the street and you can end up identifying something extremely sensitive about the person by combining these different technologies," says the leader of the team, Carnegie Mellon CyLab researcher Alessandro Acquisti.
Why It’s Not Easy to Freeze Your Child’s Credit File September 21, 2011
A report this spring from CyLab, a research center at Carnegie Mellon University, said an analysis of 43,000 children registered with a commercial identity protection service found that 10 percent of them had someone else using their Social Security number. But the statistical significance of the finding in the general population is undetermined, the report said.
New App Can ID Complete Stranger's Facebook and Social Security No. September 9, 2011
Alessandro Acquisti, Ph.D, a researcher at Carnegie Mellon CyLab has designed an iPhone app that functions as a front end for PittPatt's facial recognition technology. As mentioned, it can identify strangers Facebook profiles with startling accuracy. And that's not all it can do. It also incorporates searches of public databases that allows it to make a good guess at your social security number. If it knows your date of birth (e.g. if your Facebook profile is public), there's a good chance it can ID your social security number.
9/11's effect on tech September 8, 2011
A couple weeks ago at a conference in Las Vegas, a researcher from Carnegie Mellon CyLab named Alessandro Acquisti showed me a neat trick. He takes out his iPhone and boots up a custom-made app. It's designed to take a picture of a person -- any person -- then using a facial recognition program made by PittPatt, the app compares that picture to profile photos published on Facebook. And bingo -- the person's identity is revealed.
Scotland Yard Tightens the Pincers on Anonymous September 6, 2011
The attacker used a fake SSL certificate issued by Dutch root certificate authority DigiNotar. "These certificates could be used as part of attacks designed to harvest user Gmail credentials and gain access to sensitive data," Norman Sadeh, cofounder of Wombat Security Technologies and researcher at Carnegie Mellon CyLab, told TechNewsWorld.
Humans Trump Machines in Facial Recognition September 2, 2011
Alessandro Acquisti, an researcher at Carnegie Mellon CyLab and co-author of the recent study on IDing people from a database of Facebook photos, said the technology has progressed but has a long way to go. “The observation that face recognizers’ ability to detect and recognize faces is improving is quite undeniable,” Acquisti wrote in an email. “The observation that they still significantly underperform humans at that task, however, is also undeniable.”
How Secure Is Your Cellphone Privacy? August 25, 2011
"It's hard enough for security professionals to protect themselves. It's even harder for nonexperts to protect themselves,” said Dr. Adrian Perrig, technical director of Carnegie Mellon CyLab. In addition to voice mail, he said hackers can also record conversations and follow someone’s every move. "Cellphones could take your photograph without you knowing and also take photos of your surroundings,” said Perrig.
Hackers Hijack Websites In Online Pharmacy Scam August 12, 2011
"Legitimate health resources are completely crowded out," says Nicolas Christin, a computer scientist at Carnegie Mellon University and researcher at CyLab who discovered that 32 percent of sites that turn up in search results for prescription drugs had been infected with malicious code. "It's very hard to find legitimate pharmacies, or information like what the [Centers for Disease Control and Prevention] would give you. This is drowned out in a sea of rogue results."
Illegal sites snare users on lawful drug sites August 12, 2011
By flooding the search results, Carnegie Mellon CyLab researcher Nicolas Christin said, the advertisers are redirecting Web traffic to their sites and targeting those most likely to make a purchase. "They are getting people who are actually searching for those things, so you can imagine they are getting a lot more interested customers," said Mr. Christin, who is associate director of CMU's Information Networking Institute.
Carnegie Mellon's Nicolas Christin tracks illegal online pharmacies August 11, 2011
"We have known for some time that unauthorized online pharmacies have been using email spam to tap the wallets of unwary online consumers, but that method did not blanket enough customers so now the online thieves are infecting websites to redirect unwary consumers to hundreds of illegal online pharmacies,'' Carnegie Mellon CyLab researcher Nicolas Christin says.
Carnegie Mellon's Gregory Ganger and Priya Narasimhan To Head Two New Intel Science and Technology Centers August 9, 2011
Carnegie Mellon CyLab researchers Gregory Ganger and Priya Narasimhan will head two new Intel Science and Research Centers (ISTC) based at CMU that will focus on cloud and embedded computing. Each center involves multiple universities and will receive $15 million over the next five years. "This will be an excellent platform for open collaboration research into underlying technologies essential to allowing cloud computing to reach the promise of dramatically improving efficiency, ubiquity and productivity for large-scale and user-facing applications across so many critical areas of information technology, from social networks to medicine, science and government," said Ganger.
Facial recognition software can ID your SSN August 1, 2011
"It is possible to identify strangers and gain their personal information — perhaps even their Social Security numbers — by using face recognition software and social media profiles," Carnegie Mellon University said, in announcing the findings of CyLab researcher Alessandro Acquisti and his team.
Face recognition and social media meet in the shadows August 1, 2011
"As of today, automated face recognition is still pretty bad, but it keeps improving," says Carnegie Mellon CyLab researcher Alessandro Acquisti. "If you look at the technological trends in cloud computing, the accuracy of face recognizers, and online self-disclosures, it is hard not to conclude that what we present today as a proof-of-concept in our study; will tomorrow become as common as everyday text-based searches on a search engine."
Face-ID Tools Pose New Risk August 1, 2011
Armed with nothing but a snapshot, researchers at Carnegie Mellon CyLab in Pittsburgh successfully identified about one-third of the people they tested, using a powerful facial-recognition technology recently acquired by Google. Prof. Alessandro Acquisti, the study's author, also found that about 27% of the time, using data gleaned from Facebook profiles of the subjects he identified, he could correctly predict the first five digits of their Social Security numbers.
Anonymous no more July 30, 2011
The study's authors, Alessandro Acquisti, Ralph Gross and Fred Stutzman, all at America’s Carnegie Mellon CyLab, ran several experiments that show how three converging technologies are undermining privacy. By mining public sources, including Facebook profiles and government databases, the researchers could identify at least one personal interest of each student and, in a few cases, the first five digits of a social security number.
Electronic pickpocket apps July 26, 2011
When the phone came near one of those RFID credit cards, it activated the phones scanning ability and surreptitiously emailed the credit card information to an email account. In the demonstration it went to his own email account. We checked with researcher Patrick Tague of Carnegie Melons Cylab, who verified, that indeed, this kind of theft is quite possible.
Consumers are willing to pay more to protect their privacy online July 14, 2011
Lorrie Cranor, researcher at Carnegie Mellon CyLab, explains, "Well, we set it up so that so that people did a search with a search engine that looked very much like a Google search engine, and when they got their search results, we annotated the search results with a privacy meter. So you could see at a glance which sites had high privacy, medium privacy and low privacy."
Online Consumers Willing to Pay Premium for Net Privacy, Study Finds July 11, 2011
Online consumers thought to be motivated primarily by savings are, in fact, often willing to pay a premium for purchases from online vendors with clear, protective privacy policies, according to a new study by Janice Y. Tsai, Serge Egelman, Lorrie Cranor, and Alessandro Acquisti of Carnegie Mellon CyLab. "Our study indicates that when privacy information is made more salient and accessible, some consumers are willing to pay a premium to purchase from privacy protective websites," write the authors.
21st Annual Conference Computers, Freedom & Privacy: "The Future is Now" June 9, 2011
CFP2011 is at the intersection of policy, technology, and action. The meeting will involve technology and policy experts and activists in forums designed to also engage the public and policymakers in discussions about the information society and the future of technology, innovation, and freedom. Several Carnegie Mellon CyLab faculty and students from are scheduled to participate in this year's CFP Poster Session. The selected submissions will provide one-on-one discussions of topics.
10 Things You Didn't Know About Social Security June 8, 2011
Social Security numbers have been assigned shortly after birth since 1989, which makes younger American's Social Security numbers somewhat predictable if you know a person's date of birth and home town, which is common information that young people list on social networking websites, according to research by Alessandro Acquisti,a researcher at Carnegie Mellon CyLab. "Do not offer personal information such as date of birth and hometown publicly," he advises.
Social media full of perks, pitfalls for politicians June 5, 2011
Social media sites offer politicians unfiltered access to constituents, but the medium's immediacy - hit "send," and the message forever becomes available to the world - combined with its attractiveness to hackers paves the way to pitfalls and pratfalls. If a person enters the public eye, "that person's going to be a bigger target," said Nicolas Christin, researcher at Carnegie Mellon CyLab.
Cybersecurity research consortium: New tech on the way June 2, 2011
More industrial control systems are becoming connected to the Internet, said Richard Power, director of strategic communications at CyLab at Carnegie Mellon. "Everything's running on off-the-shelf software," he said. The electrical grid's growing connection to the Internet "has moved forward for performance, it's moved forward for convenience. It's moved forward in many different ways, but not in terms of security."
New recovery system restores virus-infected computers, could be used by agencies June 1, 2011
The so-called intrusion recovery system is one of about a dozen research projects under way at MIT, as well as Purdue and Carnegie Mellon universities, sponsored by the Northrop Grumman Cybersecurity Research Consortium for possible deployment at government agencies. The industry-academia partnership, which was established in late 2009, shared some of its progress with reporters Wednesday.
University projects to secure cyberspace could soon bear fruit June 1, 2011
The consortium is an effort to fund research in forward-looking technologies rather than to respond to the latest attacks. “Keeping good guys ahead of the curve is a difficult proposition,” said Richard Power, director of strategic communications for Carnegie Mellon’s CyLab.
Northrop Grumman and Academia Cite Progress in Tackling Nation's Most Pressing Cybersecurity Threats June 1, 2011
"Cybersecurity is vital to economic prosperity, personal privacy and national security; and academic research is vital to the advancement of cybersecurity," said Richard Power, distinguished fellow, director of strategic communications for Carnegie Mellon CyLab. "The Northrop Grumman Cybersecurity Research Consortium provides us with a new research model, emphasizing technology transition."
Protect Your Privacy Online May 9, 2011
Not all companies disclose their practices. When companies do, their privacy policies are often long and incomprehensible. And changes are tough to keep up with, says Alessandro Acquisti, professor and researcher at Carnegie Mellon CyLab. "Technology improves so quickly, by the time consumers understand one issue, there's a new one to worry about.
2011 State of Cyberethics, Cybersafety and Cybersecurity Curriculum in the U.S. Survey May 4, 2011
"The survey reveals a critical need for new curricula and teacher training that will encourage safe, secure and responsible behavior among school students," said Dena Haritos Tsamitis, director of Carnegie Mellon University's Information Networking Institute, as well as director of education, training and outreach at the university's CyLab. "It's essential to address this need in order to prepare a cybersavvy workforce for our nation's future."
Sony Breach Ignites Phishing Fears April 28, 2011
"The correlation of data is very useful," says Nicolas Christin, researcher at Carnegie Mellon CyLab. "You combine the e-mail address with other information, and it's easy for fraudsters to turn that combined information into cash. People also have to realize that privacy online is hard to maintain. Consumers should be very much on the defensive."
When trusted IT pros go bad April 19, 2011
An annual survey by CSO magazine, the U.S. Secret Service and CERT, routinely finds that three quarters of companies that are victimized by insiders handle the incidents internally, says Dawn Cappelli, CyLab researcher and technical manager of CERT's Insider Threat Center. "So we know that [what's made public] is only the tip of the iceberg," she says.
My Baby Has A License? April 12, 2011
A Distinguished Fellow at Carnegie Mellon CyLab, Richard Power has examined 40,000 identity records provided by Debix a US Identity monitoring company. Mr. Power states "ID thieves are targeting children because their IDs are pure and the crime will likely go undiscovered for many years."
Epsilon Breach: How to Respond April 5, 2011
Nicolas Christin, researcher at Carnegie Mellon CyLab, says the breach is a concern because of the massive number of e-mail addresses Epsilon possesses. "What struck me was the magnitude of the breach," he says. "This is a very, very large marketing company that has access to a number of e-mail addresses."
Child identity theft is on the rise April 4, 2011
Richard Power, Distinguished Fellow at Carnegie Mellon CyLab who authored the study (PDF), says that social security numbers were the number one point of entry to this kind of theft. Most parents don't go around posting their kids social security numbers on lampposts but might not even think twice about jotting it down on a registration for soccer, where the data might not be so secure.
Thieves are stealing children's identities April 1, 2011
While 1 in 10 children in the database had their identities stolen, only 0.2% of the adults fell victim in the same way, CyLab Distinguished Fellow Richard Power says, and that stark contrast raises questions. "Are child Social Security numbers a hot commodity?" Power writes. "Are cyber criminals and other fraudsters seeking them out? Are child IDs preferable for fraudsters?"
Report: Child ID theft on the rise April 1, 2011
Data examined by Richard Power, a distinguished fellow at the school’s CyLab research center, offers hints that identity thieves are specially targeting children when picking victims. "These were 4,000 kids in there with gun licenses, mortgages, car loans and driver’s licenses. That's crazy," Power said.
Identity theft's next frontier: Your kids April 1, 2011
The report’s author and CyLab Distinguished Fellow, Richard Power, concluded: "Although the data’s statistical significance is yet to be determined, it is certainly profoundly significant on a practical, human level to the thousands of children and families who have thus been victimized. Furthermore, from my perspective, having tracked the evolution of cyber crime over two decades, it is only common sense to surmise that the problem goes beyond those breached accounts included in this report, and that there are many thousands more children and their families at risk."
Privacy: Facebook's Achilles heel March 28, 2011
If you make your date and state of birth available to the public on Facebook or any other online profile, there's a good chance most or all of your Social Security number can be predicted--especially if you were born after 1988 in a state with a small population. Carnegie Mellon University researchers Alessandro Acquisti and Ralph Gross explained how this is possible in a research paper also published in 2009.
Is It Time For Privacy Nutrition Labels? March 23, 2011
“The quantifying is not actually that challenging,” says one of the Carnegie Mellon CyLab researchers, Lorrie Cranor. “The question is, ‘Is the company doing it or not?’ As a consumer, I just want to know, ‘Are you sharing my data or not?’”
Is the Internet Destroying Privacy? March 22, 2011
"It may be that social norms just haven’t completely developed yet, but we end up revealing so much more than we likely would have without the Internet, and we reveal it to a much wider range of people," said Lorrie Cranor, director of the CyLab Usable Privacy and Security Laboratory at Carnegie Mellon University.
New concern: The social media divide March 16, 2011
"Not having a mobile phone now would dramatically cut you off from professional and personal life opportunities. It's the same story with social networks," Alessandro Acquisti, a researcher at Carnegie Mellon CyLab, said. "The more people use them for socializing and for their professional life, the more costly it becomes for others (who aren't members) to be loyal to their views."
Study: Social media polarizes our privacy concerns March 10, 2011
Alessandro Acquisti, a researcher who studies privacy at Carnegie Mellon CyLab, said he's not surprised that battle lines are being drawn around use of social networks. "Once people make a decision, they tend to become even more militant about their decision," he said. The phenomenon is sometimes called confirmation bias, as people tend to see only factors that confirm the "rightness" of earlier decisions. "First I select myself into my group — for or against social networks — then I prove to myself the decision was right."
Why should I care about digital privacy? March 10, 2011
"On one end is attitude, and on the other is behavior, but in between there are many steps. It's not obvious what you should do to protect your privacy," said Alessandro Acquisti, a researcher at Carnegie Mellon CyLab. "And the more technology savvy among us have this feeling that we're giving it up, but we realize it is close to impossible to protect your personal information, not even if you start living like the Unabomber in a cabin. If you want to function as a normal person in society you have to."
Anonymous E-Mails Can Be Traced to Authors, Concordia U. Research Shows March 10, 2011
David Brumley, a researcher at Carnegie Mellon CyLab, says tracking down the authors of anonymous e-mails is extremely difficult. “If the person is intelligent in what they do and plans it out, it usually leads to a dead end,” he says.
Pradeep Khosla, Dean of Engineering at Carnegie Mellon University, Appointed as Infosys Prize Jury Chair March 3, 2011
The Infosys Science Foundation announced the appointment of Professor Pradeep Khosla, Founding Director of CyLab, Dean of the College of Engineering, and the Philip and Marsha Dowd University Professor at Carnegie Mellon University, as the Jury Chair for the Infosys Prize for Engineering and Computer Science.
A few more facts about QR codes March 2, 2011
The information is stored in the blocks that the reader changes into bytes, said Jason Hong, researcher at Carnegie Mellon CyLab. “It’s not a lot, it’s just thousands of bytes, but it’s still useful because it can still contain a hyperlink to Web content, or it can be a very short sound file or a small image.” It’s a physical hyperlink, Hong said, that can connect the real world with the digital one.
Q&A: Cyber-espionage February 17, 2011
Pradeep Khosla, founding director of Carnegie Mellon CyLab says, "The individual consumer can't do anything, because we rely on technology supplied by big companies and providers. It's a very complicated thing, because half the story is technology, and half the story is policy. And the policy impacts privacy and investments... Something bad has to happen for us to figure this out."
This football will tell you if it's a touchdown January 29, 2011
Priya Narasimhan, a researcher at Carnegie Mellon CyLab, and her team of 10 engineering students have developed a "smart football" with a miniature GPS unit and accelerometer, both contained in a half-ounce microchip inside the ball. The chip can measure factors such as ball speed, spin, trajectory and — even when it's buried under a pile of players — the precise location of the football.
Loss of privacy highlights cost, CMU professor says January 27, 2011
"There are two converging trends people need to consider. First, there is more and more self-disclosure online, where we give away little pieces of data, and the other side of that is the ability of data mining to scour those pieces to build a complete profile of your life," CyLab researcher Alessandro Acquisti said. "It's difficult for us as users to predict how those different pieces of data will be used by others."
Forum targets online privacy January 27, 2011
Concerns over unfortunate photos or embarrassing remarks living in cyberspace could lead to a cottage industry of "personal brand management," said CyLab researcher Lorrie Cranor. That was just one concern raised by five Carnegie Mellon University privacy scholars assembled on Wednesday as part of a daylong showcase on data privacy research.
Phone Apps Give Up Personal Info January 25, 2011
"Not only are they not aware of it, they are unusually exposed to it and have very few ways to protect themselves," said Nicolas Christin, a researcher from CyLab at Carnegie Mellon University. He said the information that's surrendered when a phone user signs up for an app is valuable in the world of mobile marketing.
Passwords Easily Broken If You Don't Get Creative January 19, 2011
CyLab researcher Nicolas Christin suggests the best defense for staying safe is to use long passwords, even as long as 16 characters. Whatever you choose, the idea is to make your keystrokes tricky."I try to think of something relevant, such as the character in a book I like, something that I would know is important to me but nothing that somebody else knows," Christin said.
Security fail: When trusted IT people go bad January 18, 2011
An annual survey by CSO magazine, the U.S. Secret Service and CERT routinely finds that three quarters of companies that are victimized by insiders handle the matter internally, says Dawn Cappelli, researcher at Carnegie Mellon CyLab and technical manager of CERT's threat and incident management team. "So we know that [what's made public] is only the tip of the iceberg," she says.
Crooks Can Guess Digits in Your Social Security Number, Study Finds January 9, 2011
Carnegie Mellon CyLab researchers Alessandro Acquisti and Ralph Grossy took advantage of a couple of practices of the Social Security Administration. As they say, "If one can successfully identify all nine digits of a SSN in fewer than 10, 100 or even 1,000 attempts, that Social Security number is no more secure than a three-digit PIN."
Attacking Websites Is Surprisingly Easy Social Protest December 13, 2010
Denial-of-service attacks may be a hassle for companies, but Nicolas Christin, CyLab faculty and associate director of the Information Networking Institute, says they pose little danger to the consumers. The infrastructure that houses personal finance information isn't being accessed by attackers -- they're simply flooding the website with "calls."
Analyst: Cybercrime Is 'Spiraling Out Of Control' December 7, 2010
"There’s a lot of work to do. In 2000, there was virtually no online crime, and now 10 years later, it’s probably a billion-dollar industry. It’s really spiraling out of control," says Nicolas Christin, a researcher at Carnegie Mellon CyLab. "I really want to get it under control before people say the Internet is useless."
Rule targets computer privacy December 2, 2010
Dr. Lorrie Cranor, a researcher at Carnegie Mellon CyLab, was among the first experts to testify at one of the FTC's roundtables in Washington, D.C., a year ago, and her input is cited several times in the report. "In general, it's a good idea," she said of the "Do Not Track" option. "From the research we've done at Carnegie Mellon, we know that a lot of Internet users don't like the idea of being tracked online and want an easy way to say 'I don't want that.'"
Alessandro Acquisti Discusses Privacy Attitudes and Behaviors November 22, 2010
CyLab researcher Alessandro Acquisti states that he feels it is possible, with current technologies, to have both security and privacy, and to not have to choose one over the other. He points out that for any conceivable transaction you can think of –payments, browsing, e-mail, voting, medical data –there exists technology to allow for secure and private transactions.
How To Stay Protected While Buying, Selling Online November 19, 2010
CyLab researcher David Brumley said it is important to update computer anti-virus software and computer software to prevent people from hacking into your hard drive, which enables criminals to steal credit card numbers and other personal information."He'll usually get in through a flaw in your software and so the people who make software like Microsoft periodically look for flaws and release updates to fix it, so if you are up to date, you are protected. If you are not up to date, you are in trouble," Brumley said.
Forcing browsers to use encryption November 15, 2010
Hodges wrote the original draft specification for HSTS with Collin Jackson, a former Googler and current researcher at Carnegie Mellon CyLab, "This allows for full-session encryption," Jackson told CNET. "A user won't see an insecure version of the site."
2010 Women of Influence award winners named November 9, 2010
The 2010 winner in academia is Dr. Lorrie Faith Cranor, associate professor of computer science and of engineering and public policy at Carnegie Mellon University, where she is director of the CyLab Usable Privacy and Security Laboratory (CUPS). Dr. Cranor has played a key role in building the usable privacy and security research community. She co-edited the seminal book Security and Usability (O'Reilly 2005), and founded the Symposium On Usable Privacy and Security (SOUPS).
Social networks: A great place to mine your alleged security questions November 9, 2010
In fact, the results largely confirm the work of Alessandro Acquisti, a researcher at Carnegie Mellon CyLab. In a nutshell, Acquisti found that you can predict Social Security numbers with the information folks are presenting on social networks.
Cyber Smart Kids November 3, 2010
“We want to promote safe computing with children before they’ve had the opportunity to develop risky behavior or bad habits,” Dena Haritos Tsamitis, director of education, training, and outreach at Carnegie Mellon CyLab told Ivanhoe. "For each mission, there’s a faculty member who will instruct them about the important parts of the game."
Facebook Snafu Highlights Growing Privacy Concerns October 19, 2010
"We tend to weigh more heavily the pleasure that we'll get out of the immediate reward than the risk that may be long term and further off," said Lorrie Cranor, a researcher at Carnegie Mellon CyLab and an expert on marketing strategies and privacy. "We see all sorts of security warnings pop up on our screen and we've gotten so used to just kind of swatting them away, and it's very rare that anything bad ever happens to us."
Internet anonymity at risk as real costs of free speech weighed October 16, 2010
Erasing Internet anonymity could result in much more of a surveillance-oriented society, said Lorrie Cranor, director of the CyLab Usable Privacy and Security Laboratory. In situations where an identification credential might be useful, Cranor supports using those created with cryptographic algorithms that would confirm users but not reveal their names, Social Security numbers or other private information.
CMU's Information Networking Institute, WQED Multimedia To Create Cybersecurity Outreach Programs October 14, 2010
"Because Carnegie Mellon is a leading research university in the areas that contribute to the interdisciplinary field of cybersecurity - engineering, computer science, public policy and business — we are in a perfect position to help educate the public about the importance of securing the global information network," said Dena Haritos Tsamitis, director of the INI, and director of education, training and outreach at Carnegie Mellon CyLab. "This new collaboration is a bold step forward in achieving our collective goals of safer Internet use."
Wombat Security Makes Online Games That Teach Cybersecurity Awareness, Nabs $750,000 US Airforce Contract October 8, 2010
The average person will ignore or forget content from emails with security warnings or company lectures when it comes time to actually apply that knowledge, says Norman Sadeh, co-founder of Wombat and a researcher at Carnegie Mellon CyLab. Wombat was founded on the idea that cybersecurity training is best done by engaging users with games.
Carnegie Mellon Spinoff YinzCam To Help Steelers Football Nation Stay Connected October 6, 2010
"The technology provides instant action and real-time action replays from any of four unique camera angles at Heinz Field during a Steelers game, including the NFL's Red Zone Channel," said Priya Narasimhan, a researcher at Carnegie Mellon CyLab and YinzCam, Inc's founder. "Because football is a game of inches, it is extremely important that fans get instant visualization of the entire game, and can stay in touch with the real-time game action, anytime, anywhere."
Intel Labs, Carnegie Mellon Jointly Research Clouds, Embedded Systems October 1, 2010
"The amplification [of people working on projects] is tremendous because we're collocated [on the CMU campus] like this," said Priya Narasimhan, director of the CyLab Mobility Research Center. She notes that for every Intel Labs researcher on site, there are about four CMU students. "That's the amplification you get."
CMU Students To Receive Accolades For Security Research From Lockheed Martin September 29, 2010
"This is a wonderful honor and a testament to our strong program in training the next generation of cyber warriors and intelligence analysts," said David Brumley, an assistant professor in CMU's Department of Electrical and Computer Engineering and Carnegie Mellon CyLab, one of the largest university-based cybersecurity research and education centers in the U.S.
Making Sci-Fi a Reality September 23, 2010
"In the face of hazards like smoke, heat and open electrical lines, the survival rate of individuals drops steeply as the time that they remain trapped increases," said Pei Zhang, CyLab researcher and creator of SensorFly. "In many cases, survivors are not conscious, or are immobilized, and therefore unable to attract the attention of rescue workers outside the building. SensorFly can enter the building in this scenario and search for survivors without risking lives or wasting the time of the rescuers."
Wombat Launches PhishGuru September 21, 2010
"Wombat’s unique suite of anti-phishing training solutions is by far the most comprehensive and most effective available today," said Carnegie Mellon CyLab Researcher and Wombat Co-Founder and CEO, Dr. Norman Sadeh. A study recently published in Scientific American, shows that a single campaign can reduce the chance of an employee falling for subsequent phishing attacks by more than 50 percent, with even more impressive reductions seen after just a few campaigns.
Professor's self-experiments in cybernetics have provoked debate in the field September 19, 2010
"I believe Professor Warwick's work is very profound," said Yang Cai, CyLab researcher and founder of Carnegie Mellon University's Instinctive Computing Lab, which studies videometrics and visualizations. Dr. Cai brought on Dr. Warwick as an official adviser to his lab last year. "He has had a lot of philosophical impact on issues between biological and robotic systems."
A Loophole Big Enough for a Cookie to Fit Through September 17, 2010
Lorrie Faith Cranor, director of the CyLab Usable Privacy and Security Laboratory estimates that more than half represent deliberate efforts to keep I.E. from blocking certain types of third-party cookies based on privacy policies. “I’m hoping companies will do the right thing, and it may take pressure form regulators to make that happen,” she says. “Beyond companies that are basically trying to look good on privacy, there is no incentive because you don’t have to do it.”
Mozilla fixes Firefox's DLL load hijacking bug September 8, 2010
Four of the vulnerabilities were reported to Mozilla by HP TippingPoint's Zero Day Initiative (ZDI), the largest commercial bug bounty program, while another was handed to Mozilla's developers by David Huang and Collin Jackson, of Carnegie Mellon University's Silicon Valley-based CyLab. The Huang/Jackson flaw could be used by attackers to bypass a site's cross-site scripting (CSS) defenses to inject and execute malicious JavaScript into the Web site.
Universities push to turn out cyber guards as demand explodes September 6, 2010
U.S. agencies face a shortage of professionals to protect America's computers and networks from assault, warns Carnegie Mellon University CyLab researcher Dena Haritos Tsamitis. "The government needs 1,000 people every year," said Tsamitis. "Higher-ed institutions across the country aren't even close to providing enough."
Facebook Places: Be your friends' 'Big Brother?' August 23, 2010
"People usually don’t broadcast to hundreds of friends, as well as strangers, at the same time your current, or presumed, location," said Alessandro Acquisti, a privacy expert and researcher at Carnegie Mellon CyLab. "I think it’s quite Orwellian. We have literally become each others’ Big Brothers."
How Your Business Can Avoid Being Collateral Damage In A Cyber War? August 23, 2010
"When China moves against the U.S. government or some large corporate entity (again), or vice versa, or some geopolitical dispute between Russia and one of its former states boils over into the EU, or Latin America or the Middle East erupt in hot cyber war, where will your enterprise be? " asks Richard Power, a Distinguished Fellow at Carnegie Mellon CyLab, "How can you possibly prepare?"
One World Pittsburgh: Entrepreneurs from across the globe are finding business success in southwestern Pennsylvania August 22, 2010
Priya Narasimhan, Carnegie Mellon CyLab researcher and President and Founder of entertainment tech company YinzCam, Inc., puts it: "Only in Pittsburgh would I have access to the people at a Stanley Cup-winning team or access to our Councilman, in order to drive technology to new places." Dr. Norman Sadeh, another CyLab researcher and founder of Wombat Security Technologies, adds, "What I like the most about the university is its culture of innovation and how it encourages both faculty and students to pursue their own ideas and have an impact in the real world. Entrepreneurship is very much at the core of the culture here."
Hacked smartphones pose military threat August 16, 2010
"All phones offer a lot of opportunity for observing what the operator is doing -- e-mail, GPS, finding restaurants," Carnegie Mellon CyLab researcher Adrian Perrig says. Malware can turn phone microphones on or snap photos surreptitiously, he says.
Browsers' private modes leak info, say researchers August 10, 2010
"There are some traces left behind [by all browsers] that could reveal some of the sites that you've been to," said Collin Jackson, an assistant research professor at the Silicon Valley campus of Carnegie Mellon University.
Ball Tracking Technology Headed for the NFL August 10, 2010
"We've readied this ball to withstand the impact of an NFL game, especially with people beating up on it," CyLab Researcher Priya Narasimhan said. "We have mechanical engineers in place to figure out the impact. We've had designers whose job was to design the technology to withstand the impact. Electrical engineers were put in place to make sure the technology did not circuit out."
The Economics of Privacy Pricing July 19, 2010
Carnegie Mellon CyLab researcher Alessandro Acquisti says those experts who say people don’t care about privacy are off-base. "When you have privacy, you value it more," said Mr. Acquisti. "But when the starting point is that we feel we don’t have privacy, we value privacy far less."
You Want My Personal Data? Reward Me for It July 16, 2010
In reality, we constantly make transactions involving our personal information," said Alessandro Acquisti, a researcher at Carnegie Mellon CyLab. Every search on Google, Mr. Acquisti notes, is implicitly such a transaction, involving a person "selling" personal information and "buying" search results.
Protect Yourself Against Facebook Scams July 14, 2010
"These kinds of scams were designed to try to make people fall for them because criminals are very clever about them and they are trying to actively find ways to get us to click on things," Carnegie Mellon CyLab security expert Jason Hong said.
Hackers Using Personal Contact Lists For Online Scheme June 30, 2010
CMU CyLab cyber security specialist David Brumley said this kind of hacking is becoming more common. He said the hacker will get into your account and they email everyone in your contact list. "There is a little bit of legitimacy with this to the recipient because it's coming from someone you know. The hope is you will be spear fished into sending this person money," explained Brumley.
Sypris Partners with Carnegie Mellon on Cyber Security Research June 29, 2010
"The 21st century cyber security threat matrix demands a 21st century strategy that will leverage the skills and resources from universities, corporations and the U.S. Government," stated Gene Hambrick, Director of Corporate Relations for Carnegie Mellon’s CyLab. "The CyLab and Sypris partnership is an excellent example of developing a strategically important long-term relationship that will impact the next generation of research and development in cyber security, privacy and dependability."
Pirates Pierogi Fired For Facebook Criticism June 21, 2010
"I think in general, anything that you wouldn't say to your boss, you might want to think twice about posting on Facebook if there's a chance that your boss could read it," said Professor Lorrie Cranor of Carnegie Mellon University CyLab, who believes in erring on the side of caution when deciding what is and is not appropriate to post online.
Those Scrambled Word Tests For Stopping Spambots Are Tough For Humans Too June 18, 2010
ReCAPTCHA uses a clever method of scanning real books for hard-to-read words, picking out ones that its software can't decipher and further distorting them to use as CAPTCHAs. The company's founder and Carnegie Mellon CyLab researcher Luis Von Ahn told us in 2008 that--unlike most CAPTCHA services including Google's and Microsoft's--their CAPTCHAs had never been "broken" by spammers' software.
Corporate Boards Weak On Security, But Improving June 16, 2010
CyLab Governance Study finds more than half of Fortune 1000 companies lack a CISO, but the number of organizations with cross-functional teams for managing security and privacy is up significantly.
Corporations not doing enough to protect data from Internet risk, CMU report says June 15, 2010
"The survey results indicate that boards and senior executives need to be more actively involved in the governance of the privacy and security of their computer systems and data, but this year's study shows some important areas of improvement," said Jody Westby, a distinguished fellow in CMU's CyLab, and CEO of Global Cyber Risk LLC, in a statement.
Cyber security may depend on getting employees on board with best practices May 31, 2010
Making sure an organization knows what sensitive information it has, identifying its trade secrets, then educating all employees on policies and procedures is key. “The problem we saw with (current training) is it’s boring and dry, and it doesn’t give the opportunity to test what you learned,” said Jason Hong, chief technology officer and co-founder of Wombat Security Technologies, and researcher at Carnegie Mellon CyLab.
Lenders using Facebook, Twitter to gather borrower information May 28, 2010
"Financial institutions are starting to look at this information and are using it to make credit decisions," said Lorrie Cranor, a Faculty at Carnegie Mellon CyLab specializing in privacy issues. "There are a lot of things we say to our friends and if someone else reads it and they don't have the right context, it could be misinterpreted."
Who's the biggest threat to business security? Staff or cyber criminals May 26, 2010
Dawn Cappelli, technical lead of CERT's insider threat research, says organisations should tweak their definition of an "insider" to keep pace with best security practices. "Our definition of a malicious insider is a current or former employee, contractor or business partner,” she explained. "We've added the business partner aspect to the definition because of recent trends we're seeing."
What if the smart grid has stupid security? May 11, 2010
Richard Power, a Distinguished Fellow at Carnegie Mellon CyLab, discusses truth and consequences for critical infrastructure and energy security.
Study Finds Young People Most Susceptible to Phishing Attacks April 30, 2010
The results of a recent study of 515 Carnegie Mellon University faculty, staff, and students led by CyLab Faculty and Wombat Security Technologies’ co-founders Dr. Lorrie Cranor and Dr. Jason Hong revealed that 18-25 year olds were consistently more vulnerable to phishing attacks than older participants.
Building an Online Reputation April 28, 2010
Richard Power, director of strategic communications for CyLab at Carnegie Mellon University, has invested heavily in building his online reputation --mentoring, engaging and actively reaching out to the community through Internet resources. The benefit of building his online reputation? "Being known and recognized for your work and accomplishments achieved," Power says, as well as "understanding how I can make a difference in the industry as a whole."
Cops Are There When Scammer Calls Grandma April 26, 2010
'Ruth' Says Man Pretending To Be Grandson Took Her For $6,000". If [on Facebook] you mention that you're going to visit grandma and you say what town, then they can guess the last name," CyLab's Lorrie Cranor said about scammer that called 'Ruth'.
Spammers Pay Others to Answer Security Tests April 25, 2010
Luis von Ahn, a researcher at Carnegie Mellon CyLab who was a pioneer in devising captchas, estimates that thousands of people in developing countries, primarily in Asia, are solving these puzzles for pay. The cost of hiring people, even as cheap as it may appear, should limit the extent of such operations to only spammers who have figured out ways to make money. “It’s only the people who really actually are already profitable that can do this,” von Ahn said.
CMU professor works to give doctors access to patient records April 20, 2010
A Carnegie Mellon University health technology expert says he will work with colleagues across the country to open access to electronic health records and protect patient privacy. "The goal here is to work on policy and technology to reduce the barriers to access," said Anupam Datta, assistant research professor in Carnegie Mellon's CyLab.
Better Formats for Privacy Notices: Food Safety labels? Symbols? April 15, 2010
CyLab's Lorrie Cranor and her group have been working for years on finding better ways of communicating privacy policy to users. A great deal of their work on P3P has led the group to publish consumer research on better notices using various formats including the layered notice format.
How security professionals monitor their kids April 12, 2010
Instead of trying to block her kids from questionable or dangerous content and communication, Dena Haritos Tsamitis, head of the Information Networking Institute and director of outreach for Carnegie Mellon CyLab, approached the security and safety issue by trying to change behavior. Her older kids, now 23 and 21, were her so called 'guinea pigs' when she was developing MySecureCyberspace, an online educational resource that provides families with free materials for staying safe online.
Startup Hopes to Stop Phishing With Certified Email April 12, 2010
"Phishers keep changing their tactics, while keeping all of the old tactics, too," says Lorrie Cranor, faculty at Carnegie Mellon University CyLab and director of CyLab Usable Privacy and Security Laboratory. "This sort of certification approach will help."
Where Do You Go to Get Back Your Online Reputation? April 7, 2010
Director of Outreach and Training for Carnegie Mellon CyLab, Dena Haritos Tsamitis emphasized that protecting and building an online reputation is all the more important for security folks. "Information security is all about reputation and integrity," she says. "If you lose that, you lose everything."
Detecting Malicious Insiders Before Data Breaches Damage Your Business April 6, 2010
"If you look at these crimes, you can't detect it with technology alone because a system administrator is going to use his authorized access to do what he does everyday and you can't tell if it's malicious or not unless you know when to look," Dawn Cappelli, technical lead of CERT's insider threat research, said. "Theft of IP; these people are going to take what they work on everyday. They are going to use their authorized access. Unless you put a strategy together that looks at the people, the process and the technology, it's going to be very hard to detect these things."
Carnegie Mellon Student Team Competes In Global Electronic Computer War Games April 2, 2010
CyLab's David Brumley said "The game and the team concept is great because it allows students to hone skills and better understand web hacking, binary reverse engineering, exploitation of information, forensics and cryptography."
'MULE' Prototype Uses Location For Authentication April 1, 2010
"For example, with MULE, a user can securely store encrypted copies of bank records and tax returns on a laptop, and automatically gain access when opening those files in the home office," CMU CyLab technical director Adrian Perrig and CMU graduate student Ahren Studer write in their paper on MULE. "After a thief steals the laptop, the only way to recover the files is to break into the user's home."
Ready for Your Biometric Social Security Card? March 29, 2010
Dean Pradeep Khosla, founding director of Carnegie Mellon's CyLab, estimates that the error rates of [biometric-reading] computerized systems would likely be less than 2% (and could be less than 1%) but says they can never be zero. Khosla says that while current technology makes fingerprints the most feasible biometric marker to use, they're also one of the easiest to steal.
Japan's Anti-Phishing Council and JPCERT/CC Release Customized Version of Wombat's Phil Training Game March 18, 2010
"This sale confirms the broad appeal of our training solutions and the ease with which they can be translated into other languages. Given the pre-eminent roles played by Japan's Anti-Phishing Council and JPCERT in cyber security awareness and training in Japan, we are extremely pleased to have been selected to help protect the Japanese public from phishing attacks," said CyLab's Dr. Norman Sadeh, Founder and CEO of Wombat Security Technologies.
5 Deadly Sins of Job Seekers March 17, 2010
Information security is to some extent unique, and so are the people attracted to the profession. "This requires a whole different breed of professionals who need to have the utmost integrity and passion to endlessly keep going and manage the risks properly," says Dena Haritos Tsamitis, director of education, training and outreach at Carnegie Mellon University's CyLab.
How Privacy Vanishes Online March 17, 2010
In a paper published last year, CyLab's Alessandro Acquisti and Ralph Gross reported that they could accurately predict the full, nine-digit Social Security numbers for 8.5 percent of the people born in the United States between 1989 and 2003 — nearly five million individuals.
HSBC's Massive Breach Is Just The Latest Example Of Big Finance Getting Broadsided March 11, 2010
"Our research shows that malicious insiders have the access and opportunity to commit fraud, steal confidential information, and sabotage IT systems," says Dawn Cappelli of Carnegie Mellon's CyLab & CERT. "These actions are very difficult to detect, since they typically perform the same types of actions they do in the course of doing their jobs, and only require the access they need to do their jobs everyday."
As Location-Sharing Services Grow, Privacy Concerns Do Too March 10, 2010
The Carnegie Mellon study found that people value the ability to find others in an emergency and get information based on their location. CyLab's Lorrie Cranor, an associate professor of computer science and one of the authors of the study, said people also value location-based advertising in some circumstances — a good thing for the companies that are building a business around precisely that.
Wombat's PhishGuru Expands Anti-Phishing Training March 9, 2010
"By implementing PhishGuru as a hosted solution running in the cloud, we are able to make PhishGuru affordable for organizations both large and small," said CyLab's Dr. Norman Sadeh, co-founder and CEO of Wombat Security Technologies.
Redrawing the Route to Online Privacy February 27, 2010
CyLab Faculty Lorrie Cranor and Alessandro Acquisti discuss 'privacy nudges', a project to design software that essentially sits over your shoulder and provides real-time reminders — short on-screen messages — that the information you’re about to send has privacy implications.
Corporate Espionage: Tomorrow Arrived Yesterday February 26, 2010
Distinguished Fellow Richard Power discusses "Corporate espionage isn't a Cold War leftover; China-Google and "Climategate" are your reality today."
Web scams up; ID thefts in W.Pa. below average February 26, 2010
Lorrie Cranor, who is director of Carnegie Mellon's CyLab Usable Privacy and Security Laboratory, and chief scientist of Wombat Security Technologies, said slightly more than half the 515 participants in the study fell victim to an initial "phishing" attack even though they knew it was coming.
Carnegie Mellon's Lorrie Cranor To Address Congressional Subcommittees About Privacy Issues and Location-Based Services February 23, 2010
CyLab Faculty Lorrie Cranor will discuss the risk and benefits of online services that collect and use location information to joint meetings of the U.S. Congressional Subcommittee on Commerce, Trade and Consumer Protection and the Subcommittee on Communication and Technology at 10 a.m., Wednesday, Feb. 24 in Washington, D.C.
Carnegie Mellon Provides Cluster to Cloud Computing Test Bed February 15, 2010
CyLab Faculty Greg Ganger said much of the research at Carnegie Mellon's new computing cluster likely will focus on the university's strengths -- how to make the cloud computing infrastructure faster, more reliable and more energy efficient and how to use the cloud in innovative ways for new applications. "This site embodies our commitment to the collaborative, open-source research environment that Open Cirrus promotes and to aggressively pursuing cloud computing research on this campus," he said.
Experts warn: Be careful opening those electronic greetings February 9, 2010
CyLab Faculty Lorrie Cranor never sends electronic cards, and she rarely opens the ones sent to her. For Dr. Cranor to feel confident that those little greetings aren't bad news, she needs checks and double-checks. Red flags to watch for in e-cards include terms such as "secret admirer," "special friend" and "it's you."
Google's alleged tie-up with NSA raises concerns February 5, 2010
It's understandable that corporations might covet the NSA's expertise about quelling cyberattacks; the agency possess unsurpassed intelligence gathering know-how, says Jody Westby, CEO of consulting firm Global Cyber Risk and a distinguished fellow at the Carnegie Mellon CyLab think tank.
Mozilla weighs privacy warnings for Web pages February 2, 2010
Lorrie Cranor, a member of the P3P working group who has done extensive work on privacy statements as a faculty member at Carnegie Mellon CyLab, says that the challenge of distilling complex and customized privacy policies into a few icons could be insurmountable.
Google Focused Research Awards February 2, 2010
CyLab Faculty Dave Andersen and Lorrie Cranor were given first-ever Google Focused Research Awards for their respective projects in energy efficient computing and privacy.
Carnegie Mellon tosses Internet safety net over region's schools January 28, 2010
Carnegie Mellon University's Information Networking Institute kicked off a communitywide Internet awareness program Monday at St. Bede's School in Point Breeze to teach children safe online behavior.
2010 Carnegie Science Center Awards Announced January 28, 2010
CyLab Researcher Luis Von Ahn will be awarded the Information Technology Award for his reCAPTCHA innovation that distinguishes human computer users from Internet robots.
U.S. Keeps Foreign Ph.D.s January 26, 2010
CyLab Faculty Joy Ying Zhang featured in article, "Despite Fears of a Post-9/11 Drop, Most Science, Engineering Post-Grads Have Stayed"
CMU research aims to improve airport security January 24, 2010
From body-part censors to cameras that recognize faces, CyLab 'at the edge of technology'
Google warning it will quit China if censorship doesn't stop applauded by CMU experts January 16, 2010
"I don't fault them [Google] for trying," said Virgil Gligor, co-director of CyLab. "It was justified and worth it. But in the process they seem to have forgotten that they're dealing with a communist country that by definition requires control of communications and media."
China-Google quarrel highlights world of cyber espionage January 15, 2010
China, Russia, North Korea, Iran, Israel, France, the United States and the United Kingdom are widely known to possess state-of-the-art cyber espionage know-how used for economic and military intelligence gathering, says Jody Westby, CEO of consulting firm Global Cyber Risk and a distinguished fellow at the Carnegie Mellon CyLab think tank.
The Digital Trail of the Maltese Falcon: Private Investigations in the Information Age January 5, 2010
What's the impact of IT on private investigations? CyLab Distinguished Fellow Richard Power grills Ed Stroz about the field and what it means for CSOs, government and business.
Bad news for some: Spam actually works December 28, 2009
"People are sort of resigned to the fact they're going to get spam. It's just a question of how much," said Lorrie Cranor, CyLab researcher and an associate professor of computer science at Carnegie Mellon University.
Hijacked Facebook accounts pose threat of ID theft December 26, 2009
Facebook officials should ask users' permission each time they change privacy settings, said Dena Haritos Tsamitis, director of Carnegie Mellon's Information Networking Institute and education, training and outreach for CyLab.
Google Research Awards Announced December 22, 2009
A Google Research Award (4th quarter 2009) was given to CyLab researcher Jason Hong and computer science faculty John Zimmerman for their project: Context-Aware Mobile Mash-ups. The project seeks to build tools for non-programmers to create location and context-aware mashups of data for mobile devices that can present time- and place-approriate information.
Obama names Howard Schmidt as cybersecurity coordinator December 22, 2009
CyLab Distinguished Adjunct Fellow Howard Schmidt, who was a cyber-adviser in President George W. Bush's White House, will be Obama's new cybersecurity coordinator.
Snap and Search (No Words Needed) December 19, 2009
[Google] Goggles also uses location information to help identify objects, but its ability to recognize millions of images opens up new possibilities. “This is a big step forward in terms of making it work in all these different kinds of situations,” said CyLab researcher Jason Hong.
The Silver Bullet Security Podcast with Lorrie Cranor December 18, 2009
Cigital's Gary McGraw and CyLab Researcher Lorrie Cranor discuss how everyday people think about privacy and what we can do to get them to care about it, the relationship between trust and privacy, and why the US is lagging behind the EU on privacy-related issues.
Reverse-Engineering Social Security Numbers December 15, 2009
The 9th Annual Year in Ideas by New York Times Magazine lists CyLab Researcher Alessandro Acquisti and Ralph Gross' announcement in The Proceedings of the National Academy of Sciences that they had figured out how to predict a person’s S.S.N.
Pittsburgh Biometric Research Could Keep You, Your Credit Card Safer December 14, 2009
CyLab Researchers David Brumley and Marios Savvides Look For Ways To Make Computers Recognize People
Cybersecurity grant to fund research into critical infrastructure threats December 1, 2009
A consortium of cybersecurity researchers from the country's top academic institutions, including CyLab, will collaborate on cybersecurity research and proactively address known and unknown threats to critical infrastructure, public safety and ecommerce.
reCAPTCHA (a.k.a. Those Infernal Squiggly Words) Almost Done Digitizing the New York Times Archive November 13, 2009
At some 40 million deciphered words a day, and approximately 100,000 words per book, that means Luis Von Ahn's reCAPTCHA army could in theory chew through hundreds of thousands of books per year.
State Department Deploys Anti-Phishing 'Phil' Game Training October 28, 2009
CyLab Start-up Wombat's Anti-Phishing Phil shown to be effective at training people to recognize phishing attacks.
Online Data Present A Privacy Minefield October 26, 2009
Alessandro Acquisti studies privacy through the lens of behavioral economics. He's interested in how people "spend" their personal information when they don't really know where it's going.
Red Pill? Blue Pill? Ruminations on the Intersection of Inner Space and Cyber Space October 23, 2009
Richard Power looks beyond fear, doubt, and "broken" to cybersecurity's real connection to the evolving world.
APWG teams with CUPS to roll out real-time counter-eCrime education system October 19, 2009
The Anti-Phishing Working Group (APWG) and CyLab Usable Privacy and Security Laboratory (CUPS) will announce tomorrow the deployment of their real-time counter-eCrime education system.
Photogenic October 15, 2009
Marios Savvides, a Carnegie Mellon research professor, is enhancing the university’s reputation as a pioneer in facial and iris recognition technology.
Researchers tout 'wimpy nodes' for Net computing October 14, 2009
Carnegie Mellon researchers, such as David Andersen, believe some work can be managed with lower expense and lower power consumption.
Partners of Carnegie Mellon's CyLab warned that 'digital 9/11' threat growing October 14, 2009
"It's not, can it happen? It's when," said Melissa Hathaway, the former senior director for cyberspace at the National Security Council and keynote speaker at the 6th Annual CyLab Partners Conference.
Building a Better Password October 9, 2009
"When we first started waving the flag, not many people paid attention," says Carnegie Mellon professor Lorrie Cranor about usable security. "It's gratifying that people are starting to."
CyLab Founder Khosla To Receive Academic Excellence Award October 7, 2009
Carnegie Mellon's Pradeep K. Khosla To Receive Prestigious Academic Excellence Award at 2009 Pan IIT Conference
Homeland Security plans to scan air travelers’ bodily functions October 6, 2009
CyLab Researcher Stephen Fienberg on Homeland Security Plan to Scan Air Travelers' Bodily Functions -- "There's not much science here."
Pittsburgh Stars at the G20 September 23, 2009
Pittsburgh, including CyLab Researcher Priya Narasimhan, shows other countries visiting it for the G20 how postindustrial America can still bounce back.
Carnegie Mellon's Pradeep Khosla To Be Keynote Speaker At Launch of New Policy Network Critical to G-20 Leaders September 22, 2009
Carnegie Mellon University's College of Engineering Dean Pradeep K. Khosla will speak to more than 70 members of a newly formed network of global information technology experts.
Context-aware mobility can have profound benefits in business September 21, 2009
Priya Narasimhan co-directs the school's CyLab Mobility Research Center, where she and her students are studying how context affects the mobile experience.
Google Acquires Carnegie Mellon Spin-off ReCAPTCHA September 16, 2009
The reCAPTCHA puzzles began as a research project of Luis von Ahn, assistant professor of computer science and CyLab researcher at Carnegie Mellon.
Experts: Hackers might view summit as 'a chance to make a statement' September 6, 2009
Critical infrastructure typically runs on internal networks whose security experts usually describe as "not good," said David Brumley, a Carnegie Mellon University professor of electrical and computer engineering and computer science. "And there has been an increased worry that an attacker could target multiple companies," he said.
Carnegie Mellon's Pradeep K. Khosla To Receive Lifetime Achievement Award From Engineering Society August 31, 2009
Dean Pradeep Khosla is being recognized for his significant impact on the use of computers in engineering practice and education from the Computer and Information in Engineering Division of American Society of Mechanical Engineers.
Pittsburgh begins receiving problem reports via mobile phone August 18, 2009
CyLab's Priya Narasimhan and YinzCam created an iPhone app that allows residents to snap iPhone photos of problems such as potholes and graffiti and send them to the city's 311 complaint system, embedded with Global Positioning System data with the problem's exact location.
Offering an Academic Hand to Minority Schools August 11, 2009
CMU Workshop Extends New Opportunities to Information Assurance Educators
Crying Wolf: Do Security Warnings Help? July 30, 2009
"People get pop-ups in their browsers and they say something about security and they don't know what they are, so they swat them away," said Lorrie Cranor, CyLab researcher.
Security on the (Eye)Ball: Hands-Free Iris Biometrics to Keep Bad Guys at Bay July 28, 2009
Carnegie Mellon University CyLab researchers are developing an iris-scanning system that will capture and compare iris images at up to 12 meters away
"We Want to Be Recognized as the Leading ... School in the World" - Pradeep Khosla, Carnegie Mellon University July 28, 2009
An exclusive interview with CyLab Founding Director, Pradeep Khosla.
Have "yinz"' seen the latest in mobile video service? July 24, 2009
Wi-Fi-enabled devices let Pittsburgh Penguins fans get in on the action
Private Cell Phone Conversations Not So Private After All July 16, 2009
"It's not illegal to buy this and download on a phone you own. Once you install it, what this gives you is the ability to monitor that phone remotely from anywhere else. You can get to anything happening on that phone remotely without the person holding the phone ever knowing your doing it," CyLab Researcher Priya Narasimhan said.
Weakness in Social Security Numbers Is Found July 7, 2009
CyLab researcher Alessandro Acquisti, an associate professor of information technology and public policy, and Ralph Gross, a postdoctoral researcher, noted that there was a range of implications from the research, including that it was now possible to routinely reconstruct sensitive personal information from the type of online postings frequently found on social networking sites and other public sources.
Researchers: Social Security Numbers Can Be Guessed July 6, 2009
"Our work shows that Social Security numbers are compromised as authentication devices, because if they are predictable from public data, then they cannot be considered sensitive," said Alessandro Acquisti, CyLab researcher, and a co-author of the study.
Context on ice: Penguins fans get mobile extras July 2, 2009
CyLab Mobility Research Center's Priya Narasimhan and her team provide context with the mobile video service that delivers Pittsburgh Penguins fans live-action shots and instant replays during game time.
Cyber Security, the Nuclear Threat and You: Cassandra's Guide to the 21st Century June 30, 2009
CyLab's Distinguished Fellow Richard Power interviews Martin Hellman and mulls nuclear risk
Virtualization, cloud computing pose new challenges, opportunities June 29, 2009
Cloud, virtualization insights from CyLab Researcher Greg Ganger and the Data Center Observatory at Carnegie Mellon.
Carnegie Mellon's Pradeep Khosla Named To New Technology Leadership Strategy Initiative June 22, 2009
"An internationally recognized authority on robotics, embedded systems, technology education, innovation and cybersecurity, Carnegie Mellon’s Pradeep K. Khosla is an outstanding addition to our newly formed Technology Leadership Strategy Initiative," said Deborah Wince-Smith, president of the Washington, D.C.-based Council on Competitiveness.
Carnegie Mellon’s College of Engineering To Host Information Technology Media Fellowship June 18, 2009
Carnegie Mellon University’s College of Engineering will host four top journalists, June 22-23, for its third annual information technology media fellowship program.
At Pittsburgh hockey games, fans dial up live video, replays from mobile phones June 15, 2009
Carnegie Mellon’s YinzCam brings Penguins fans all the video angles.
Kobe MSIT-IS Team Wins IT Incident Handling Competition June 15, 2009
A team of INI students at Carnegie Mellon CyLab Japan (Kobe MSIT-IS) won first place in an IT incident handling competition for students at a cyber security conference in Japan.
Carnegie Mellon expert praises creation of office to fight cyberthreats May 30, 2009
"Bringing cybersecurity to the White House level is absolutely step No. 1. Access to the president is what this issue needs," said Pradeep Khosla, dean of Carnegie Mellon University's College of Engineering and founder of Carnegie Mellon CyLab.
CMU Developing Terrorist-Fighting Tool May 22, 2009
CMU professor Marios Savvides is developing new technology at CMU’s CyLab that will be able to distinguish the good guys from the bad guys at a distance.
Online life can be convenient as well as dangerous May 18, 2009
"The solution to these problems is public education. These things that look too good to be true, are." CyLab's Lorrie Cranor said.
This Profound Moment in Cybersecurity, and Three Challenges that Frame It May 12, 2009
CyLab's Richard Power looks at the big picture and how security must move forward
Pittsburgh TEQ honors Dr. Priya Narasimhan on "Women of the Year" list May 11, 2009
CyLab's Priya Narasimhan makes the list for her Yinzcam project, teaming with the Pittsburgh Penguins to deliver live, high definition video of the game from various unique angles along with automatic instant replays straight to each fan’s wi-fi-enabled phone or iPod Touch.
Protect Yourself When Shopping Online, Pittsburgh's CyLab Offers Easy Advice May 7, 2009
CyLab's founding director, Pradeep Khosla said he worries that the economic crisis is putting people at greater risk, making them easy prey for thieves who dangle offers that are too good to be true.
Why give up privacy? Because everyone else is! April 21, 2009
"When people observe more disclosure, they become more likely to disclose similarly sensitive information," said privacy and economics researcher Alessandro Acquisti.
The Silver Bullet Security Podcast Interview with CyLab Co-Director Virgil Gligor April 21, 2009
Gary McGraw and Virgil Gligor discuss how information security has changed over the last 35 years, why software security will be with us forever, and how Virgil’s childhood in Romania has shaped his views on security.
Why all the cyber-scares? April 10, 2009
CyLab's Richard Power talks about media surrounding recent cyber incidents, like the Conficker virus.
A New Tool to Ease Finding Pages from Browser History April 10, 2009
Jason Hong, CyLab faculty, says, "Most people either found Web history too hard to use or didn't even know that it existed."
Now You Can Track Colleagues and Students on Your Laptop March 4, 2009
Loccacino, a location-centered social application developed by CyLab's Norman Sadeh, emphasizes customizable privacy settings.
Software Engineering Institute CERT's Richard D. Pethia Receives CSO Compass Award February 12, 2009
Richard Pethia, CERT Director and CyLab Co-Director, will receive the CSO Compass Award, which recognizes individuals for their leadership and ability to execute security strategy while bringing business value.
Carnegie Science Center Announces 2009 Carnegie Science Awards January 29, 2009
CyLab Researcher and ECE Professor Priya Narasimhan is the winner of the 2009 Emerging Female Scientist Award announced by the Carnegie Science Center of Pittsburgh.
Building a Better Spam-Blocking CAPTCHA January 23, 2009
So with all that, can CAPTCHA be saved? According to Carnegie Mellon computer scientists, the answer is yes. The first of their redesigns of CAPTCHA, according to Luis von Ahn, a professor of computer science at the university, is the aptly named reCAPTCHA.
CMU Students Design Equipment that Senses Football Moves December 17, 2008
CyLab Researchers are equipping gloves and a football with remote sensing technology to measure everything from grip and trajectory to speed and position.
CERT Podcast Series: Climate Change, Implications for Information Technology and Security December 9, 2008
CERT's Julia Allen interviews CyLab Distinguished Fellow Richard Power on Climate Change and what security professionals need to be addressing to cope with it as a business risk
To Govern or Not to Govern December 2, 2008
CyLab's Distinguished Fellow Richard Power discusses "Cylab study highlights gaps in Board oversight of security and privacy."
TSA's 'behavior detection' leads to few arrests November 17, 2008
"That's an awful lot of people being pulled aside and inconvenienced," said Stephen Fienberg, a professor of statistics and CyLab, who studied the TSA program and other counterterrorism efforts. "I think it's a sham. We have no evidence it works."
Tackling the Insider Threat November 6, 2008
Dawn Cappelli, a Senior Member of the Technical Staff in CERT, talk to Bank Info Security about the growing criminal activity of insider threats.
Tech Toys Bring Game to Game-Goers October 22, 2008
Priya Narasimhan, an associate professor of electrical and computer engineering and CyLab, said the Yinzcam service she's developing with other researchers at Carnegie Mellon University could debut within weeks at the Uptown arena.
A Corporate Security Strategy for Coping with the Climate Crisis October 1, 2008
CyLab Distinguished Fellow Richard Power reports to CSO Magazine on adapting security and risk management policies - including IT security - to deal with climate change.
Women of Influence Award Winners Named September 19, 2008
CyLab's Director of Education and Outreach Dena Haritos Tsamitis is named by the Executive Women's Forum, as reported in CSO.
reCAPTCHA Illustrates Human Ingenuity September 16, 2008
CyLab researcher Louis von Ahn's reCAPTCHA project for digitizing books makes news at Network World.
Other articles on reCAPTCHA can be found at: Scientific American | psfk | Geekeries |
Mitsubishi's Marshall Plant Specializes in Scoreboards September 15, 2008
CyLab researcher Priya Narasimhan comments at the Pittsburgh Tribune Review about scoreboards and the Internet
VMware Academic Program Membership Quadruples to 1,350 University Departments in 54 Countries September 15, 2008
CyLab researcher Greg Ganger participates in virtualization initiative to facilitate global knowledge sharing among virtualization researchers and academics
Sun, Xilinx Launch 64-bit OpenSparc DevelopmentPlatform September 8, 2008
CyLab researcher James Hoe collaborates on new development platform as reported by EETimes UK
CMU Researcher Saving Soldiers' Lives September 4, 2008
CyLab researcher Marios Savvides uses biometric technologies to protect soldiers and civilians from terrorist and wartime attacks, as reported by WTAE in Pittsburgh.
Meet GWAP, computer kind's best friend August 31, 2008
CyLab Researcher Louis von Ahn's work on Games With A Purpose (GWAP) puts human brainpower to work as reported by MyBroadband.co.za
Low-cost System System Thwarts Internet Eavesdropping August 26, 2008
CyLab Researcher David Andersen discusses the "Perspective System" in Science Daily.
Five Ways to Drive Your Best Workers Out the Door August 25, 2008
Pradeep Khosla, Director of CyLab shares his viewpoints in this article published by ComputerWorld.
Euromicro on Software Engineering and Advanced Applications and on Digital System Design August 25, 2008
(article is in Italian)
CyLab researcher Raj Rajkumar will be one of the experts at this international conference, as reported by LaRepublicaParma.IT
At Conference on the Risks to Earth, Few Are Optimistic August 23, 2008
CyLab Distinguished Adjunct Fellow and CEO of Global Cyber Risk Jody Westby talks to the NY Times in Sicily at the Conference on Risks to the Earth.
Microsoft Researchers August 19, 2008
CyLab researcher Srinivasan Seshan collaborates with Microsoft on massive scaling of multiplayer online games as reported in WebWire.
Thinking Cap: Scientists to Study Synthetic Telepathy August 18, 2008
CyLab Researcher Vijayakumar Bhagavatula joins the team at UC Irvine to develop a system that measure electrical activity in the brain, as reported at The Engineer Online.
Click to Translate August 17, 2008
Cylab researcher Louis von Ahn talks to the Boston Globe about the reCAPTCHA project - an online user authentication project that is helping to digitize books.
Is the U.S. ready for its first BlackBerry president? August 14, 2008
CyLab Researcher Jason Hong offers opinion on the technology gap between the current presidential candidates at ComputerWorld.The reCAPTCHA project also makes news at Discovery.com
Computers Exploit Human Brainpower to Decipher Faded Texts August 14, 2008
The reCAPTCHA project also makes news at Discovery.com
Pittsburgh Innovates August 13, 2008
Panapato, a spin off company co-founded by Eric Burns and CyLab Researcher Bill Scherlis continues to grow.
San Francisco Case Shows Vulnerability Of Data Networks August 11, 2008
CyLab Researcher Vijayakumar Bhagavatula discusses the use of face recognition technologies on ABC News: Gadget Guide.
Private Eyes are Watching You May 19, 2008
CyLab Researcher Vijayakumar Bhagavatula discusses the use of face recognition technologies on ABC News: Gadget Guide.