At the heart of countless cyberattacks is a single flaw in the code making up a piece of software. CyLab researchers are focusing their efforts on improving software security in a variety of ways, from creating automated methods of finding and fixing software bugs to verifying the security of software without compromising its performance.
Software security @ CyLab
CMU student discovers website leaking locations of cell phone customers
Some cybersleuthing by Robert Xiao, a Ph.D. student in the Human-Computer Interaction Institute, uncovered a security vulnerability on the website of LocationSmart, a Carlsbad, Calif., company that provides a service for identifying the real-time location of mobile phones in the United States and Canada.
CyLab team develops promising tool to help prevent cross-site scripting (XSS) attacks
To improve smartphone privacy, control access to third-party libraries
Smartphone apps that share users’ locations, contacts and other sensitive information with third parties often do so through a relative handful of services called third-party libraries, suggesting a new strategy for protecting privacy, Carnegie Mellon University researchers say.
CMU hackers give a glimpse into the hacker psyche
Today, billions of things are connected to the Internet – from smartphones and smart thermostats to critical infrastructure like the electric grid or water distribution systems. All of these “things” make up the so-called Internet of Things (IoT), and it’s growing at an unprecedented rate. In this podcast episode, David Brumley shares his thoughts on why there’s a shortage of cybersecurity talent right now, and members of PPP share their thoughts on hacking, giving us all a glimpse into the hacker psyche.