Archive for July, 2008

Oakland CFP Now Available

Wednesday, July 30th, 2008

The Call for Papers for the 30th IEEE Symposium on Security and Privacy, May 17-20 2009 is now available: http://oakland09.cs.virginia.edu/cfp.html (PDF for printing: http://oakland09.cs.virginia.edu/cfp.pdf.

Submissions of research papers, workshop proposals, and tutorial proposals are due Monday, 10 November 2008. Please consider submitting a paper and attending the conference!

Online friends at what price?

Monday, July 21st, 2008

Marc Rotenberg, Executive Director of the Electronic Privacy Information Center, has written an opinion piece for the Sacramento Bee on social networking privacy: Online friends at what price?: The point of social networking is to share your personal information with the world, The Sacramento Bee, 20 July 2008.

Many of my friends were surprised when I signed up for Facebook. “Why would a privacy advocate put personal information online?” they asked.

“For the same reason that people use the Internet for e-mail or pick up a telephone to make a call,” I explained. “It’s very useful. Of course, there are real privacy issues. We should understand them and fix them.”

Today Facebook is both very useful and a genuine privacy threat. …

Privacy problems have continued to plague the service. In May 2007, Facebook opened up the network for software developers to create applications such as Scrabulous that appear on Facebook pages. Some of these programs are very cool, but that doesn’t answer the privacy problem. Application developers were given access to the detailed personal information of the user as well as the friends of the user. And that means just about everything in your profile, from relationship status and education history to copies of photos and favorite movies. And amazingly, the data of your friends, who did not sign up to install the program, have their data gathered up by Facebook and sent to the developers.

Earlier this year, researchers at the University of Virginia found that Facebook was providing access to far more personal information than was necessary; in fact, information that the developers were not even seeking. As lead researcher Adrienne Felt pointed out, this was a dangerous security practice because it created unnecessary risks for Internet users.

Students get crash course in sciences at UVa camp

Sunday, July 20th, 2008

The Charlottesville Daily Progress has an article by John Henderson about the Bernard Harris Summer Science Camp at UVa: <a href=”http://www.dailyprogress.com/cdp/news/local/education/article/students_get_crash_course_in_sciences_at_uva_camp/25051/”><em>Students get crash course in science at UVa camp</em></a>, The Daily Progress, 18 July 2008.  It describes some lessons we did on cryptography.  The handouts we used for this are here: <a href=”http://www.cs.virginia.edu/~evans/cavaliercrypto/”><em>http://www.cs.virginia.edu/evans/cavaliercrypto/</em></a>.

NXP Lawsuit

Thursday, July 10th, 2008

NXP is suing Radboud University in the Netherlands to prevent them publishing a paper (in ESORICS 2008 in October) containing details on the Mifare classic encryption algorithm (and various flaws they have found in the algorithm). Perhaps the title of the paper, “Dismantling MIFARE Classic”, got NXP’s attention. A hearing is scheduled for July 10.

Articles:

[Update 18 July] The judge has denied NXP’s request for an injunction, ruling that “limitations to the freedom of speech are allowed only if there is urgent and obvious threat to society”: Judge denies NXP’s injunction against security researchers, Industry Standard, 18 July 2008.

[Update 21 July] Another article: Dutch court allows publication of Mifare security hole research, CNet News, 18 July 2008. This one includes a picture of Karsten Nohl’s presentation at the Last HOPE Conference.