Archive for March, 2015

Understanding and Monitoring Embedded Web Scripts

Thursday, March 26th, 2015

Modern web applications make frequent use of third-party scripts, often in ways that allow scripts loaded from external servers to make unrestricted changes to the embedding page and access critical resources including private user information. Our paper describing tools to assist site administrators in understanding, monitoring, and restricting the behavior of third-party scripts embedded in their site, and what we’ve learned by using them, is now available: Yuchen Zhou and David Evans, Understanding and Monitoring Embedded Web Scripts, IEEE Symposium on Security and Privacy 2015.

Yuchen will present the paper at the Oakland conference (in San Jose) this May.



Project Site: ScriptInspector.org

Who Does the Autopsy?

Wednesday, March 25th, 2015

This (perhaps somewhat oversensationalized) article in Slate draws from Nate Paul’s research on medical device security: If you Die after Someone Hacks Your Glucose Monitor Who Does the Autopsy? (Slate, 13 March 2015).

According to researchers at the Oak Ridge National Laboratory, in 2003 and 2009 respectively, the “Slammer” and “Conficker” worms had each successfully infected networked hospital systems responsible for monitoring heart patients. Since the days of Slammer and Conficker, malware has since become even more sophisticated, and a Trojan with a specifically engineered piece of malicious code, could cause harm to numerous patients around the world simultaneously.

While a small community of researchers, and even some government regulators, such as the FDA and FTC, have begun to pose important questions about the privacy and security implications of incorporating computer technology into biological systems, so far law enforcement and criminal justice authorities have been mostly absent from any substantive conversations.

iDash Competition Winner

Tuesday, March 17th, 2015

Congratulations to Samee Zahur for winning the iDash Secure Genomics competition (Hamming Distance challenge task), sponsored by Human Longevity, Inc. A video of the event is available at http://www.humangenomeprivacy.org/.

Samee’s solution was built using Obliv-C, and the code will be posted soon.