News

1 2 3 5
  • All
  • CCS News
  • Press Highlights

AI-generated fingerprints could soon fool biometric systems

December 6, 2018

… Humans are notoriously bad at creating secure passwords. … we’ve fixed the problem, at least somewhat, by introducing a slew of new devices that rely on biometric authentication, whether in the form of fingerprints, voice recognition, or facial scanning. … Researchers at New York University [Tandon School of Engineering] and Michigan State University, however, have their doubts about whether biometrics alone are enough. … At issue is the way in which most fingerprint sensors work. Previous research by NYU professor Nasir Memon detailed a fatal flaw in some system. Rather than using a full fingerprint, most relied on partial fingerprints to confirm identity.

How To Cash In On Cyber Monday

December 6, 2018

This video includes an interview with Justin Cappos, Professor of Computer Science and Engineering at NYU Tandon. (starts at 0:57) 
… Online shoppers are not just on their computers. New research shows 1 in 3 purchases were made on their smartphone. “Going to sites that are more reputable, especially those that tend to be more technology focused and maybe have a reasonable security staff gives you a greater degree of assurance,” says Cappos.

Marriott data breach: Class-action suit filed; experts ask why it wasn’t caught earlier

December 6, 2018

This video includes an interview with Justin Cappos, Professor of Computer Science and Engineering at NYU Tandon
Cybersecurity expert and NYU professor Justin Cappos says the security breach that compromised the information of as many as 500 million guests shows that Marriott’s Starwood hotels simply did not care about customer security and privacy.

The shaky world of online ad transparency

December 6, 2018

… Major ad platforms like Google, Facebook and Twitter each launched their own versions of transparency platforms, which detail online political spending — a $1.9 billion industry in 2018, according to a projection from Kip Cassino of the ad-tracking firm Borrell Associates. … “Simply put, all these ad networks weren’t designed to be transparent,” said Damon McCoy, a professor of computer science and engineering at NYU [Tandon School of Engineering], who has tracked online ads as part of the school’s [Online Ad] Transparency project. “They’ve having to do a lot of jury-rigging of their ad networks to make everything transparent.”

BlackBerry’s acquisition of Cylance raises eyebrows in the security community

December 4, 2018

BlackBerry, which has rebranded as a security company as its mobile handset business fades, purchased Cylance, the machine-learning based anti-malware company, for $1.4 billion dollars last week. … “It’s possible they [BlackBerry] could add machine learning-specific backdoors of the style we proposed last year that makes it ignore their own state-sponsored malware,’ Brendan Dolan-Gavitt, an assistant professor in the computer science and engineering department at New York University [Tandon School of Engineering], tells CSO.

AI skeleton key fingerprint fools 1 in 5 ID systems

December 4, 2018

Article features research by a team including Philip Bontrager, a Ph.D. student at the NYU Game Innovation Lab at NYU Tandon, and lab director Julian Togelius and Nasir Memon, professors in the department of computer science and engineering.
“These experiments demonstrate the need for multi-factor authentication and should be a wake-up call for device manufacturers about the potential for artificial fingerprint attacks,” said researcher Philip Bontrager. … The work builds on earlier research, also at NYU Tandon, which described how fingerprint-based systems use partial fingerprints, rather than full ones, to confirm identity. “Devices typically allow users to enrol several different finger images, and a match for any saved partial print is enough to confirm identity,” said the university.

1st Place Policy Prize at CSAW Global Cyber Competition Goes to EMCS ’19-based Team

December 4, 2018

We are proud to announce that a team of four members from the Brown University Executive Master in Cybersecurity (EMCS) Class of 2019 won first place in the policy category at CSAW’18, the world’s largest student-led hacking and security competition. The New York University Tandon School of Engineering hosted the policy portion of CSAW in the U.S., one of the event’s six international venues which combined totaled over 20,000 participants worldwide. Competing at NYU against 28 teams comprised of Ph.D, Masters, law school, and undergraduate students, the team chose as their topic, Policy Recommendations for Securing the U.S. Elections.

Tunisia to host CSAW regional finals, one of the biggest cybersecurity competitions (Translated from French)

December 4, 2018

Tunisia has just joined the international Cyber ??Security Awareness Worldwide (CSAW) competition in 2018, and will host the regional competition at the Tunis Telecommunications College (Sup’Com). … The Cyber ??Security Awareness Worldwide (CSAW), first organized in 2003 by Professor Nasir Memon of the New York University Tandon School of Engineering, and run by students, was initially a grassroots competition before expanding in just a few years to operate on a global scale.

IBERO will host the finals of CSAW 18 in Mexico

December 4, 2018

For the first time in 15 years, the best Mexican cybersecurity students will compete in the final round of Cyber ??Security Awareness Worldwide (CSAW) at the Universidad Iberoamericana Mexico City, from November 8 to 11, 2018. They will also participate simultaneously against hackers from different countries. CSAW was founded in 2003 by the New York University Tandon School of Engineering and is the largest cybersecurity competition in the world. The competition is developed by university students and graduates of both Tandon’s OSIRIS Lab and the Center for Cyber ??Security.

Competitors Challenged to Hack ATM, 3D Printers at 15th Annual CSAW Conference

December 4, 2018

… This year, participants breached design files to 3D print counterfeit parts, and a team of five hacked an ATM, leaving with $2,000 in cash. But these cyber whizzes are not wanted criminals—they were competitors in the 15th Annual Cyber Security Awareness Week, or CSAW, conference hosted by the New York University Center for Cybersecurity at the NYU Tandon School of Engineering. “Once you think like hackers, it becomes better for you to come up with better defenses,” explained Ramesh Karri, NYU professor of electrical and computer engineering, and founder of CSAW’s Embedded Security Challenge. Over the decade-and-a-half that CSAW has challenged participants to “think like hackers,” it has grown from a humble “capture the flag” hacker competition to an international event hosted in six countries, with a wide variety of cyber-related competitions and over 20,000 participants worldwide, according to event founder, professor of computer science and engineering Nasir Memon.

RPI students earn top honors during Cyber Security Awareness Week

December 4, 2018

For a second year in a row, a team of students from Rensselaer Polytechnic Institute earned top honors at the 15th anniversary edition of Cyber Security Awareness Week. A team of four computer science students from Rensselaer Polytechnic Institute once again took home top honors at the 15th anniversary edition of Cyber Security Awareness Week (CSAW), the world’s largest student-run cyber security event. Hosted by the New York University Tandon School of Engineering, this year’s event was held November 8-10 and featured international competitions, workshops, and industry events.

BlackBerry’s acquisition of Cylance raises eyebrows in the security community

December 4, 2018

Backdoors in machine learning have gotten little attention, but researchers have demonstrated proofs of concept for how such backdoors might work. ‘It’s possible they could add machine learning-specific backdoors of the style we proposed last year that makes it ignore their own state-sponsored malware,’ Brendan Dolan-Gavitt, an assistant professor in the computer science and engineering department at New York University [Tandon School of Engineering], tells CSO. ‘We showed that when you’re training something like a deep learning system you can teach it to recognize specific triggers and then misclassify any inputs that have that trigger,’ Dolan-Gavitt adds. ‘We haven’t looked at anti-malware systems specifically, but I think it would work.’

Was Your Voting Machine Hacked? Without More User-Friendly Devices, We May Not Know

November 19, 2018

The OSET Institute logged more than 900 individual reports of voting issues, according to the TrustTheVote Project’s first PollWatch campaign. But the problems weren’t the anticipated cyberattacks. Written by our Cybersecurity Service Scholar Marc Canellas.

Federal Researchers Simulate Power Grid Cyberattack, Find Holes in Response Plan

November 15, 2018

Ramesh Karri and Farshad Khorrami, professors in the department of electrical and computer engineering at NYU Tandon, and Michail Maniatakos, assistant professor of electrical and computer engineering at NYU Abu Dhabi and NYU Tandon were involved in the tests featured in this article.
… There is evidence that nation-state attackers are already targeting power grids and other critical infrastructure. … Grid operators and government workers conduct frequent tabletop exercises to determine who would do what during a cyberattack, but those activities lack the depth and urgency of a real-world scenario and might not reveal problems in response plans, said Walter Weiss, the program manager for the Defense Department’s Defense Advanced Research Projects Agency, or DARPA, who led the exercises.

VIDEO – Future European cyber security ace clash in Valencia (Translated from French)

November 15, 2018

For the second year in a row, the Esisar Engineering School in Valence (Drôme) is hosting the European Cyber ??Security Awareness Week finals from 8th to 10th November. …These future cybersecurity professionals … compete in a global competition. Cyber ??Security Awareness Week pits 107 countries in the early stages of qualifying. Next are the final events in each major region: New York for the North American continent, Ariana in Tunisia for the Middle East and the Maghreb, Mexico for Mexico, Kanpur for India, and Valencia for the European continent. From this Thursday until Saturday, the teams of twelve European countries are therefore at L’Esisar, in Valencia.

At CSAW, big cybersecurity contest: ‘It’s like chess’ (Translated from French)

November 15, 2018

… This weekend took place in Valencia but also simultaneously in … Kanpur and New York [University, Tandon School of Engineering], the final of the CSAW. This is the largest academic cybersecurity competition in the world. The goal: 12,000 future cybersecurity professionals are invited to hack computer systems and connected objects, to reveal the flaws to their designers. Adele Day, 22, is a student in her 5th year at the National Institute of Applied Sciences (INSA) in Bourges. She studies in the sector ‘security and information technologies’. First interested in science and mathematics, then in computer science, she discovered cybersecurity a little later.

The CSAW, a showcase for the gifted ‘hacking’ (Translated from French)

November 15, 2018

They pirate by challenge and are courted by recruiters in a booming sector: a hundred computer enthusiasts competed this weekend in Valencia at CSAW, the largest academic cybersecurity competition in the world. The European finals of this ambitious ‘hackathon’ was held on the campus of … Esisar from Thursday to Saturday and simultaneously in Abu Dhabi, Kanpur (India) and New York [University, Tandon School of Engineering] (where the competition was created in 2003). ‘The aim of Cyber ??Security Awareness Week (CSAW) is to demonstrate the security flaws of a site or a network by attacking it, and then develop appropriate countermeasures.’ … explained to AFP David Hély of the CSAW organizing committee and teacher – researcher at Esisar.

World’s Biggest Student-Led Cybersecurity Games Announce Winners of CSAW 2018

November 15, 2018

The 15th anniversary edition of the world’s largest student-led hacking and protection competitions, CSAW, closed Saturday at universities across four continents with record-breaking participation in the face of reports of shortfalls of up to 3 million experts globally. The founder of CSAW, the New York University Tandon School of Engineering, welcomed 130 student finalists in seven separate competitions, and another 267 competed in the final rounds hosted by schools in France, India, Israel, and Mexico. … The Borough President proclaimed November 8 as NYU Tandon CSAW 15th Anniversary Day in Brooklyn.

Discovering the trials of cybersecurity geniuses (translated from French)

November 15, 2018

The cybersecurity sector, which is booming, now has 24,000 employees in the country. The turnover of the companies specialized in the protection of the networks increases by 10% per year. In a competition [at venues worldwide, including NYU’s Tandon School of Engineering], young cybersecurity talents challenge themselves to hack into the computer system of a fictional company.

Hundreds Participate in Tandon’s Cyber Security Competition

November 15, 2018

With more than one in four organizations experiencing hacks and a predicted global shortage of two million cyber security professionals by 2019, NYU is working to train the future of cyber workers. This past weekend, the NYU Center for Cybersecurity held its 15th annual Cyber Security Awareness Week at the MakerSpace at the Tandon School of Engineering. The event spanned from Nov. 8 to Nov. 11 and was simultaneously held at six global sites; participants from the United States and Canada competed out of the MakerSpace. The multifaceted event consisted of several competitions, workshops and an industry fair.

Searching for the Best Student Hackers in the Nation

November 15, 2018

Top student computer hackers have descended on NYU Tandon School of Engineering in Brooklyn for Cyber Security Awareness Week, known as CSAW. This is the largest student-led cybersecurity contest, which was founded by Nasir Memon [professor of computer science and engineering and associate dean for online learning at NYU Tandon].   

Inside CSAW, a Massive Student-Led Cybersecurity Competition

November 15, 2018

New York University’s CSAW, which calls itself the world’s largest student-run cybersecurity competition, this week announced the 397 high school, undergraduate, and graduate students from around the world who will enter its final round. CSAW started in, and is organized by, NYU‘s Tandon School of Engineering. This year, its 15th running, saw 3,500 teams from more than 100 countries enter the games. The remaining contenders will now travel to academic sites across four continents to compete in the finals. The competition was founded in 2003 as a small local event by Nasir Memon, an NYU [Tandon] professor of computer science and engineering. It has since expanded to include eight global events, all of which evolve to host challenges and contests that align with the changing threat landscape.

The Mad Dash to Find a Cybersecurity Force

November 15, 2018

…“Nationally, we graduate twice the number of psychology majors as opposed to engineers,” said Nasir Memon, professor and associate dean for online learning at the N.Y.U. Tandon School of Engineering. ..“So one of the things we did is start a bridge program, where we say, we don’t care what you did in your undergrad; you could have done physics, anthropology, anything, just come on in,” Professor Memon said. The welcome the school extends is in the form of an intense, four-month online program of computer science courses with a price of $1,500. If students pass, they are eligible for the full program. This year, 230 students were accepted into the bridge program, 22 percent of them women.

$10,000 Atlanta Cyber Challenge Winner Announced

November 12, 2018

NYU student Nick Gregory has won the $10,000 Atlanta Cyber Challenge. The announcement was made at a virtual check presentation ceremony held at the University of North Georgia’s Center for Cyber Operations Education. Gregory is a senior at NYU’s Tandon School of Engineering pursuing a Bachelor of Science Degree in Computer Science with a focus on Cybersecurity. DataPath and USI Insurance Services are co-sponsors of the $10,000 grand prize offered to cyber security students and professionals competing in this year’s challenge event.

Who paid for that political ad in your Facebook feed? It’s not always easy to figure out

November 12, 2018

Political advertisers are required to fill in a field that says who paid for the message in your news feed, but that does not necessarily tell you who they or their backers are. …A growing number of Facebook ads in the run-up to the election took advantage of that loophole to obscure or conceal the identity and political motives of who paid for them – and Facebook did not catch it. That allowed some Facebook pages to remain anonymous while stirring political discord. ..Facebook pages hawking ads that target Democrats or Republicans then bombard them with messaging from the other side of the aisle proliferated in the weeks before the midterm elections, according to Damon McCoy, an assistant professor of computer science and engineering at New York University’s Tandon School of Engineering. ‘Groups create these disingenuous, grassroots-looking communities on Facebook, and you can’t trace these damn things,’ he said. ‘There are so many of them, we can’t even catalog them all. They are popping up left and right.’

Search Narrows for World’s Top Student Hackers and Cybersecurity Protectors: Countdown to NYU CSAW Finals

November 1, 2018

After besting a record-breaking 3,500 teams from more than 100 countries, an elite corps of high school, college, and graduate students will advance to the finals of the world’s biggest student-led cybersecurity contest: the New York University Tandon School of Engineering’sannual CSAW games. …  The scale of CSAW, in this, its 15th year, is evident in its global reach: 397 finalists from around the world will travel to academic sites across four continents to compete in the final rounds November 8-11, 2018… More than bragging rights are at stake: NYU Tandon will offer more than $1 million in scholarships to all high school finalists in the CSAW Red Team Competition in Downtown Brooklyn. And the NYU Center for Cybersecurity will award full tuition and fellowships to first-place winners in three collegiate-level competitions at all of the hubs. (Scholarships are contingent upon admission to NYU Tandon and satisfactory academic progress.)

NYU’s Tandon Answers Cybersecurity’s Call To Arms

November 1, 2018

It’s estimated that, by the year 2020, there will be around two million open and unfilled jobs in cybersecurity worldwide—currently, the United States faces a 200,000 person shortfall in this critical field. As an answer to Mayor Bill de Blasio’s recent call to create 10,000 cybersecurity jobs within the next decade, the NYU Tandon School of Engineering is taking steps to address the skills gap with the NY Cyber Fellows, an affordable online master’s program designed in collaboration with New York City Cyber Command and such elite partners across a diverse range of industries as Morgan Stanley, IBM Security, and Bridgewater Associates. “When the mayor announced this initiative, we realized that we need to create this workforce,” says Professor Nasir Memon, founder of Tandon’s program in cybersecurity and associate dean for online learning. “We need to create 10,000 experts.”

Beto O’Rourke’s Huge Facebook Bet

November 1, 2018

Article features research by Damon McCoy, assistant professor of computer science and engineering at NYU Tandon.
…Through October 20, O’Rourke alone had spent $5.4 million advertising on the platform, according to Facebook’s Ad Archive Report. J. B. Pritzker, Kamala Harris, Andrew Cuomo, Claire McCaskill, and Heidi Heitkamp had spent $5.5 million total. O’Rourke’s opponent, Senator Ted Cruz, had spent only $427,000 on Facebook, about 1/13th as much as O’Rourke. … According to an analysis of Facebook’s political-ad archive by NYU’s Tandon School of Engineering’s Online Political Ads Transparency Project, the $400,000 that O’Rourke’s campaign spent from September 9 to September 22 generated a minimum of 19.4 million impressions and likely many, many more.

‘Beto for Texas’? ‘Team Nunes’? How to Get Political Ads Off Your Facebook Feed

November 1, 2018

…“We’re seeing some really sophisticated operations,” says Damon McCoy, an assistant professor at New York University’s Tandon School of Engineering. Dr. McCoy and his colleagues started analyzing Facebook’s searchable database of these ads after the social network made the tool public in May. … Laura Edelson, a doctoral student at the Tandon School, estimates political-ad spending across Facebook was somewhere between $6.5 million and $38 million from Oct. 21 to Oct. 27, up from a range of $5.9 million to $33 million the week before. Dr. McCoy uses Beto O’Rourke, who is running for U.S. Senate in Texas against incumbent Ted Cruz, as an example of sophistication. “He’s doing these microtargeted ads county by county and giving people detailed [voting] instructions.”

CCS RSAC Security Scholars Announced

November 1, 2018

The brightest minds in cybersecurity connect at RSA Conference. We are pleased to announce Preston Moore and  Mel Savich will participate in the RSACSecurity Scholar Program at RSAC 2019. As scholars, our students will network with peers and industry professionals, take advantage of the opportunity to share current areas of expertise with attendees, and listen to experts across the globe discuss trends and insights. Learn more: http://bit.ly/2PuU94x

 

Distinguished Fellow Judi Germano Joins Third Way Cyber Enforcement Initiative Advisory Board

October 29, 2018

Today, Third Way announced that Judi Germano, Distinguished Fellow at the NYU Center for Cybersecurity and Adjunct Professor of Law at NYU School of Law, will serve on its Cyber Enforcement Initiative Advisory Board. Germano will join a host of cybersecurity experts from both the public and private sector to provide guidance for the new project. Third Way’s Cyber Enforcement Initiative marks the first ever non-partisan public policy initiative dedicated specifically to developing and implementing a comprehensive enforcement strategy against global cyberattackers. In partnership with its distinguished Advisory Board, Third Way will seek to develop and push for policy action aimed at enhancing the government’s cyber enforcement abilities. It also aims to change the narrative around cybersecurity so there is a more robust conversation around identifying, stopping, and punishing attackers through domestic and international cooperation and not just one blaming the victims of attacks. Read Germano’s full profile and explore more information about the initiative.

NYU Fights for Cyber Security

October 28, 2018

… “Some of the biggest consumers of cybersecurity in the world are sitting right here in New York City: the large banks, the financial corporations and these days even the media corporations need cybersecurity,” said Nasir Memon, a professor of Computer Science and Engineering at the NYU Tandon School of Engineering and associate dean for Online Learning. “We are the capital of these two industries in the world. The applied learning initiative aims at creating programs that educate a workforce skilled in cybersecurity.” The Cyber NYC program will achieve this in three ways — creating jobs, training workers and helping students innovate.

Biochip Security Needs Spawn Event

October 28, 2018

With security threats on the rise for medical devices, NYU [Tandon School of Engineering] hosted a gathering of researchers exploring novel solutions tailored for the sector. … With the microfluidics segment, driven by healthcare applications, projected to hit $4 billion by 2020, the need for defense measures is growing more acute. “The attack surface is massive,” said Ramesh Karri, professor of electrical and computer engineering at NYU [Tandon], one of the organizers of the Workshop on Secure and Trustworthy Biochips. The August event, co-sponsored by U.S. Army Research Office (ARO), was one of the first conferences to examine biochip security.

Facebook Reveals Its Biggest Political Ad Spenders

October 25, 2018

Facebook is giving more details about who is spending the most money on political ads on its platform, and the leader this election cycle is … Facebook. Facebook calculated its political ad spending to be $12 million, for ads on the social network and Instagram. ..As a report just released by New York University’s Tandon School of Engineering explained: ‘President Donald Trump and his PAC registered the largest number of ads of any candidate, due in large part to the preponderance of small, micro-targeted advertising. Virtually all were aimed at raising funds.’

The Secretive Organization Quietly Spending Millions on Facebook Political Ads

October 25, 2018

Over just two weeks in September, a limited-liability company calling itself News for Democracy spent almost $400,000 on more than 16 million impressions for a network of 14 Facebook pages that hadn’t existed until August. This represented the second-largest political ad buy on Facebook for the period … according to an analysis by a team at New York University’s Tandon School of Engineering, led by Damon McCoy.

Political ads study finds the right favors Google, the left Facebook and Twitter

October 24, 2018

… Computer scientists at the New York University (NYU) Tandon School of Engineering analyzed more than 884,000 recent political ads on the three social media sites. They found that Donald Trump and his Make America Great Again political action committee had the largest number of ads of any candidate while a Republican group called the Senate Leadership Fund spent the most on ads. …The report released Monday is part of NYU’s ongoing ads transparency project and offered a look at social media strategies and priorities of different political groups. … “Depending on who you are, the ads you’re going to see are going to be wildly different,” Damon McCoy, assistant professor and co-autho

How Trump, O’Rourke, and the GOP lead the online political advertising race

October 24, 2018

Ever since President Trump’s win in 2016–which many attribute, in part, to his vast online advertising program–many have demanded more transparency for the ads that can be micro-targeted at voters on platforms like Facebook and Google. … A team of data scientists at NYU Tandon, led by professor Damon McCoy, have been crunching all the data they can get about political advertisers on Facebook, Google, and Twitter. In a paper published on Monday, they describe a survey of ads published in a two-week period this past September (it should be noted that all three platforms have different criteria for what they consider “political”). What’s clear is that the three companies’ advertising programs combined create an extremely powerful advertising engine.

Breaking Down Walls: Doctoral Candidate Working at Frontier of Cybersecurity and 3D Printing

October 11, 2018

Fei Chen is no stranger to breaking down walls. Since she joined associate professor Nikhil Gupta’s Composite Materials and Mechanics Laboratory (CMML)four years ago as a research student, the NYU Tandon doctoral candidate has been developing pioneering research into 3D printing and cybersecurity. In 2019, Chen will be the first female Ph.D. student to graduate from CMML and as Gupta’s advisee.

Breaking Down Hardware vs. Software Attacks

October 11, 2018

The tech world is reeling from a Bloomberg report that China installed surveillance microchips into tech giants’ hardware. Siddharth Garg, hardware cybersecurity expert, explains the differences between hardware and software attacks and the risks.

Is America’s Next Election Safe From Hackers?

October 11, 2018

Election security is a significant concern going into the midterms, just two years after apparent Russian interference in the 2016 presidential election. Justin Cappos, Professor at the NYU Tandon School of Engineering joins us to discuss just how safe America’s polls are.

THE OTHER CYBER SKILLS GAP: EDUCATING TOMORROW’S CISOS

October 11, 2018

Founder of New York University (NYU) Tandon School of Engineering’s cybersecurity program and Associate Dean for Online Learning Professor Nasir Memon has been in the thick of cybersecurity education for the last 20 years. He sees some compelling related challenges in executive-level cybersecurity education.

“First, as the CISO function is relatively nascent, we saw a demand from experienced executives for a degree that brings technology skills together with exposure to the intricate policies and regulations that exist today,” says Memon. “The security world is only getting more complex and it is imperative for today’s executives to be well-versed not only in technology, but in the broader-based risks that can impact their businesses.”

Amy Iverson: What to do after Facebook’s massive security breach

October 8, 2018

Hackers getting their hands on access tokens means they could essentially take over people’s accounts.

Damon McCoy, assistant professor of computer science and engineering at New York University, explained to NBC News what cyber criminals might do with the stolen information.

“Some examples of how a Facebook account might have been misused include adding/deleting friends, post, Facebook apps, comments, likes, private messages,” McCoy said. “Any attack could also have changed the privacy setting of any existing content or changed the default privacy setting of future posts, comments, or likes.”

Researchers Turn Tracking Codes into Unclonable “Clouds” to Authenticate Genuine 3D Printed Parts

October 8, 2018

… A team at NYU Tandon School of Engineering has found a way to prove the provenance of a part by employing QR (Quick Response) codes in an innovative way for unique device identification. … Noted materials researcher Nikhil Gupta, an associate professor of mechanical engineering at NYU Tandon; Fei Chen, a doctoral student under Gupta; and joint NYU Tandon and NYU Abu Dhabi researchers Nektarios Tsoutsos, Michail Maniatakos and Khaled Shahin, detail how they exploited the layer-by-layer AM printing process to turn QR codes into a game of 3D chess.

Facebook’s security flaws exposed more than Facebook — here’s what (little) you can do

October 8, 2018

The security issue Facebook announced on Friday has alarmed researchers who say attackers collected information that not only gave access to sensitive information on Facebook, but also could be used to access many websites that use the social network’s ‘Login with Facebook’ function. … Damon McCoy, assistant professor of computer science and engineering at New York University [Tandon School of Engineering] … advised that users check their “Security and Login” settings in Facebook. … McCoy said in an email that attackers could have made any number of changes to compromised accounts. “Some examples of how a Facebook account might have been misused include adding/deleting friends, post, Facebook apps, comments, likes, private messages,” McCoy said.

Extra inventory. More sales. Lower prices. How counterfeits benefit Amazon

October 8, 2018

… China and Hong Kong are the origin of more than 80% of the world’s supply of fake goods, according to the Organization of Economic Cooperation and Development. … To open a store, all that’s required is a business name, an address, a phone number, a government-issued ID and an international credit card. The simplicity is by design, said Damon McCoy, a professor of computer science at New York University [Tandon School of Engineering] who has researched the role of bots in the counterfeit trade and has held meetings with Amazon on behalf of brand clients. … “Their stance on counterfeits is often reactive rather than proactive,” he said.

Episode on Netflix Features Damon McCoy

October 1, 2018

Here’s the trailer for an episode of a new cinéma-vérité series, “Follow This,” produced by BuzzFeed. The episode, live today, is about  the nefarious practice of “swatting.” It features Damon McCoy.

Who wears a white hat?

October 1, 2018

“If I wake up and I see millions of vehicles crash due to cyberattacks, I’m going to assume that’s a nation-state actor,” said Justin Cappos, a computer science professor at New York University’s Tandon School of Engineering who has worked on methods for securing vehicles from a cyberattack. “It does require certain facilities that a smaller hacking group wouldn’t be able to do.”

Facebook’s security flaws exposed more than Facebook — here’s what (little) you can do

October 1, 2018

Damon McCoy, assistant professor of computer science and engineering at New York University, also advised that users check their “Security and Login” settings in Facebook.

  • Go to Facebook and click on the arrow in the top right.
  • Click on “Settings” and then “Security and Login.”
  • Check “Where you’re logged in” for suspicious sessions. If you see any, click the dots beside the session and then click “Not You?” to report it to Facebook.
  • While there, you can get notifications if someone tries to access your Facebook profile in the section titled “Setting Up Extra Security.”

Feds bust fake document companies

October 1, 2018

Detecting fake documents is hard; the technology to create authentic-looking documents has successfully fooled even sophisticated detection systems. Recently, Fast Company magazine’s Steven Melendez wrote about new technology that can successfully spot fakes, using high-tech software and scanning technology to analyze and compare documents. But, Melendez points out, scammers are likely to respond with ever-better technologies, leading to a sort of arms race. “It’s kind of a cat and mouse game, when the mouse is smart,” noted New York University computer professor Nasir Memon in Melendez’ article.

Exceeding the Limits: 3D Printing

October 1, 2018

Scientists at the NYU Tandon School of Engineering are exploring how high-quality, complex parts could be created by submersible vehicle manufacturers using commercial 3D printers. … Traditionally, syntactic foams have been created from tiny, hollow, glass or ceramic spheres held together by resins or other materials. … The syntactic foam filament used by the NYU team, though, is made from a unique mixture of recycled fly ash spheres embedded in a high-density polyethylene plastic (HDPE). Its spheres are small enough to flow through a commercial 3D printer nozzle, which suddenly—and dramatically— increases their potential uses.

Officials implement new security measures for donations

October 1, 2018

Brendan Dolan-Gavitt, a professor of computer science and engineering at New York University [Tandon School of Engineering], said universities across the country have been utilizing more up-to-date, private-sector security techniques – like standardizing software used across campus – as they have become more invested in cybersecurity. … The University switched over to a dual-factor authentication last fall, requiring GW system users to confirm their identities with codes sent to their phones in addition to their passwords. Officials said at the time that dual-factor authentication would better protect sensitive information from potential cyber attacks by creating a backup barrier in case passwords are compromised.

ARO Workshop on Secure and Trustworthy Biochips Workshop Recap

September 28, 2018

Microfluidic biochips are devices that handle small volumes of fluids and are usually coupled with “cyber” elements such as sensors and intelligent control algorithms to improve performance and reliability. Biochips are coming of age in an era of rampant cybersecurity issues, and new security and trust solutions are the need of the hour. We are organizing a workshop whose overarching goal is to create the understandings and technology to ensure the security and trustworthiness of biochips.

 

Click here to watch workshop videos.

Internal QR codes could thwart counterfeiting of 3D-printed objects

September 20, 2018

Developed by scientists at New York University’s Tandon School of Engineering, the system instructs manufacturers’ 3D printers to include hundreds of tiny elements within objects, as they’re being printed. These elements are made up of inert materials, they’re located in various layers within the object, and they reportedly don’t compromise its structural integrity.

What is a chaff bug? How adding bugs to apps may make them more secure

September 14, 2018

Researchers at NYU have developed a technique to add inert bugs in code to deter hackers. But could it work in reality?

Synack and the US Army Draft A New Generation of Cyber Warriors

September 14, 2018

Synack kicked off ThinkCyber, an unprecedented new initiative held in Silicon Valley this summer to develop cyber talent through hands-on workshops and top-tier mentorship. … The program led with mentorship and exchanges between the most talented college students from top technical programs across the nation including MIT, Harvard, and NYU [Tandon School of Engineering], and some of the world’s most talented ethical hackers from the Synack Red Team as well as US Army Cyber Command.

First Ever Female Dean at Tandon Begins New Role

September 14, 2018

In a monumental hiring for the historic technical institute, NYU’s Tandon School of Engineering hired its first female dean since the school’s founding, under a different name, in 1854. Hired last spring, Jelena Kovačević is now presiding over her first week of classes as dean.

Kovačević is the first successor to Katepalli Sreenivasan, who served as the president of NYU-Poly during the 2014 merger between NYU and Polytechnic University and as dean when the school was renamed to Tandon in 2015.

NYU Tandon Joins Top Open-Source Initiative for Automotive Software and Cybersecurity

September 11, 2018

Automobiles, like laptops, can be hacked by malefactors seeking to remotely steal information, damage or hijack a vehicle, or even injure or kill its occupants. One means of incursion is to target over-the-air (OTA) software upgrades for on-board telematics systems or the electronic control units (ECU) for brakes, the engine, airbags and more. The risk of such attacks will only increase, as analysts predict that by 2022, 203 million OTA-enabled cars will roll into dealerships.

Printed parts can prove authenticity with 3D QR codes

September 11, 2018

The worldwide market for 3D-printed parts is a $5 billion business with a global supply chain involving the internet, email and the cloud – creating a number of opportunities for counterfeiting and intellectual property theft. Flawed parts printed from stolen design files could produce dire results. Experts predict that by 2021, 75% of new commercial and military aircraft will fly with 3D-printed engines, airframes and other components, and that the use of 3D printing, or additive manufacturing (AM), in the production of medical implants will grow by 20% per year over the next decade.

Researchers Turn Tracking Codes into Unclonable “Clouds” to Authenticate Genuine 3D Printed Parts

September 11, 2018

The worldwide market for 3D-printed parts is a $5 billion business with a global supply chain involving the internet, email, and the cloud – creating a number of opportunities for counterfeiting and intellectual property theft. Flawed parts printed from stolen design files could produce dire results: experts predict that by 2021, 75 percent of new commercial and military aircraft will fly with 3D-printed engine, airframe, and other components, and the use of AM in the production of medical implants will grow by 20 percent per year over the next decade.

QR CODE ‘CLOUDS’ PROTECT 3D PRINTING FROM PIRACY

September 11, 2018

The worldwide market for 3D-printed parts is a $5 billion business with a global supply chain involving the internet, email, and the cloud—creating a number of opportunities for counterfeiting and intellectual property theft.

Flawed parts printed from stolen design files could produce dire results: experts predict that by 2021, 75 percent of new commercial and military aircraft will fly with 3D-printed engine, airframe, and other components, and the use of AM in the production of medical implants will grow by 20 percent per year over the next decade.

Major 3D-printing breakthrough could keep design pirates at bay

September 11, 2018

Trying to prove who designed and built what in 3D printing was envisaged as costly to major manufacturers, until now.

The amazing aspect of 3D printing is that anyone, anywhere, with the right equipment, can print and build an object almost identical to an already existing one.

Medical and Aerospace 3D Printed Parts Could Be Secured by Embedded QR Codes

September 11, 2018

Experts have predicted that by 2021, 75 percent of new commercial and military aircraft will contain 3D printed parts. That makes it crucial that manufacturers find a foolproof way to ensure that 3D printed components are genuine. Counterfeit parts do a lot more than steal intellectual property – they can be dangerous or even deliberately sabotaged. Much research has gone into coming up with ways to make sure that counterfeit parts can be identified, and that genuine parts can be assured to be genuine. A group of researchers at the NYU Tandon School of Engineering have now come up with a new way to protect the integrity of parts by converting QR codes, bar codes, and other passive tags into 3D features hidden inside 3D printed objects.

Researchers Defeat 3D Printing Piracy with Hidden QR Codes

September 11, 2018

Worldwide, the market for 3D printed parts is $5 billion. As a result, intellectual property theft and counterfeiting are rife. But, what can be done to stop this when the global supply chain is online?

Researchers at NYU Tandon and NYU Abu Dhabi believe they have come up with a solution to foil counterfeiters and IP pirates. Their new method of identifying a unique device involves converting QR codes into 3D hidden features.

NYU TEAM ENCODE PARTS WITH 3D PRINTED QR “CLOUDS” TO PREVENT COUNTERFEITING

September 11, 2018

3D printed QR codes are the latest development in the prevention of counterfeitingand intellectual property (IP) theft. Created by an international team of researchers from NYU Tandon, New York, and NYU Abu Dhabi, United Arab Emirates (UAE), these invisible tags can be internally embedded within additive manufactured components, to be read later only by trusted parties.

How to Authenticate a 3D-Printed Part: ‘Explode’ and Embed a QR Code

September 11, 2018

3D-printed parts are increasingly finding their way into airplanes and operating rooms.

Garter experts predict that, by 2021, 75% of new commercial and military aircraft will feature engine and airframe components made through additive manufacturing.

Similarly, the use of 3D-printed medical implants are set to increase by 20 percent over the next decade.

As the role of additive manufacturing emerges in a variety of industries, engineers will need to verify that their 3D-printed part is genuine and works as designed.

A team at NYU Tandon School of Engineering has found a new way to prove the provenance of a part.

First Ever Conference on Biochip Security Sees Risks and Rewards at the Nexus of Biochemical and Electrical Engineering

September 11, 2018

Today there are some 10 billion connected devices — excluding smartphones and computers — and those numbers are growing fast. One driver: mobile applications for medical devices, including biochips (devices that combine biochemistry and electrical and computer processing to run chemical reactions — sometimes many at once at the microscopic level). Paired with microfluidic systems, these “lab on a chip” technologies could revolutionize remote sensors, environmental sampling procedures, and medical tests for coagulation, blood gas electrolytes, hematology, urine chemistry, cardiac markers, and more.

Seeking a new element in artificial intelligence: trust

September 11, 2018

NYU Tandon researchers win NSF grant to develop tools to defend neural networks and machine learning systems from attack and identify security flaws

Mexico, Tunisia Join the World’s Largest Student-Led Cybersecurity Event

September 11, 2018

Registration Open for CSAW Preliminaries in Six Regions Worldwide as Competition Founded by NYU Tandon Enters 15th Year

How an NYU Team Reveals Facebook Political Ad Spending

September 11, 2018

When Damon McCoy, an assistant professor of computer science at NYU Tandon School of Engineering, heard from a friend that Facebook was about to publicize all its political-ad data, he was intrigued. With Facebook under increasing scrutiny for its role in reaching voters through targeted-ad campaigns, the move toward heightened transparency was unprecedented in the social-media industry.

NYU Tandon and Bridgewater Associates Tackle Acute Shortage of Minority Groups in Cybersecurity

September 4, 2018

On August 31, two leading cybersecurity educational and financial institutions will take steps to widen that pipeline. The NYU Tandon School of Engineering will award an initial round of scholarships, funded by Bridgewater Associates, a global leader in institutional portfolio management and the largest hedge fund in the world, to students from under-represented minority groups enrolled in its groundbreaking Cyber Fellows online master’s degree program.

NYU Tandon Trains Students on Blockchain and Joins Automotive Cybersecurity Software Initiative

September 4, 2018

Researchers at the NYU Tandon School of Engineering [have] developed Uptane, universal, free, and open-source framework to protect wireless software updates in vehicles, as part of the OTA cybersecurity toolkit for a growing number of automakers and suppliers. Open-source systems, which imprlynove through open security reviews, are an increasingly popular approach to securing OTA updates via Wi-Fi or cellular connections that eliminate the need for drivers to return to dealerships for upgrades.

How to Authenticate a 3D-Printed Part: ‘Explode’ and Embed a QR Code

September 4, 2018

A team at NYU Tandon School of Engineering has found a new way to prove the provenance of a part. Led by Nikhil Gupta, an NYU associate professor of mechanical engineering, the university researchers divided up a QR code and hid the hundreds of pieces throughout the layers of the 3D-printed part.

Major 3D-printing breakthrough could keep design pirates at bay

September 4, 2018

Article cites research by Nikhil Gupta, professor of mechanical and aerospace engineering at NYU Tandon School of Engineering.
… A team of New York University [Tandon School of Engineering] researchers has found a way to convert flat QR codes into complex features hidden within 3D-printed objects to foil any potential pirates. In a paper published to Advanced Engineering Materials, the team said the method can be applied to QR codes, barcodes and other passive tags. By placing them within the objects, the researchers said it does not compromise the part’s integrity, nor does it make itself obvious to anyone trying to reverse-engineer the part.

Researchers Defeat 3D Printing Piracy with Hidden QR Codes

September 4, 2018

Researchers at NYU Tandon [School of Engineering] and NYU Abu Dhabi believe they have come up with a solution to foil counterfeiters and IP pirates. Their new method of identifying a unique device involves converting QR codes into 3D hidden features. … Nikhil Gupta, an associate professor of mechanical engineering, explains: “To create typical QR code contrasts that are readable to a scanner you have to embed the equivalent of empty spaces … But by dispersing these tiny flaws over many layers we were able to keep the part’s strength well within acceptable limits.”

Why adding bugs to software can make it safer

September 4, 2018

Brendan Dolan-Gavitt, assistant professor of computer science and engineering at NYU Tandon was one of the researchers on this study.
That’s the basis for a new approach developed by Zhenghao Hu and colleagues at New York University. Why not fill ordinary code with benign bugs as a way of fooling potential attackers? The idea is to force attackers to use up their resources finding and testing bugs that will be of no use to them. Hu and co call these decoys “chaff bugs,” in analogy to the aluminum strips used to fool radar operators. The idea is just the latest move in an increasingly complex cat-and-mouse game pitting security experts against attackers.

Could deliberately adding security bugs make software more secure?

August 8, 2018

The best way to defend against software flaws is to find them before the attackers do.

This is the unshakeable security orthodoxy challenged by a radical new study from researchers at New York University. The study argues that a better approach might be to fill software with so many false flaws that black hats get bogged down working out which ones are real and which aren’t.

‘Chaff Bug’ Defense Rolls Out Shiny Objects for Attackers to Find

August 8, 2018

Camouflage and distraction have long been hallmarks of warfare, and it’s no different when it comes to the cyber-front. A group of researchers from New York University are taking the idea further than it’s gone before with the idea of introducing decoy bugs into code – ultimately non-exploitable vulnerabilities that can attract attacker interest and waste their time, thus eating up their resources.

To make systems safer, put more bugs in them

August 8, 2018

          Instead of routinely hunting and killing bugs, new research is proposing the addition of a “chaff bug” in programs to make them safer. By making software “buggier,” hackers could be baited and therefore overwhelmed by the number of bugs in a system and eventually give up their search,

according to a study by researchers Zhenghao Hu, Yu Hu and Brendan Dolan-Gavitt

         of New York University.

Protect your card details, identity from being doxxed

August 8, 2018

A recent study by New York University Tandon School of Engineering and the University of Illinois at Chicago (UIC) revealed the types of information that is typically exposed by doxxers:

  • 90 percent of the time, the victim’s address is listed
  • 61 percent included a phone number
  • 53 percent included an email address
  • 40 percent shared online user names and IP address

As for sensitive financial information? It’s less common, but it does happen.

  • General financial information was included 8.8 percent of the time
  • 4.3 percent revealed credit card numbers
  • 2.6 included Social Security numbers

Now Transparent: Political Advertising on Facebook, Instagram

August 8, 2018

Conceived by Computer Science and Engineering Assistant Professor Damon McCoy, the Online Political Ads Transparency Project has built easy-to-use tools to collect, archive, and analyze political advertising data. The researchers, including NYU Tandon doctoral student Laura Edelson and Shikhar Sakhuja NYUSH ‘19, pledged to improve the transparency of Facebook’s archive by releasing weekly updates of all political advertisements collected through the November election. The team also plans to use its complex data scraping methods to reveal similar information for Twitter.

Top tip? Sprinkle bugs into your code to throw off robo-vuln scanners

August 8, 2018

Miscreants and researchers are using automation to help them find exploitable flaws in your code. Some boffins at New York University in the US have a solution to this, and it’s a new take on “security through obscurity”.

Why confidence matters in facial recognition systems

August 8, 2018

Nasir Memon, a professor of computer science at the New York University Tandon School of Engineering, said it isn’t realistic to expect these systems to be completely accurate.

Cramming Software With Thousands of Fake Bugs Could Make It More Secure

August 8, 2018

Brendan Dolan-Gavitt, assistant professor at NYU Tandon and one of the researcher on this study, told me in an email that they’ve been working on techniques to automatically put bugs into programs for the past few years as a way to test and evaluate different bug-finding systems. Once they had a way to fill a program with bugs, they started to wonder what else they could do with it.

Twenty-Two Organizations From AI, Automotive, Blockchain, Cloud and More Join The Linux Foundation and Invest in Open Source Technology

August 8, 2018

NYU Tandon School of Engineering empowers people to use science and technology as tools to build a better society. SDNLAB is a leading platform …

High School Women Train in Cybersecurity at NYU School of Engineering

August 8, 2018

Recently, a group of high school women spent three weeks as participants in the Computer Science for Cyber Security (CS4CS) program, picking up fundamentals at the NYU Tandon School of Engineering. Nearly 50 students attended classes at the downtown campus of the university, where they learned about programming, computer architecture, careers in computer science and cybersecurity and how to do professional networking. Now they’re expected to return to their schools and serve as ‘computer science and cybersecurity ambassadors’ and recruit a team of classmates to compete in Cyber Security Awareness Week, Tandon’s annual cybersecurity competition.

A Doozy of a Week for Industry Bosses

August 8, 2018

Article cites research by Damon McCoy, assistant professor of computer science and engineering at NYU Tandon School of Engineering.
President Trump is now officially the biggest political advertiser on Facebook, according to a group of New York University [Tandon School of Engineering] researchers. My colleague Sheera Frenkel reported that the president and his political action committee had spent $274,000 for ads on the social network since early May.

Now Transparent: Political Advertising on Facebook, Instagram

July 18, 2018

The Online Political Ads Transparency Project was conceived by Computer Science and Engineering Assistant Professor Damon McCoy to build easy-to-use tools to collect, archive, and analyze political advertising data. Although Facebook became the first major social media company to launch a searchable archive of political advertising, for both Facebook and Instagram, in May 2018, McCoy found the archive difficult to use, requiring time-consuming manual searches. He decided to apply versions of the data scraping techniques he had previously used against criminals, including human traffickers who advertised and used Bitcoin.

How The Update Framework Improves Software Distribution Security

July 18, 2018

In recent years that there been multiple cyber-attacks that compromised a software developer’s network to enable the delivery of malware inside of software updates. That’s a situation that Justin Cappos, founder of The Update Framework (TUF) open-source project, has been working hard to help solve.

The Biggest Spender of Political Ads on Facebook? President Trump

July 18, 2018

…Damon McCoy, who conducted the study with two fellow researchers, Laura Edelson and Shikhar Sakhuja, said they were not able to tally the total spending for Republicans and Democrats because their analysis was ongoing, though they planned to release those figures in the future.

Justin Cappos on Why Cars Are Not Like Computers When It Comes to Cybersecurity

July 17, 2018

Justin Cappos is a professor in the Computer Science and Engineering department at New York University [Tandon School of Engineering], where his research addresses problems in security, systems, software update systems, and virtualization. His research philosophy focuses on solving real world security problems in practice, with software such as Docker, git, Python, and most Linux distributions using his research advances. The practical impact of his work is why Cappos was named to Popular Science’s Brilliant 10 list in 2013. In this interview, he explores how updates and other security processes are unique to the automotive world.

Reaching greater depths with 3D printing

July 5, 2018

Syntactic foam is a strong and buoyant material commonly used in the manufacturing of submarines. Now, a team of researchers have developed a method of 3D printing components of syntactic foam that could take submarines to greater depths. Nikhil Gupta, Associate Professor of Mechanical and Aerospace Engineering at New York University’s Tandon School of Engineering, joins Hari Sreenivasan to discuss this innovation.

Justin Cappos: Security in Kubernetes

June 28, 2018

The New Stack Makers podcast episode Justin Cappos recently recorded with TNS Founder Alex Williams at KubeCon + CloudNativeCon 2018 is now live on SoundCloud and YouTube, click here to listen.

Fake rental ads are everywhere, and Colorado consumers need to watch out

June 21, 2018

“There is usually something that engenders trust and makes you want to help them,” said Damon McCoy, an assistant professor of computer science and engineering at New York University’s Tandon School of Engineering.

Container and Kubernetes Security: It’s Complicated

June 14, 2018

CNCF does not mandate or prescribe a reference architecture for Kubernetes and associated project deployment. However, Justin Cappos, professor in the Computer Science and Engineering department at New York University and leader of the TUF project, said the various projects do tend to communicate with each other.

Breaking Down The AT&T-Time Warner Decision

June 14, 2018

Randal Milch, Former General Counsel and strategic policy advisor to Verizon’s Chairman and CEO. Co-chair of the NYU Center for Cybersecurity.

Hundreds of Apps Can Empower Stalkers to Track Their Victims

June 13, 2018

Damon McCoy’s research on spyware is on the front page the New York Times and jumps to all of page 11. His student, Periwinkle Doerfer, is quoted.

Frequently Published Tandon Materials Scientist Takes to Editing

June 13, 2018

Nikhil Gupta, an associate professor of mechanical and aerospace engineering, has seen his research on 3D printing of syntactic foams, cybersecurity in 3D printing, surgical applications for magnesium, and much more published in premier scholarly journals like the prestigious Journal of the Minerals, Metals and Materials Society (JOM). Now he is editing two special issues of the journal that highlight cutting-edge research in composite materials…

NYU Center for Cybersecurity Intern Captures Prestigious Intel International Science and Engineering Fair Prize

June 13, 2018

At the 2018 Intel International Science and Engineering Fair (Intel ISEF), the world’s largest international pre-college science competition, high school student Suha Hussain took home a second-place prize of $1,500 in the Systems Software category for her project “A New Method for the Exploitation of Speech Recognition Systems,” which she completed under the direction of Tandon Professor Ramesh Karri, who co-chairs NYU’s Center for Cybersecurity (CCS), and Tandon Ph.D. candidate Zahra Ghodsi.

Tandon Grad Student Wins Awards for His Computer Science Research

June 13, 2018

How can we identify minute, confusing snippets of code to make programming more efficient? Dan Gopstein, a Ph.D. candidate in NYU Tandon’s Department of Computer Science and Engineering, has in recent months received two distinguished paper awards for publications discussing just that.

Gopstein presented “Atoms of Confusion,” which was prepared under the guidance of Professor Justin Cappos

Now more than ever, cars are just rolling computers

June 13, 2018

Click here to listen to Professor Justin Cappos discuss cybersecurity in the automotive industry.