- CCS News
- Press Highlights
July 31, 2017
The women-only CS4CS class is part of a larger program at the Tandon school called STEMNow, which this summer is bringing more than 700 middle- and high-school students and 130 teachers to the Downtown Brooklyn campus for deep dives into the STEM subjects (science, technology, engineering and math). STEMNow puts a particular emphasis on diversity and providing hands-on research and experimentation for students whose regular schools may lack those opportunities.
July 28, 2017
Cyberattacks against power grids and other critical infrastructure systems have long been considered a threat limited to nation-states due to the sophistication and resources necessary to mount them. … Michail Maniatakos, a research professor at the NYU Tandon School of Engineering and an assistant professor of electrical and computer engineering at NYU Abu Dhabi, detailed the discovery of a security flaw in the authentication mechanism of a legacy protective relay — a component that responds to changes in flow across the grid to isolate electrical faults.
July 27, 2017
…The researchers are part of the small and increasingly influential group of cybersecurity researchers at NYU exploring hardware trustworthiness and educating experts worldwide about their findings. Under the aegis of the NYU Center for Cybersecurity, faculty and student researchers at NYU Abu Dhabi and NYU Tandon are recognized as leaders in research on secure chip design and production, microchip camouflaging, encryption, crowd sourcing and sharing of attack and defense strategies, and improving the trustworthiness of the supply chain.
July 27, 2017
Companies and individuals have paid more than $25 million over the past two years to try to get their computer data back from hackers who hijacked it. This is according to new research by Google about the phenomenon….The research, conducted by Google, Chainalysis, University of California at San Diego, and New York University’s Tandon School of Engineering, was presented Wednesday at the Black Hat security conference in Las Vegas.
July 26, 2017
BTC-e, one of the most cryptic crypto exchanges, has been ‘under maintenance’ for a day now, which has led many of its users to express fears that the platform has been hacked. … The American newspaper quoted Damon McCoy, a New York University [Tandon School of Engineering] computer science and engineering professor, who said: “It’s hard for law enforcement to put pressure on BTC-E because it’s a Russian-operated bitcoin exchange.”
July 25, 2017
Former Homeland Security Adviser Lisa Monaco on fighting ISIS on social media.
July 25, 2017
Ransomware victims have paid more than $25 million in ransoms over the last two years, according to a study presented today by researchers at Google, Chainalysis, UC San Diego, and the NYU Tandon School of Engineering. By following those payments through the blockchain and comparing them against known samples, researchers were able to build a comprehensive picture of the ransomware ecosystem.
July 25, 2017
Ransomware surged last year, becoming a multi-million dollar business that’s so profitable it’s creating a “vicious cycle” of ever-increasing attacks, say researchers at New York University [Tandon School of Engineering] and Google who tracked the criminals’ payment networks. … The findings suggest that even though the last two large ransomware attacks, Wannacry, and Petya, did not seem to raise that much money, the criminal cyber industry in general has much to gain by exploiting users with these attacks.
July 25, 2017
As the ransomware scourge calms down for the summer holidays, Google has taken a retrospective at that particular pesky form of cybercrime, finding it only become massively profitable in the last year and a half. … Their success, and the sudden jump in revenue, is down to their distribution via botnets, in particular one known as Necurs, said Damon McCoy, an assistant professor of computer science at New York University [Tandon School of Engineering].
July 25, 2017
Ransomware attacks have grown increasingly more common in recent years and their impact shows in the wallets of victims. Those who have fallen prey to ransomware have paid more than $25 million in ransoms since 2014, a study found. The data comes from researchers at Google; blockchain analysis firm Chainalysis; University of California, San Diego; and the NYU Tandon School of Engineering, who worked to follow cryptocurrency payments to find out just how much attackers have generated by holding files hostage.
July 24, 2017
The collection, storage, use, and disclosure of consumer data are hot topics in the legal, regulatory, and legislative communities.
July 21, 2017
Where’s your boarding pass? Forget it. Delta Air Lines is letting some passengers board planes with just their fingerprints…“With a password, you can just change it and move on with your life. You can’t do that with fingerprints,” said Nasir Memon, a professor of computer science at New York University’s Tandon School of Engineering.
July 19, 2017
Talk to the teenage girls studying cybersecurity at New York University [Tandon School of Engineering] this summer, and you’ll get an earful about their determination to protect their country, safeguard privacy, and conquer their fair share of a male-dominated field.The young women are attending one of a rising number of camps devoted to the niche field of cybersecurity.
July 15, 2017
WhatsApp is adding a brand new feature in its latest update: the ability to share any file type. …Damon McCoy, a Computer Science and Engineering professor at the NYU Tandon School of Engineering, said that “most cellphones unless you root them will only allow you to run apps if they’re from official stores.” In regions where rooting is more common, this could potentially open up users to malware.
July 13, 2017
From election meddling and economic espionage to financial fraud and personal identity theft, it’s becoming clear that cybersecurity is increasingly central to every aspect of the way we live. Both state-sponsored cyber-spies and transnational organized crime groups pose urgent threats online to our nation’s critical infrastructure, our security, and our fundamental values in a democratic society. How should government, private companies, and even individuals be confronting these new threats in cyberspace?
July 11, 2017
Guests at 14 Trump properties, including hotels in Washington, New York and Vancouver, have had their credit card information exposed, marking the third time in as many years that a months-long security breach has affected customers of the chain of luxury hotels. … “It seems very negligent that this could happen a number of times,” said Justin Cappos, an associate professor of systems and security at New York University [Tandon School of Engineering].
July 6, 2017
If Malcolm Turnbull presses forward on threats to force technology companies to better cooperate on countering terrorism — by unlocking secret encrypted messages and data belonging to suspected violent plotters — the Prime Minister can expect a heated tussle with America’s powerful Silicon Valley.
July 6, 2017
The shortage of cybersecurity professionals is well documented, and this lack of expertise can keep organizations from bolstering their security programs…NYU Tandon School of Engineering offers a master’s degree in cyber security, and the program is rooted in the belief that theory and research must translate into real-world solutions, says Nasir Memon, professor of computer science and engineering at Tandon.
July 5, 2017
Justin Cappos, assistant professor of computer science and engineering at the NYU Tandon School of Engineering, comments on the NotPetya “wiper” attack that hit countless computer systems across 64 countries last week. “There seems to be increasing evidence that the people who carried out this attack did not do so for monetary gain, which is usually what you try to do with something like ransomware,” he said.
July 5, 2017
Justin Cappos is a professor in the Computer Science and Engineering department at New York University [Tandon School of Engineering], where his research addresses problems in security, systems, software update systems, and virtualization…In this interview, he explores how updates and other security processes are unique to the automotive world.
July 1, 2017
Never use the same password for all your accounts. If you can’t remember them all, try a password manager, says Justin Cappos, a professor at New York University’s engineering school…“You’re much less likely to have problems using one of these than if you write all your passwords down on sticky notes you may or may not lose,” Cappos says.
June 28, 2017
… The original Petya ransomware that popped up last year encrypted hundreds of file types, and the new code makes some interesting choices in what it encrypts. Justin Cappos, assistant professor of security, operating systems and networks at the New York University Tandon School of Engineering, was interviewed by The Register…
June 28, 2017
… The original Petya ransomware that popped up last year encrypted hundreds of file types, and the new code makes some interesting choices in what it encrypts.… ‘It’s very odd,’ Justin Cappos, assistant professor of security, operating systems and networks at the New York University Tandon School of Engineering told The Register.
June 27, 2017
… The ransomware ground businesses to a halt for at least a day. … ‘A lot of ransomware does not do this, does not let the hackers in in the meantime, but there’s no absolute,’ said Justin Cappos, professor in the computer science and engineering department at the NYU Tandon School of Engineering
June 27, 2017
Ransomware attacks were nothing new, but this one had a secret weapon, a sophisticated software exploit known as EternalBlue, published by the Shadow Brokers in April and believed to have been developed by the NSA. … NYU [Tandon School of Engineering] security researcher Justin Cappos, who works on securing patching procedures as part of The Update Framework, says those underlying flaws are remarkably common.
June 26, 2017
Ryan Brunt, Prakhar Pandey and Damon McCoy.
Distributed Denial of Service (DDoS) attacks have become a growing threat that, to a large extent, have become commoditized by DDoS-for-hire, or “booter”, services. In this case study, we analyze leaked fine-grain “ground truth” data from a larger booter service, VDoS, which earned over $597,000 over two years and launched 915,000 DDoS attacks and 48 attack years (i.e., the amount of DDoS time faced by victims of VDoS). The time period of the data includes data before and after a payment intervention, providing a rare opportunity to understand how it impacted VDoS’s operation
June 21, 2017
Uptane, the cyber security software developed by New York University, Southwest Research Institute, and the University of Michigan, is making inroads into the global automotive supply chain. Last week, the German company Advanced Telematic Systems (ATS) said it integrated Uptane into its connected-car products. … NYU [Tandon School of Engineering]’s Justin Cappos runs the project, and he says that the response to Uptane’s release has been surprisingly warm, but ATS’ adoption will help move the needle further.
ATS Is Integrating The Uptane Security Framework For Over-the-air Software Updates To Connected Vehicles
June 13, 2017
Features Prof. Justin Cappos
ATS Advanced Telematic Systems is the first European company integrating the Uptane security framework into its OTA solutions: OTA Plus and ATS Garage. Uptane is a joint research initiative between NYU’s Tandon School of Engineering, the Southwest Research Institute, and the University of Michigan Transport Research Center, working to develop a common standard for automotive software update security. It was designed in consultation with government regulators, OEMs, and suppliers responsible for 78% of vehicles on U.S. roads.
June 6, 2017
A new report proves the value of following the money in the fight against dodgy cybercrime services known as “booters” or “stressers” — virtual hired muscle that can be rented to knock nearly any website offline. … The researchers posed as buyers of nearly two dozen booter services — including vDOS — in a bid to discover the PayPal accounts that booter services were using to accept payments. In response to their investigations, PayPal began seizing booter service PayPal accounts and balances, effectively launching their own preemptive denial-of-service attacks against the payment infrastructure for these services.
[Research is by the Center for Cybersecurity’s, Professor Damon McCoy, and his graduate students Ryan Brunt and Prakhar Pandey]
May 31, 2017
In recent weeks, a pervasive ransomware attack affected systems throughout the world, causing chaos in National Health System hospitals in Great Britain and continuing to cripple hundreds of thousands of computers… The uptick in interest is a far cry from when Nasir Memon, a professor at the NYU Tandon School of Engineering and the founder of the school’s Center for Cybersecurity, started organizing and offering some undergraduate classes in cybersecurity at the school in 1999.
May 31, 2017
Though we now think we are protected by fingerprint readers, these are also prone to cyberattacks. If you think your fingerprint is unique, think again. Masterprints, digitally altered fingerprints that work like a master key, have been discovered by researchers for New York University’s Tandon School of Engineering. With these masterprints, one can unlock up to 40 per cent of smartphones.
May 28, 2017
One of the prime reasons why phone users prefer fingerprint scanner-enabled smartphones is because of the sense of privacy and security that it offers. Or so we thought … The new findings have been released by Nasir Memon, a professor in the department of computer science and engineering at New York University’s Tandon School of Engineering; Aditi Roy, a post-doctoral fellow at the same college; and Arun Ross, a professor in the department of computer science and engineering at Michigan State University.
May 24, 2017
As nearly everything in our lives transitions from the real to the digital world, the more those things can — and are — being tracked. Every like, tweet, search and swipe ours is a piece of that digital data mosaic that makes up our online life. But with that massive amount of information, companies, advertisers and now political campaigns are gaining a big advantage. … “There are ways that this can be very creepy and very personalized,” said Justin Cappos, a professor at the NYU Tandon School of Engineering (at 3:07).
May 22, 2017
President Trump wants to crack down on botnets, the networks of hacked zombie computers that criminals or adversaries can use to carry out large-scale cyberattacks. Achieving this would surely disrupt the cybercriminal infrastructure, but it will also require that the administration overcome monumental technical and political hurdles. Zachary K. Goldman comments in the MIT Technology Review.
May 22, 2017
Individuals and institutions affected by the WannaCry ransomware attack face a Hobson’s choice—the malicious software (malware) encrypts a user’s documents while the decryption keys remain in the hands of the cybercriminals. Victims of the attack can either pay the hackers for the release of their files, feeding the profit motive that generates attacks like this in the first instance, or refuse to do so and permanently say goodbye to their computers, say Center for Cybersecurity co-founder Zachary Goldman and Professor Damon McCoy.
May 20, 2017
Researchers for New York University’s (N.Y.U.) Tandon School of Engineering discovered masterprints, digitally altered fingerprints that could match many people’s fingers…”If I have this glove or fake hand with these master prints on it then I can unlock say 25, 30, 40 percent of phones,” Professor Nasir Memon of N.Y.U. Tandon said.
Cybersecurity Experts Discuss the Perfect Storm – A Convergence of Internet of Things, Cloud, and Security
May 17, 2017
With the increasing adoption of the Internet of Things (IoT), concerns are growing about security, particularly hardware security, which is an integral part of the IoT framework. Security threats permeated the discussion at the eighth installment of NYU Tandon School of Engineering’s Sloan Lecture Series on April 25, which brought together world-class academics and industry practitioners to discuss advances, risks, and solutions in cybersecurity.
May 16, 2017
Bank derisking and irrational state by state licensing help create the conditions for criminals and terrorists to abuse cryptocurrency networks.
May 16, 2017
A thumbprint may seem simpler and more secure than a passcode or password. But one of the nation’s top computer scientists says he has discovered a security flaw with the kind of fingerprint identification technology often used to lock cellphones. We traveled to New York University Tandon School of Engineering to interview engineering professor Nasir Memon, who says he has found a way to use synthetic fingerprints to trick touch identification systems.
May 15, 2017
President Donald Trump’s Executive Order on Cybersecurity, concentrating as it does on things largely within the authority of the executive branch, is a reasonable early approach to a very complicated public policy challenge. Its three components focus on preparatory steps to harmonize and modernize the federal government’s information technology (IT), better protect critical infrastructure, and improve the U.S. Government’s own cybersecurity strategies and policies.
May 15, 2017
… Justin Cappos, an assistant professor of computer systems and security at New York University [Tandon School of Engineering], suggested one quick fix for future security updates. Rather than telling users to update their systems for a “security patch,” Windows could offer a bleak warning: “Hackers can get into your computer right now, so please update so we can fix that.”
May 15, 2017
The recent ransomware cyberattack has claimed an estimated 300,000 computers in 150 countries. Cyber security expert Justin Cappos is a professor at NYU’s Tandon School of Engineering. He described what the WannaCry malware is doing now and how it invades computers through a loophole in Microsoft Corp’s Windows operating system. He said the malware exploits a weakness in the operating system to spread from computer to computer.
May 12, 2017
A massive cyberattack galloped across international borders on 12 May 2017, crippling such vital organizations as Telefonica (a telecom company in Spain), Britain’s network of hospitals run by the National Health Service (NHS), and the Russian Interior Ministry. … The attack utilized a type of malware called ransomware. … Damon McCoy, an assistant professor of computer science at New York University [Tandon School of Engineering], explained “ransomware”…
May 11, 2017
A team of researchers from the Tandon School of Engineering at the New York University has created a method of generating fake digital fingerprints capable of unlocking random smartphones. According to the research team, their method works with an accuracy of 26% to 65% of all tested phones, assuming a maximum number of five attempts per authentication, the standard that most phone-based fingerprint authentication systems give their users.
May 11, 2017
The 2017 Cyber Security R&D Showcase and Technical Workshop is scheduled for 11-13 July at Washington, D.C.’s Mayflower Hotel. This annual technology showcase event is expected to draw 1,000 government, industry and academia cybersecurity professionals from the United States and abroad over three days. The conference’s highlight is the 11 July R&D Showcase, during which ten mature technologies and projects addressing complex cybersecurity issues will be presented. Projects include Securely Updating Automobiles by Justin Cappos of New York University.
May 9, 2017
… There were some reports last week that Apple was having a bit of trouble with key feature in its next iPhone: the fingerprint reader. But there may be other problems with these sensors. New research found that the way smart phones read fingerprints could make them vulnerable to hackers. [interview with Nasir Memon at 14:23]
May 4, 2017
On Wednesday, May 3, the bipartisan Task Force on Anti-Terrorism & Proliferation Financing hosted a “Brown Bag Lunch” briefing on “Terrorist Use of Virtual Currencies: Containing the Potential Threat.”
May 4, 2017
… This hour On Point, the Google email attack, an how to protect yourself from online scams, plunder, identity theft. Guests: Justin Cappos, assistant professor in systems and security at the New York University Computer Science and Engineering Department [at 21:10].
May 4, 2017
Alphabet Inc warned its users to beware of emails from known contacts asking them to click on a link to Google Docs after a large number of people turned to social media to complain that their accounts had been hacked. Google said on Wednesday that it had taken steps to protect users from the attacks by disabling offending accounts and removing malicious pages. … ‘This is a very serious situation for anybody who is infected because the victims have their accounts controlled by a malicious party,’ said Justin Cappos….
May 4, 2017
The scam claimed to come from Google Docs – a service that allows people to share and edit documents online. Users who clicked a link and followed instructions, risked giving the hackers access to their email accounts … “This is a very serious situation for anybody who is infected because the victims have their accounts controlled by a malicious party,” Justin Cappos, a cyber security professor at NYU Tandon School of Engineering, told Reuters.
May 3, 2017
Alphabet Inc. warned its users to beware of emails from known contacts asking them to click on a link to Google Docs after a large number of people turned to social media to complain that their accounts had been hacked…’This is a very serious situation for anybody who is infected because the victims have their accounts controlled by a malicious party,’ said Justin Cappos, a cyber security professor at NYU Tandon School of Engineering.
May 1, 2017
Two Tandon students from the Offensive Security, Incident Response and Internet Security Laboratory have discovered a vulnerability in the NYU Print Service that would allow black hats — individuals who use their extensive computer knowledge to breach internet security — to take full control of any computer, as long as it is connected to the same Wi-Fi service as the printer, according to one of the two students.
April 25, 2017
When you install an app on your phone, do you read the terms of service agreement? Probably not…”If you’re using a service that’s a free service, then the reason why it’s a free service is because you’re really the product,” Cappos said. “You’re being sold to marketers.”
April 24, 2017
Updating software is one of the most important ways to keep users and organizations secure. But how can software be updated securely? That’s the challenge that The Update Framework (TUF) aims to solve. Justin Cappos, assistant professor at New York University [Tandon School of Engineering], detailed how TUF works and what’s coming to further improve the secure updating approach in a session at last week’s DockerCon 17 conference in Austin, Texas.
April 20, 2017
Consumers can be pretty lax about their online security. About 4% of the time, the password to unlock a smartphone is 1-2-3-4, says Nasir Memon, a professor of computer science and engineering at New York University Tandon School of Engineering. … A new study, however, conducted over the past year by the Tandon School of Engineering at NYU and Michigan State University College of Engineering, finds that fingerprints are more vulnerable than previously believed.
April 18, 2017
Facebook shut down as many as 30,000 fake accounts in the past week — but that’s unlikely to hurt the multi-million-dollar spam industry. … “If you go to the underground markets where they sell fake Facebook accounts, you can buy 1,000 of these for $300 to $400,” Damon McCoy, a New York University [Tandon School of Engineering] computer science professor specializing in cybercrime, told NBC News. “In terms of economics of replacing these 30,000 accounts, they took down something, but perhaps not as much as you might think.”
April 17, 2017
Russia’s successful incursion into the 2016 presidential election has opened a new, menacing phase in cyberwarfare and is a harbinger of attacks to come, says President Barack Obama’s former top counterterrorism adviser, Center for Cybersecurity Distinguished Senior Fellow Lisa O. Monaco.
April 17, 2017
Lisa Monaco, the former homeland security adviser to President Obama, talks with David Axelrod about what she thinks are the greatest threats facing America today, why the Trump administration’s travel ban hurts our counterterrorism efforts, and why she believes Russia’s incursion into our election has opened a new phase in cyberwarfare.
April 14, 2017
Fingerprint readers, like the TouchID on an iPhone, exist to make your device extra secure while keeping the process of unlocking it easy. Computer scientists at New York University and Michigan State are poised to turn that security benefit on its head. Like a master key that can open any lock, these researchers developed digital “master prints” that could emulate a variety of partial fingerprints enough to hypothetically hack into a device. … “The sensors are small and they don’t capture the full fingerprint,” says Nasir Memon, a computer scientist at NYU’s Tandon School of Engineering and one of the authors of the study.
April 13, 2017
Fingerprint readers, like the TouchID on an iPhone, exist to make your device extra secure while keeping the process of unlocking it easy. Computer scientists at New York University and Michigan State are poised to turn that security benefit on its head. … “The sensors are small and they don’t capture the full fingerprint,” says Nasir Memon, a computer scientist at NYU’s Tandon School of Engineering and one of the authors of the study.
April 13, 2017
Researchers at New York University and Michigan State University have recently found that the fingerprint sensor on your phone is not as safe as you think. ‘The team has developed a set of fake fingerprints that are digital composites of common features found in many people’s fingerprints,’ reports Digital Trends. ‘Through computer simulations, they were able to achieve matches 65 percent of the time, though they estimate the scheme would be less successful in real life, on an actual phone.’ … Nasir Memon, a computer science and engineering professor at New York University [Tandon School of Engineering], explained the value of the study to The New York Times.
April 12, 2017
…A team of researchers from New York University Tandon School of Engineering and Michigan State University College of Engineering have found that partial similarities between prints are common enough to fool biometric security systems … leading them to be much more vulnerable than previously thought.
April 12, 2017
It’s no small task to build a fully autonomous robot capable of mining raw materials from the surface of Mars, but that’s exactly what a team of NYU Tandon School of Engineering students is attempting to do. For the sixth consecutive year, a Tandon team will be taking part in the NASA Robotic Mining Competition.
April 10, 2017
New findings published Monday by researchers at New York University and Michigan State University suggest that smartphones can easily be fooled by fake fingerprints digitally composed of many common features found in human prints. In computer simulations, the researchers from the universities were able to develop a set of artificial “MasterPrints” that could match real prints similar to those used by phones as much as 65 percent of the time. … “It’s as if you have 30 passwords and the attacker only has to match one,” said Nasir Memon…
April 10, 2017
NYU Center for Cybersecurity Distinguished Senior Fellow Lisa O. Monaco discusses the national security and foreign policy challenges facing the White House on CNN.
April 10, 2017
NYU Tandon and Michigan State University Researchers Find That Similarities in Partial Fingerprints May be Sufficient to Trick Biometric Security Systems on Smartphones…Nasir Memon, a professor of computer science and engineering at NYU Tandon and the research team leader, explained that the MasterPrint concept bears some similarity to a hacker who attempts to crack a PIN-based system using a commonly adopted password such as 1234…
April 6, 2017
NYU Center for Cybersecurity Distinguished Senior Fellow Lisa O. Monaco discusses the future of national security in the Trump administration with CNN’s Jim Sciutto. As President Obama’s former top counterterrorism and homeland security advisor, Monaco coordinated policy development and crisis response to terrorist attacks, cyberincidents, and public health emergencies and natural disasters.
April 5, 2017
… Users are asked to click on a link to view a document, which provides the hackers access to the contents of their Google accounts, including email, contacts and online documents, according to security experts who reviewed the scheme. ‘This is a very serious situation for anybody who is infected because the victims have their accounts controlled by a malicious party,’ said Justin Cappos, a cyber security professor at NYU Tandon School of Engineering.
April 3, 2017
It’s a question that still rankles many a Clinton loyalist: Why didn’t the Obama administration do more to sound the alarm over Russia’s meddling in the 2016 presidential campaign? Few former officials have explained it, but in a new interview for The Global POLITICO, Lisa Monaco, President Obama’s top homeland security and counterterrorism adviser, describes a White House afraid of “doing the Russians’ work for them.”
April 3, 2017
NYU Center for Cybersecurity Distinguished Senior Fellow Lisa O. Monaco appeared on The Global Politico, a weekly podcast about the world in the Trump era. In addition to her experiences with counterterrorism, she discussed how the Obama White House handled the Russian hacking of the 2016 elections–the first extensive comments by someone in the room at the Obama White House.
April 3, 2017
The eighth event in a series of open lectures on cybersecurity and privacy at the New York University Tandon School of Engineering will convene in Downtown Brooklyn on Tuesday, April 25, 2017, with an exploration of the hardware security challenges posed by interconnected devices and cloud computing. Convergence of IoT, Cloud, Security: A Perfect Storm will feature Walden (Wally) C. Rhines, president and chief executive officer of Mentor Graphics.
March 30, 2017
Justin Cappos, Assistant Professor of computer science and engineering at NYU Tandon School of Engineering comments on a new bill that the House and Senate passed that rolls back privacy protection rules put in place by President Obama: “Now when you browse the web you are going to be tracked by the person you are paying to provide Internet access.”
March 29, 2017
NYU Center for Cybersecurity co-founder Zachary K. Goldman comments on the encryption debate in light of the most recent attacks in London: While there is “an undeniable governmental need for these messages,” the question is really whether companies should be forced to build a product that allows the government to access data…Any action on this issue “has a trade-off associated with it,” Goldman said—if we want the government to be able to read these messages, it means dramatically undermining end-to-end encryption for everyone.
March 24, 2017
When Jeyavijayan (JV) Rajendran was a graduate student at the NYU Tandon School of Engineering, it was not unusual to see him mentioned on the school website. Working with Professor Ramesh Karri of Electrical and Computer Engineering, he helped cement Tandon’s reputation at the forefront of hardware security … Now a tenure-track assistant professor at the University of Texas Jonsson School of Engineering and Computer Science, in Dallas, Rajendran is still giving Tandon plenty of reason for pride. He was recently awarded a highly prestigious National Science Foundation (NSF) Faculty Early Career Development grant (better known as the CAREER Award).
March 24, 2017
WikiLeaks released the latest cache of confidential C.I.A. documents Thursday as part of an ongoing ‘Vault 7’ operation, exposing the U.S. government of its hacking and digital espionage capabilities. … The agency may have left millions open to the exact attacks it said it was trying to prevent, regardless of its intentions, by not reporting those flaws to major companies, Justin Cappos, a professor in the Computer Science and Engineering department at New York University [Tandon School of Engineering] and cyber security expert whose created digital privacy software, told IBT.
Will the Trump Administration Protect Hard-Won Progress with China on Cybersecurity? Featuring Robert Silvers
March 22, 2017
As Presidents Trump and Xi prepare for their first meeting next month at Mar-a-Lago, most early attention has centered on tension points involving Taiwan policy, the South China Sea, North Korea and trade. But another U.S.-China issue hangs in the balance: cybersecurity.
March 20, 2017
A team of engineers at NYU Tandon, in partnership with Griffeye — a digital intelligence technology company — is developing a new software that will help law enforcement combat the increasingly prevalent issue of child exploitation.
March 17, 2017
NYU Center for Cybersecurity co-founder Zachary K. Goldman discusses the significance and consequences of the recent indictment of the Russians behind the Yahoo hacks. “This indictment is part of a broader sustained effort on the part of the US government to deter Russia from committing cyberattacks by prosecuting Russian cybercriminals, imposing sanctions, and taking other measures like expelling Russian diplomats and spies,” Goldman argues.
March 17, 2017
… According to a new paper, “Manufacturing and Security Challenges in 3D Printing”, written by researchers at New York University’s Tandon School of Engineering … 3D printing carries cybersecurity vulnerabilities that can lead to potentially dangerous, undetectable defects as well as opening the door for counterfeit products. Nikhil Gupta, an associate professor of mechanical and aerospace engineering at NYU Tandon, and one of the co-authors of the paper, told Design News that the cybersecurity risks that come with AM are far more significant that common threats we hear about today.
Researchers Race To Develop Software To Prevent Car Hacking (audio – featuring Prof. Justin Cappos at 1:19)
March 17, 2017
Modern cars have between 50 and 100 electronic control units, or computers, to run everything from the overhead dome light to the automatic transmission. Many of the computers are networked together but made by different vendors, which makes them easier to hack. Now, researchers backed by the Department of Homeland Security are looking for ways to protect cars from hacking.
March 16, 2017
The staggering amount of data involved in searching for child pornography is a serious hurdle in hunting down pedophile rings. … A new set of filters improving the ability to comb through terabytes of data and hundreds of thousands of hours of video is now under development by computer scientists at New York University. The machine-learning techniques focus on picking out nudity—and identifying the physical features of children, said Nasir Memon, the NYU [Tandon] professor of computer science and engineering leading the work.
New Forensics Tools Will Speed the Identification and Rescue of Children Pictured in Child Sexual Exploitation Material
March 16, 2017
Researchers at the New York University Tandon School of Engineering and the digital intelligence tech company Griffeye have begun building a sophisticated suite of tools to be provided pro bono to law enforcement officials seeking to identify children in child sexual exploitation material (sometimes referred to as child pornography) and rescuing victims. … Professor of Computer Science and Engineering Nasir Memon leads the software development along with Griffeye Director Johann Hofmann.
March 15, 2017
The publishing company Springer has more than 245 engineering journals in its portfolio … when editors took stock of the works that had been the most cited, downloaded, and shared in 2016, it was an article from JOM, The Journal of the Minerals, Metals & Materials Society that stood out at number one in the category of Engineering. That article, “Manufacturing and Security Challenges in 3D Printing,” was written by a team of [NYU] Tandon researchers [including] Nikhil Gupta, noted materials expert and an associate professor of mechanical engineering; lead author Steven Eric Zeltmann, a graduate student in mechanical engineering; and Ramesh Karri, professor of electrical and computer engineering.
Law Enforcement Agencies to Receive Free Access to NYU Developed Solution Combating Child Exploitation
March 14, 2017
Researchers at the New York University Tandon School of Engineering and the digital intelligence tech company Griffeye have begun building a sophisticated suite of tools to be provided pro bono to law enforcement officials seeking to identify children in child sexual exploitation material (sometimes referred to as child pornography) and rescuing victims….Professor of Computer Science and Engineering Nasir Memon leads the software development along with Griffeye Director Johann Hofmann.
March 13, 2017
Distinguished Senior Fellow Lisa O. Monaco is featured on the Cybersecurity Podcast from Passcode, commenting on the future of cybersecurity in the new Presidential administration.
March 10, 2017
The District’s email system, it turns out, has a lot more verboten words than that: 42. A test email from The Post with one of the offending terms to a dc.gov email address brought a bounceback notice. … Justin Cappos, an assistant professor of systems and security at New York University [Tandon School of Engineering], said the District’s approach to spam “isn’t surprising.” The only problem: Bounceback messages might help spammers.
Fox 5 Report: WikiLeaks Revelation of CIA Documents and Personal Device Vulnerabilities, Featuring Professor Justin Cappos (at 3.14)
March 9, 2017
Justin Cappos speaks with Ernie Anastos, news anchor for Fox 5 News about CIA documents revealed by WikiLeaks, and vulnerabilities of consumer devices. “It’s concerning to me that there is this big warehouse of information on weaknesses that were not disclosed to the vendors of these products, that is now available to hackers and people anywhere,” said Cappos.
WikiLeaks to Help Shield Tech Firms From CIA’s Hacking Tools, Featuring Professor Justin Cappos (video)
March 9, 2017
This could be the largest breach of U.S. intelligence in recent history: thousands of documents posted by WikiLeaks that it claims were stolen from the CIA revealing the agency’s playbook for hacking.
March 9, 2017
WikiLeaks will work with technology companies to help defend them against the CIA’s hacking tools, WikiLeaks founder Julian Assange said. … Justin Cappos, a computer security professor in New York University’s Tandon School of Engineering, said any group that had this information first — whether it was WikiLeaks or a government agency — should have worked to disclose it to tech companies before making it public. “Now we’re in a position where a bunch of companies are scrambling to put in fixes because now their users are at risk,” he said.
CCS Announces Call for New Class of NYU Cyber Scholars and The Inaugural Latham & Watkins Award in Technology and Law
March 8, 2017
The NYU Center for Cybersecurity, a collaboration among NYU School of Law, the NYU Tandon School of Engineering, and other NYU schools, is soliciting applications for two interdisciplinary scholarship programs for students passionate about cybersecurity.
Students will aparticipate in weekly cohort meetings with students focusing on cybersecurity from other NYU schools and engage in a substantial research project or construction of a technical tool. The programs are designed so that lawyers may better understand the technological aspects of information security, and the privacy and civil liberties concerns that surround the field. Law students selected for the programs will be obligated to enroll in technical cybersecurity courses at NYU Tandon School of Engineering that are consistent with their academic program. The programs are designed so that lawyers, social scientists, engineers, and business executives may better understand the technological aspects of information security, and the privacy and civil liberties concerns that surround the field.
Students will enter the programs in Fall 2017 and will earn a partial scholarship for each year that they are a part of the program (students will be admitted for one year, potentially renewable for one additional year).
The NYU Cyber Scholarship had its inaugural cohort last year. Students who are selected for this prestigious scholarship program will join a cohort of peers from across the University, including the Tandon School of Engineering, the Steinhardt School of Culture, Education, and Human Development, the Courant Institute of Mathematical Sciences, and other schools as they develop an interdisciplinary understanding of cybersecurity issues that integrates technical and non-technical disciplines. The Cyber Scholars program is designed to train a new generation of cybersecurity professionals who will enter either the public or private sectors.
The Latham & Watkins Award in Technology and Law is a new program that will welcome its inaugural student scholar this year. This scholarship seeks to train a new generation of technology lawyers who are not only equipped to analyze the most complex technology law and policy issues, but also students who have mastered the technical understandings of the discipline. The student selected for this award must demonstrate a passion for technology and cybersecurity law and an interest in the interdisciplinary aspects of the subject.
Application Requirements: Applicants must submit a resume, transcript, and cover letter to CCS@nyu.edu by 5:30 p.m. on Monday, March 27, 2017 with “Cybersecurity Scholarship Application” in the subject line. Eligible students must be in their first or second year of law school or in their first year of a masters or PhD program that is a minimum of two years in duration. Law students who apply will be automatically considered for both scholarships.
If you have questions, please contact CCS@nyu.edu.
Fox 5 Report: WikiLeaks Publishes 1000s of CIA Cyber-Espionage Documents, Featuring Professor Justin Cappos (video)
March 7, 2017
WikiLeaks has published thousands of documents that it says come from the CIA’s Center for Cyber Intelligence, a dramatic release that appears to give an eye-opening look at the intimate details of the agency’s cyberespionage effort.
March 6, 2017
In Gizmodo, Zachary K. Goldman comments on the latest developments in United States v. Jay Michaud. “This doesn’t mean that the FBI’s investigation was unjust or unjustified…It’s the exact opposite. The FBI is placing paramount importance on preserving the ability to use this technique in the future.”
March 6, 2017
NYU Center for Cybersecurity Distinguished Fellow Raj De comments on the process behind a FISA warrant, which has been drawn into the spotlight after Donald Trump’s charge that his presidential campaign was illegally wiretapped.
March 3, 2017
If you are trying to sell your home, don’t be surprised if someone comes knocking at your door and asks if it’s for rent… That’s because scammers are stealing house for sale listings and putting them up on Craigslist as rentals. (Article based on research by Professor Damon McCoy)
March 3, 2017
Vice President Mike Pence used a private email account that was later compromised while serving as governor of Indiana, his office confirmed on Thursday…”The fact that these emails are stored in a private AOL account is crazy to me,” Justin Cappos, a computer security professor at New York University’s Tandon School of Engineering, told Indy Star. “This account was used to handle these messages that are so sensitive they can’t be turned over in a records request.”
March 2, 2017
The Center for Cybersecurity was pleased to host Ben Buchanan, the author of “The Cybersecurity Dilemma: Hacking, Trust, and Fear Between Nations” on March 2 for an in-depth discussion of his new book. “The Cybersecurity Dilemma” illuminates some of the strategic dynamics shaping the international relations of cybersecurity. He focuses on how cyber capabilities among Russia, China, the United States, and others can stabilize or destabilize a precarious global order.We thank Ben for coming and previewing his book’s compelling argument.
March 2, 2017
Vice President Mike Pence routinely used a private email address to conduct political affairs as governor of Indiana, according to the Indianapolis Star….“It’s one thing to have an AOL account and use it to send birthday cards to grandkids,’ said Justin Cappos, a computer security professor at New York University’s Tandon School of Engineering. ‘But it’s another thing to use it to send and receive messages that are sensitive and could negatively impact people if that information is public.”
March 1, 2017
The world’s largest student-run set of cyber security games, founded 14 years ago by the New York University Tandon School of Engineering, will expand this year to Europe, where it will be hosted by Grenoble INP – Esisar. Based in Valence, France, Esisar is one of six engineering schools of the Grenoble Institute of Technology (Grenoble INP, located in Grenoble).
February 28, 2017
Senior Fellow Judi Germano discusses one of the most active and successful markets for cybersecurity startups: Israel.
February 24, 2017
When Nasir Memon, a computer science and engineering professor at New York University, was first starting his cybersecurity program, he wanted to offer more hands-on experiences for his students. “I always thought cybersecurity was not a topic you talk about, but where you learn by doing things,” says Memon. So he organized a cybersecurity awareness event that involved a team competition — with the goal of solving security problems.