A consortium of researchers announced the development of a universal, free, and open source framework to protect wireless software updates in vehicles. The team issued a challenge to security experts everywhere to try to find vulnerabilities before it is adopted by the automotive industry.
Author: Emerald Knox (Emerald Knox)
Post
Scan Design: Basics, Advancements, and Vulnerabilities
Samah Mohamed Saeed, Sk Subidh Ali, and Ozgur Sinanoglu The increasing design complexity of modern Integrated Chips (IC) has reflected into exacerbated challenges in manufacturing testing. In this respect, scan is the most widely used design for testability (DfT) technique that overcomes the manufacturing test challenges by enhancing the access and thus, testability. However, scan can also open a back door to an...
Post
WhatsApp’s privacy woes show how messaging app tries to balance security and ease of use
WhatsApp has become popular worldwide thanks to its powerful encryption technology. But making this type of secure messaging approachable and user-friendly can pose some [privacy] problems.… Justin Cappos, a professor in New York University’s [NYU Tandon School of Engineering] computer science and engineering department, said the issue boils down to a user interface problem…
Post
How Did the Russian Hacks Happen? (audio)
Bob Mitchell from WWL AM 870/FM 105.3 talks to Justin Cappos, Assistant Professor in the Computer Science and Engineering Department at NYU, about the Russian hacks (Interview at 1:40).
Post
Repeatable Reverse Engineering with the Platform for Architecture-Neutral Dynamic Analysis
Ryan J. Whelan, Timothy R. Leek, Joshua E. Hodosh, Patrick A. Hulin, and Brendan Dolan-Gavitt Many problems brought on by faulty or malicious software code can be diagnosed through a reverse engineering technique known as dynamic analysis, in which analysts study software as it executes. Researchers at Lincoln Laboratory developed the Platform for Architecture-Neutral Dynamic...
Post
Business Briefs: SAP India Embraces ‘1BLives’ Initiative
Following a successful international cooperation that attracted more than 15,000 students, faculty, professionals and supporters to the world’s largest student-run cybersecurity games, the New York University Tandon School of Engineering and IIT Kanpur have signed a seven-year agreement to deepen their exchange in information security research and academic…
Post
Inside Cyber Security Awareness Week
Shortly after Election Day, before the interference of Russian hackers became front-page news, a group of thirty-one high-school students gathered at N.Y.U.’s Tandon School of Engineering, in Brooklyn, for Cyber Security Awareness Week. Their mission: to solve a murder mystery involving a fictional Presidential race by analyzing digital “evidence” of security breaches.
Post
How Scared Should I Be of the Internet of Things?
…The proliferation of smart appliances may have drawbacks…According to Justin Cappos, computer scientist at New York University’s Tandon School of Engineering, potentially hackable IOT devices are an untamed frontier.
Post
The World’s Best Security Engineers are Working on Flappy Bird
… At a hacking competition at New York University [Tandon School of Engineering] this year, one could find a lot of students who would agree with that sentiment. One of the annual competitive formats during NYU’s Cyber Security Awareness Week is known as “Capture the Flag,” or CTF, and it attracts the kinds of students...
Post
Diplomat: Using delegations to protect community repositories
Trishank Karthik Kuppusamy, Santiago Torres-Arias, Vladimir Diaz, and Justin Cappos Community repositories, such as Docker Hub, PyPI, and RubyGems, are bustling marketplaces that distribute software. Even though these repositories use common software signing techniques (e.g., GPG and TLS), attackers can still publish malicious packages after a server compromise.