My Writing
- Authentication What to Do About Password-Sharing? Password sharing is a reality driven by convenience and social norms—Netflix even encourages it with multiple profiles per account. Rather than pretending credential sharing doesn't exist, products...
- Authentication Potential Security Applications of the iPhone 5S M7 Motion Coprocessor The iPhone 5S M7 motion coprocessor could enable continuous authentication by identifying users through their unique walking patterns. This approach would be more seamless than traditional PIN entry...
- Malware Analysis Teaching Malware Analysis and the Expanding Corpus of Knowledge Malware analysis skills have expanded in complexity as software—benign and malicious—has grown more sophisticated. From a 2.5-hour session in 2001 to a full six-day course with capture-the-flag...
- Malware Researching Scams Helps Understand Human Vulnerabilities Online scammers exploit predictable human vulnerabilities: starting scams in the physical world, customizing messages with victims' locations, appealing to vanity and self-interest, posing as...
- Social Engineering Looking for Anomalies in Check Overpayment Scam Correspondence Check overpayment scams convince victims to deposit fraudulent cashier's checks and forward the "extra" funds before the forgery is discovered. Warning signs include strange punctuation, extraneous...
- Encryption How the Digital Certificates Ecosystem is Being Strengthened Several initiatives are strengthening the digital certificate ecosystem: improved certificate revocation checking, EFF's SSL Observatory for cataloging certificates, Google's Certificate Transparency...