ISI In The News
By: Laurie Segall, CNNMoney
By: Andy Greenberg, Forbes
"A lot of people have tried to make systems of anonymous digital cash over the years, and they've failed. Bitcoin has almost made it, but it's come just a little short," says Matthew Green, the computer science professor who designed Zerocoin along with graduate students Ian Miers and Christina Garman. "How do we get it that last ten percent of the way? It's taken us nearly two years to come up with the answer, and this is what we've got."
By: Daniela Hernandez, Wired
"Most people see a service, and they just assume it's safe and secure and they use it," said Avi Rubin, the director of the Health and Medical Security Lab at Johns Hopkins University. "There seems to be, I believe, a bias when people get hold of a product to trust it and to think that it's okay until proven otherwise instead of the other way around."
But as the recent chain of hack attacks at companies like Apple, Twitter, Facebook, Dropbox and most recently Evernote suggest, that may be the wrong assumption to make. "Any system that consists in large part of software is hackable," Rubin warns. At some point, someone will hack a major repository of healthcare data. And it won't be pretty.
By: Jon Matonis, American Banker
Having received a preliminary copy of the academic paper, I interviewed Hopkins research professor Matthew Green about some of the details of Zerocoin.
Operating as a decentralized layer of anonymous cash on top of the existing Bitcoin network, "Zerocoin creates an 'escrow pool' of bitcoins, which users can contribute to and then later redeem from," Green explained. Users receive different coins than they put in (though the same amount) and there is no entity that can trace your transactions or steal your money. "Unlike previous e-cash schemes, this whole process requires no trusted party. As long as all the nodes in the network support the Zerocoin protocol, the system works in a fully distributed fashion," added Green.
By: Michael Mimoso, Threat Post
For now, the Lucky Thirteen attacks described in a paper last week by researchers at Royal Holloway, University of London, are largely theoretical. But the potential exists to adapt techniques used in the BEAST attacks against TLS/SSL to improve the feasibility of Lucky Thirteen, a researcher said.
By: Catie Paul, JHU
"I believe that cyberwarfare has already begun and that governments and corporations are feeling the brunt of the attacks. Unfortunately, there is no one size fits all security solution. The best that organizations can do is to practice defense in depth with multiple layers of protection," Avi Rubin, a professor of computer science at Hopkins and technical director of the Information Security Institute, wrote in an email to The News-Letter.
By: Lucian Constantin (IDG News Service), Computer World
"The new AlFardan and Paterson result shows that it is indeed possible to distinguish the tiny timing differential caused by invalid padding, at least from a relatively close distance -- e.g., over a LAN," Matthew Green, a cryptographer and research professor at Johns Hopkins University in Baltimore, Maryland, said Monday in a blog post. "This is partly due to advances in computing hardware: most new computers now ship with an easily accessible CPU cycle counter. But it's also thanks to some clever statistical techniques that use many samples to smooth out and overcome the jitter and noise of a network connection."
By: Robert O'Harrow Jr., The Washington Post
A year-long examination of cybersecurity by The Washington Post has found that health care is among the most vulnerable industries in the country, in part because it lags behind in addressing known problems.
"I have never seen an industry with more gaping security holes," said Avi Rubin, a computer scientist and technical director of the Information Security Institute at Johns Hopkins University. "If our financial industry regarded security the way the health-care sector does, I would stuff my cash in a mattress under my bed."
"You can't hook someone up to a lie detector test when they are writing a review," said Avi Rubin, the technical director of the Johns Hopkins University Information Security Institute. He said it's hard to tell what's real or not and that some sites do a better job than others at making it harder for people to post fake reviews.
By: James Ball, The Washington Post
Even if digital signatures were mandatory, other security gaps remain, experts warn. Airlines cross-check passenger names against federal databases for names of passengers on the no-fly list or subject to additional screening. But the names are not cross-checked by TSA once passengers reach airport checkpoints with boarding passes in hand.
To do so, the TSA would need to have electronic scanners with networking capabilities to communicate with the federal databases. Technical documents issued by the agency confirm its system does not have such capabilities and does not routinely check boarding passes against federal databases.
"The TSA has a real problem here," said Matthew Green, assistant research professor at the Johns Hopkins Information Security Institute.
By: Salvador Rizzo/Statehouse Bureau, NJ.com
"E-mail accounts get hacked all the time," said Avi Rubin, a Johns Hopkins University professor and technical director of its Information Security Institute.
Rubin said there is no guarantee of the source of ballots e-mailed or faxed. "E-mail is trivial to forge, and faxes can be spoofed as well," he said.
By: Doug Gross, CNN
"If the election is predicted to be a landslide, and then it is, really the problems we're concerned about aren't that big a deal, because everyone knows the election went the way it was supposed to," said Avi Rubin, a professor of computer science at Johns Hopkins University who specializes in computer security.