Large-scale analysis of style injection by relative path overwrite Arshad et al., WWW'18 (If you don’t have ACM Digital Library access, the paper can be accessed either by following the link above directly from The Morning Paper blog site, or from the WWW 2018 proceedings page). We’ve all been fairly well trained to have good … Continue reading Large-scale analysis of style injection by relative path overwrite

SafeKeeper: protecting web passwords using trusted execution environments Krawiecka et al., WWW'18 (If you don’t have ACM Digital Library access, the paper can be accessed either by following the link above directly from The Morning Paper blog site, or from the WWW 2018 proceedings page). Today’s paper is all about password management for password protected … Continue reading SafeKeeper: protecting web passwords using trusted execution environments

Inaudible voice commands: the long-range attack and defense Roy et al., NSDI'18 Although you can’t hear them, I’m sure you heard about the inaudible ultrasound attacks on always-on voice-based systems such as Amazon Echo, Google Home, and Siri. This short video shows a ‘DolphinAttack’ in action: To remain inaudible, the attack only works from close … Continue reading Inaudible voice commands: the long-range attack and defense

Securing wireless neurostimulators Marin et al., CODASPY'18 There’s a lot of thought-provoking material in this paper. The subject is the security of a class of Implantable Medical Devices (IMD) called neurostimulators. These are devices implanted under the skin near the clavicle, and connected directly to the patient’s brain through several leads. They can help to … Continue reading Securing wireless neurostimulators

Tracking ransomware end-to-end Huang et al., IEEE Security & Privacy 2018 With thanks to Elie Bursztein for bringing this paper to my attention. You get two for the price of one with today’s paper! Firstly, it’s a fascinating insight into the ransomware business and how it operates, with data gathered over a period of two … Continue reading Tracking ransomware end-to-end

When coding style survives compilation: de-anonymizing programmers from executable binaries Caliskan et al., NDSS’18 As a programmer you have a unique style, and stylometry techniques can be used to fingerprint your style and determine with high probability whether or not a piece of code was written by you. That makes a degree of intuitive sense … Continue reading When coding style survives compilation: de-anonymizing programmers from executable binaries

Game of missuggestions: semantic analysis of search autocomplete manipulations  Wang et al., NDSS’18 Maybe I’ve been pretty naive here, but I really had no idea about the extent of manipulation (blackhat SEO) of autocomplete suggestions for search until I read this paper. But when you think about it, it makes sense that people would be … Continue reading Game of missuggestions: semantic analysis of search autocomplete manipulation

JavaScript Zero: Real JavaScript and zero side-channel attacks Schwarz et al., NDSS’18 We’re moving from the server-side back to the client-side today, with a very topical paper looking at defences against micro-architectural and side-channel attacks in browsers. Since submission of the paper to NDSS’18, this subject grew in prominence of course with the announcement of … Continue reading JavaScript Zero: real JavaScript, and zero side-channel attacks