Cormac Herley

I am a Principal Researcher at Microsoft Research. I am interested in data and signal analysis problems that reduce complexity and remove pain points for users. My main current interests are authentication, safety and data driven security. There are links to some papers and projects below.
Before Microsoft I was at HP Labs for five years. I received my PhD from Columbia University, my MSEE from Georgia Tech and my BE from University College Cork, Ireland.
My email is my firstname at microsoft dot com.
Press Coverage and Other Stuff
- Interview on threatpost
- Underground Economy and IRC channels: DarkReading, ZDnet, Voltage
- Economics of Phishing: slashdot, theRegister, ZDnet
- Password strength: slashdot
- Keylogging advice: Digg coverage, Spanish translation, Washington Post
- The government of Botswana recommends our keylogging evasion technique.
- Large scale password study:Folha, Infoworld
- US Treasury Secretary Paul O’Neill pretty happy with my work on anti-counterfeiting.
- Keylogging and Password Stealing FAQ
Publications:
Economics of Cybercrime:
- C. Herley, "So Long, and No Thanks for the Externalities: the Rational Rejection of Security Advice by Users," NSPW 2009, Oxford
- C. Herley and D. Florencio, "Economics and the Underground Economy," Black Hat 2009
- C. Herley and D. Florencio, “Nobody Sells Gold for the Price of Silver: Dishonesty, Uncertainty and the Underground Economy,” WEIS 2009, London
- C. Herley and D. Florencio, “A Profitless Endeavor: Phishing as a Tragedy of the Commons,” NSPW 2008, Lake Tahoe, CA
Safety and Security:
- C. Herley, P.C. van Oorschot and A.S. Patrick, "Passwords: If We're So Smart Why Are We Still Using Them?" Financial Crypto 2009
- D. Florencio and C. Herley, “One-time Password Access to Any Server Without Changing the Server," ISC 2008, Taipei
- B. Coskun and C. Herley, "Can Something-You-Know be Saved?" ISC 2008, Taipei
- C. Herley and D. Florencio, “Protecting Financial Institutions from Brute-Force Attacks,” SEC 2008, Milan
- D. Florencio, C. Herley and B. Coskun, “Do Strong Web Passwords Accomplish Anything?," Usenix HotSEC '07, Boston.
- D. Florencio and C. Herley, “Evaluating Password Re-Use for Phishing Prevention,” APWG eCrime '07 Pittsburgh.
- D. Florencio and C. Herley, “A Large Scale Study of Web Password Habits,” WWW 2007, Banff.
- D. Florencio and C. Herley,“KLASSP: Entering Passwords on a Spyware Infected Machine Using a Shared-Secret Proxy,” Proc. ACSAC 2006.
- D. Florencio and C. Herley, “Password Rescue: A New Approach to Phishing Prevention,” Usenix HotSEC ’06, Vancouver.
- C. Herley and D. Florencio, “How to Login from an Internet Cafe Without Worrying about Keyloggers,” Symp. On Usable Privacy and Security ‘06 [poster]
- D. Florencio and C. Herley,“Analysis and Improvement of Anti-Phishing Schemes,” Proc SEC 2006.
- D. Florencio and C. Herley,“Stopping a Phishing Attack, Even when the Victims Ignore Warnings,” MSR-TR-2005-142.
P2P and Networking:
- A. Bharambe, C. Herley and V. Padmanabhan,“Analyzing and Improving a BitTorrent Network's Performance Mechanisms,” Proc. InfoComm 2006. [Download the simulator]
- A. Bharambe, C. Herley and V. Padmanabhan, “Some Observations on BitTorrent,” Proc. ACM SigMetrics 2005 [poster].
Multimedia:
- C. Herley, “ARGOS: Automatically extracting Repeating Objects from multimedia Streams”, IEEE Trans, Multimedia, Feb. 2006.
- R. Ragno, C. J. C. Burges and C. Herley, “Inferring Similarity Between Music Objects with Application to Playlist Generation,” Proc. ACM Workshop Multimedia Information Retrieval, 2005.
- C. Herley, “Accurate Repeat Finding and Object Skipping Using Fingerprints,” Proc. ACM Multimedia 2005
- C. Herley,”Why Watermarking is Nonsense”, Signal Processing Magazine, Sept. 2002.
Image Processing:
- C. Herley, “Occlusion Removal with Minimum Number of Images,” Proc ICIP 2005.
- C. Herley, “Efficient Inscribing of Noisy Rectangular Objects in Scanned Images,” Proc. ICIP 2004.
- C. Herley, P. Vora and S. Yang, “Detection and Deterrence of Counterfeiting of Valuable Documents,” Proc. ICIP 2004.
- C. Herley, “Extracting Repeats from Media Streams”, ICASSP 2004, Montreal.
- C. Herley, “Recursive Method to Detect and Segment Multiple Rectangular Objects in Scanned Images”, MSR TR.
- C. Herley, “Recursive Method to Extract Rectangular Objects from Scans”, Proc ICIP 2003
- C. Herley, “Document Capture Using a Digital Camera”, Proc. Int Conf. Image Proc., Thessaloniki, Greece, Oct 2001.
- C. Herley, “Protecting Images Online: a Security Mechanism that does not involve Watermarking,” Proc. Int. Conf. Image Proc., Vancouver, BC, Sept. 2000



