• Study Finds Major Weaknesses in Single Sign-on Systems, Network World, March 27, 2012
• Flawed sign-in services from Google and Facebook imperil user account, Ars Technica, March 25, 2012
• Trial finds EIGHT WAYS to defeat Google, PayPal and other SSOs, The Register, March 20, 2012
• Researchers discover flaws in SSO that leave websites vulnerable, Infosecurity, March 20
• Web Services Single Sign-On Contain Big Flaws, Dark Reading, March 19, 2012
• Researchers discover “worrisome” authentication flaws in many online services, ZDNet, March 16, 2012
About our finding of an OpenID authentication bug
• OpenID Warns Of Serious Bug, InformationWeek, May 9, 2011
• OpenID warns of 'psychic paper' authentication attack, Register, May 9, 2011
• OpenID Foundation warns of identity transmission bug, ZDNet UK, May 9, 2011
• OpenID Foundation Warns Websites of Authentication Flaw, eWeek, May 9, 2011
About our Oakland'11 paper
• How to Shop for Free Online (video interview), Channel 9, May 17, 2011
• Vulnerabilities in Online Payment Systems, Schneier on Security, May 9, 2011
(Shaz Qadeer and I didn't directly participate in the following interviews because of a non-academic reason.)
• Researchers find major flaws in online payment systems. CNN, April 13, 2011.
• Exploit-wielding boffins go on free online shopping binge -- World's biggest e-commerce sites wide open, Register, April 12, 2011
• Could criminals shop for free online? CNET, April 11, 2011
• Security Researchers Exploit Logic Flaws to Shop for Free Online, Network World, April 11, 2011
• Informatics students discover, alert Facebook to threat allowing access to private data, PhysOrg, Feb 3, 2011
• New Facebook vulnerability patched, ComputerWorld, Feb 2, 2011
• Facebook Fixes Security Vulnerability, eWeek, Feb 2, 2011
• Facebook plugs gnarly authentication flaw, Register, Feb 2, 2011
• Facebook flaw allowed websites to steal users' personal data without consent, Graham Cluley's blog, Feb 2, 2011
About our Oakland'10 paper
• Side Channel Attacks in SSL, ha.ckers.org, June 21st, 2010
• SaaS Apps May Leak Data Even When Encrypted, Study Says, Dark Reading, March 26th, 2010
• Side-Channel Attacks on Encrypted Web Traffic, Schneier on Security, March 26th, 2010
• Researchers sound alarm on Web app "side channel" data leaks, Network World, March 25th, 2010
• Your health, tax, and search data siphoned: Software-as-a-service springs SSL leak, The Register, March 23rd, 2010.
• Side-Channel Leaks in Web Applications, Freedom To Tinker, March 23rd, 2010
About our Oakland'09 paper
• Browser flaws expose users to man-in-the-middle attacks, ZDNet, August 7th, 2009
• Mozilla patches 11 Firefox bugs, six critical. Plugs SSL hole reported by Microsoft researchers, Computer World, June 12, 2009
• Breaking Web Browsers' Trust, Technology Review, May 21st, 2009
