Share on Facebook Tweet on Twitter Share on LinkedIn Share by email
Our research in the press

About our CCS'13 paper
iOS and Android weaknesses allow stealthy pilfering of website credentials, Ars Technica, August 27, 2013

About our finding of an OpenID authentication bug
OpenID Warns Of Serious Bug, InformationWeek, May 9, 2011
OpenID warns of 'psychic paper' authentication attack, Register, May 9, 2011
OpenID Foundation warns of identity transmission bug, ZDNet UK, May 9, 2011
OpenID Foundation Warns Websites of Authentication Flaw, eWeek, May 9, 2011

About our Oakland'11 paper
How to Shop for Free Online (video interview), Channel 9, May 17, 2011
Vulnerabilities in Online Payment Systems, Schneier on Security, May 9, 2011

(Shaz Qadeer and I didn't directly participate in the following interviews because of a non-academic reason.)
Researchers find major flaws in online payment systems. CNN, April 13, 2011.
Exploit-wielding boffins go on free online shopping binge -- World's biggest e-commerce sites wide open, Register, April 12, 2011
Could criminals shop for free online? CNET, April 11, 2011
Security Researchers Exploit Logic Flaws to Shop for Free Online, Network World, April 11, 2011 

About our finding of a Facebook authentication bug

Informatics students discover, alert Facebook to threat allowing access to private data, PhysOrg, ‎Feb 3, 2011
New Facebook vulnerability patched, ComputerWorld, Feb 2, 2011
Facebook Fixes Security Vulnerability, eWeek, Feb 2, 2011
Facebook plugs gnarly authentication flaw, Register, ‎Feb 2, 2011‎
Facebook flaw allowed websites to steal users' personal data without consent, Graham Cluley's blog, ‎Feb 2, 2011‎

About our Oakland'10 paper
Side Channel Attacks in SSL,, June 21st, 2010
SaaS Apps May Leak Data Even When Encrypted, Study Says, Dark Reading, March 26th, 2010
Side-Channel Attacks on Encrypted Web Traffic, Schneier on Security, March 26th, 2010
Researchers sound alarm on Web app "side channel" data leaks, Network World, March 25th, 2010
Your health, tax, and search data siphoned: Software-as-a-service springs SSL leak, The Register, March 23rd, 2010.
Side-Channel Leaks in Web Applications, Freedom To Tinker, March 23rd, 2010

About our Oakland'09 paper
Browser flaws expose users to man-in-the-middle attacks, ZDNet, August 7th, 2009
Mozilla patches 11 Firefox bugs, six critical. Plugs SSL hole reported by Microsoft researchers, Computer World, June 12, 2009
Breaking Web Browsers' Trust, Technology Review, May 21st, 2009