Wes HardakerHaving returned from photographing a large conference in the last week (NDSS), I'm now processing 1000-ish images. And I have a request. It's a simple request. Can we please switch to printing all conference badges on 50% gray cards? Mmmmmk? Thank you.
Florian A.Wow ... #NDSS will be in Europe next year. Great to hear that the scientific security community takes actions.
Rob RicciMy student Ghazal gave a talk at the PRISM workshop (attached to #NDSS) yesterday! She has done some really nice work on classifying #ssh brute-force attackers using clustering techniques. The full paper and slides are up at: https://www.flux.utah.edu/paper/abdollahi-prism26
Oh, I'm on my way to #NDSS! Really looking forward to an awesome conference. See you in San Diego. 🛫
SECUSO ResearchThe #paper "From Matrix to Metrics: Introducing and Applying a Configuration Matrix to Evaluate DMARC Policies" by Tobias Länge, Fabian Ballreich, Anne Hennig, Peter Mayer, and Melanie Volkamer was accepted for presentation at the #Workshop Measurements, Attacks, and Defenses for the Web (MADWeb) 2026. In the paper, an utility-oriented #configuration matrix was developed that focuses on the anti-#spoofing effectiveness of different #DMARC configurations and provides clear recommendations for selecting the appropriate configuration. An analysis of the data from the Tranco Top-100k domains reveals over a period of eight month showed that domains move towards configurations that are more effective against email spoofing, however, still exhibiting a lack of knowledge with respect to different policy settings.
#MadWeb 2026 will take place as co-located event with #NDSS on February 27, 2026 in San Diego, USA: https://madweb.work/@Aryderwood@chaos.social @madwebwork
#MadWeb 2026 will take place as co-located event with #NDSS on February 27, 2026 in San Diego, USA: https://madweb.work/@Aryderwood@chaos.social @madwebwork
Arie van Deursen 🇪🇺🇳🇱Extracting 100 million (!) phone numbers per hour (!) from Whatsapp ...
Impressive #NDSS 2026 paper showing the danger of inadequate rate limiting.
Mathias PayerWhat a great time at the #NDSS Symposium in beautiful San Diego. While it is always about meeting friends, catching up on projects, discussing new and exciting research and looking for potential collaborations, the #HexHive lab also had the pleasure to present a total of four research papers at this conference --- and we received two distinguished paper awards!
Check out the blog post with a discussion of the papers and some key takeaways at: https://nebelwelt.net/blog/2025/0227-ndss.html
ATHENE CenterATHENE-Wissenschaftler der TU Darmstadt haben gemeinsam mit Jiska Classen vom Hasso-Plattner-Institut eine erste umfassende Sicherheitsanalyse des von Apple verwendeten Satellitenkommunikationsprotokolls durchgeführt. Ihre Erkenntnis: Trotz starker Sicherheitsmaßnahmen gibt es bedenkliche Schwachstellen, die sich für unerlaubte Kommunikation ausnutzen lassen. Alexander Heinrich präsentierte auf der #NDSS das Paper, das die Forschungsarbeit zusammenfasst.
Mehr Infos: https://www.athene-center.de/aktuelles/news/athene-paper-auf-ndss-symposium-akzeptiert-1694
Mehr Infos: https://www.athene-center.de/aktuelles/news/athene-paper-auf-ndss-symposium-akzeptiert-1694
Neu bei ATHENE: Dr. Alina Stöver
06.03.2025 Mit dem von ihr koordinierten Projekt "AddressIng Detective Designs with a tech-assisted citizen science Approach (AIDA)" forscht Dr. Alina Stöver seit Anfang des Jahres auch in ATHENE. Schwerpunkt ihrer Forschung ist der Faktor Mensch im Kontext von Privatsphäre und Sicherheit. Hierzu forscht sie in der Forschungsgruppe Arbeits- und Ingenieurspsychologie am Institut für Psychologie an der TU Darmstadt. Zudem ist sie Co-Leitung des PIPS - Psychological Insights into Privacy and Security Labs. Gemeinsam mit ihren Kolleg*innen Dr. Nina Gerber und Dr. Ephraim Zimmer - ebenfalls TU Darmstadt - beschäftigt sie sich im ATHENE-Projekt mit Detective Designs, also manipulativen Designmustern, die uns User zu oft ungewollten Handlungen verführen. Wir haben mit ihr über ihre Forschung allgemein und in ATHENE im Besonderen gesprochen.
MADWeb Workshop🚨 Deadline Extended 🚨
By popular demand, the #MADWeb submission deadline is now January 14, 2025 (AoE)! 🗓️
You still have 1 week to send your papers and join us in San Diego!
📜 Submit here: https://madweb25.hotcrp.com
🔗 Details: https://madweb.work
Spread the word!
I'm happy to be able to announce that my student Sirus Shahini's paper "CHAOS: Exploiting Station Time Synchronization in 802.11 Networks" will appear at #NDSS '25! We're still working on the final copy, so no link yet, but the basic idea is this:
802.11 (#WiFi) beacon frames have a timestamp field that is at microsecond granularity; this is used for synchronizing various timing aspects of 802.11. Real access points are supposed to send beacon frames about every 100ms* but there's a fair amount of variation in how close they are to hitting this target each time, for a variety of reasons. As a result, there's a lot of noise in the observed values of the timestamps.
This means that in any area with WiFi, there are probably hundreds of beacon frames per second flying around, and they have very precise timestamps in them that are subject to a lot of noise. Sirus used this to build a covert channel that uses noise that *looks* like standard access point clock jitter, but can be used to broadcast data in public, secretly. Additionally taking advantage of the fact that this jitter causes beacon frames to be received in different orders, he uses ordering to boost the throughput of this secret channel to hundreds of bits per second.
One of the neat things about this is that while it is a type of a timing channel, the timing values are written directly into the beacon frames. So unlike most timing channels, you don't have to have a high degree of precision in your transmission or reception, and measurement error is not really a problem. Both the transmitter and receiver can just use any off the shelf WiFi card that provides raw access to beacon frames (which is many of them), and Srius did a lot of the work on #raspberrypi s.
It's very cool work, and I look forward to being able to post the full paper and his talk!
* Technically, 102,400us