After a three-year hiatus due to the pandemic, the Chaos Communication Congress is finally back at an onsite venue. For those that don't know, the congress is the biggest hacker Conference in Europe. It is known not just for deep technical talks and amazing hacks but also for political talks …
read moreOther articles
Writing (successful) ERC grants in Europe
In 2018, when I moved from Purdue University in the US to EPFL in Switzerland, I had the opportunity to apply for an ERC H2020 starting grant in computer science. ERC starting grants are similar to the NSF Career award and can be submitted up to 7 years after completing …
read moreSecond factor on VPNs considered harmful
Due to the risk of "cyber threats", many universities are switching to second factor authentication to log into their VPNs. Many companies moved to second factor for VPN authentication quite some time ago to protect their perimeter from external access. The idea is that users have to provide two factors …
read morePhD at EPFL, in Europe
Every December a lot of prospective students reach out to faculty regarding PhD programs. This is the time where we review the students and assess their skills and potential along many dimensions such as past research, research ideas, engineering capabilities, and systems experience. These discussions along with the submission of …
read morePositive reviewing in software security
Yesterday we concluded the NDSS20 PC meeting. In total, 12% of papers were accepted, 6% now have a short fuse major revision opportunity, in line with other top tier conferences. The PC chairs handled the meeting well, striving for positivity and feedback for the authors. Overall, this was a great …
read moreExpedia: from software bug to customer service nightmare, a modern Odyssey
While traveling through Europe, I logged into my Expedia.com account and something odd happened: instead of being logged in, the Expedia system decided to redirect me to Expedia.ch and created a new account. Oddly, it copied all my credit card details, account information, frequent traveller details, and individual …
read moreHow to install a Canon MF633Cdw on a modern Debian
Installing printers can be a pain. Installing printers on Linux results in an even bigger pain. Installing printers with wrong and crappy drivers and no open-source alternative is an endless amount of pain.
Kudos to Canon for hitting the trifecta.
So I've set out to get the drivers for my …
read moreThe Fuzzing Hype-Train: How Random Testing Triggers Thousands of Crashes
Software contains bugs and some bugs are exploitable. Mitigations protect our systems in the presence of these vulnerabilities, often stopping the program when detecting a security violation. The alternative is to discover bugs during development and fixing them in the code. Despite massive efforts, finding and reproducing bugs is incredibly …
read moreSMoTherSpectre: transient execution attacks through port contention
Side channel attacks such as Spectre or Meltdown allow data leakage from an unwilling process. Until now, transient execution side channel attacks primarily leveraged cache-based side channels to leak information. The very purpose of a cache, that of providing faster access to a subset of data, enables information leakage. While …
read more
Page 1 / 8 »