Protecting accounts from credential stuffing with password breach alerting

August 18, 2019

Protecting accounts from credential stuffing attacks remains burdensome due to an asymmetry of knowledge: attackers have wide-scale access to billions of stolen usernames and passwords, while users and identity providers remain in the dark as to which accounts require remediation. In this paper, we propose a privacy-preserving protocol whereby a client can query a centralized breach repository to determine whether a specific username and password combination is publicly exposed, but…


A Hacker Guide To Deep Learning Based Side Channel Attacks

August 9, 2019

This talk provides a step-by-step introduction on how to use deep learning to perform AES side-channel attacks. After providing a brief overview of what side channels and deep-learning are, we walk you through how to use Tensorflow to build an end-to-end attack that will recover TinyAES keys from SMT32F415 chips using deep learning. Along the way we will discuss what work and what doesn’t based on our experience attacking many…


Deconstructing the Phishing Campaigns that Target Gmail Users

August 7, 2019

With over 1.4 billion active users and million of companies entrusting it to handle their email, Gmail has a unique vantage point on how phishing groups operate. In this talk we look into Gmail telemetry to illuminate the differences between phishing groups in terms of tactics and targets. Then, leveraging insights from the cognitive and neuro-science fields on user’s susceptibility and decision-making, we discuss why different types of users fall…


Understanding the online safety and privacy challenges faced by South Asian women

June 7, 2019

For South Asian women, a major hurdle to their meaningful participation online is their ability to ensure their safety. This post illustrates this challenge by recounting the safety and privacy challenges faced by women across India, Pakistan, and Bangladesh, who talked to us about their online experiences. Overall, we find that women in the region face unique risks due to the influence of patriarchal norms and because fewer women are…


Cutting Edge TensorFlow – Keras Tuner: hypertuning for humans

May 9, 2019

Keras Tuner is a hypertuning framework made for humans. It aims at making the life of AI practitioners, hypertuner algorithm creators and model designers as simple as possible by providing them with a clean and easy to use API for hypertuning. Keras Tuner makes moving from a base model to a hypertuned one quick and easy by only requiring you to change a few lines of code. Source:


Password checkup: from 0 to 650, 000 users in 20 days

March 31, 2019

On February 5th, for Safer Internet Day, our team launched its first public-facing system, called Password Checkup. Password checkup allows users to check, in a privacy-preserving manner, whether their username and password matches one of the more than 4B+ credentials exposed by third-party data breaches of which Google is aware. This launch success vastly exceeded our wildest expectations, with over 650,000 users installing our chrome extension in the first three…


Account security – a divided user perception

February 18, 2019

This post considers the perception clash that exists between what users perceive to be their most valuable accounts (email and social networks) and those they think they should protect the most (online banking). This perception disconnect is potentially harmful, as it may lead users to invest their limited willingness to secure accounts into the wrong type of accounts. Long term, this disconnect may also hinder the progression of standardized two-factor…


Rethinking the detection of child sexual abuse imagery on the internet

January 29, 2019

A critical part of child sexual abuse criminal world is the creation and distribution of child sexual abuse imagery (CSAI) on the Internet. To combat this crime efficiently and illuminate current defense short-coming, it is vital to understand how CSAI content is disseminated on the Internet. Despite the importance of the topic very little work was done on the subject so far. To fill this gap and provide a comprehensive…


Moving to

January 12, 2019

After more then 10 years on this amazing platform I decided to move forward to a professional blogging platform. I’ve reached hundred of  thousands of awesome professionals getting thousands of readers per day. I need a more sophisticated platform able to manage contents and graphically flexible enough to allow my new contents on cybersecurity. I’ve set up a simple client meta-redirect-field so that your browser would automatically redirect to my new…


How to data breaches happen

January 7, 2019

Data breaches happen. Today, as never before, data plays a fundamental role in our real life. Everybody is both:  data producer and data consumer. We are data producer by simply moving from one building to another one, having a smartphone in our pocket or surfing the web or just by tapping on smartphone applications. We are data consumer when we buy things on Amazon or when we read information on social…