Understanding the online safety and privacy challenges faced by South Asian women

June 7, 2019

For South Asian women, a major hurdle to their meaningful participation online is their ability to ensure their safety. This post illustrates this challenge by recounting the safety and privacy challenges faced by women across India, Pakistan, and Bangladesh, who talked to us about their online experiences. Overall, we find that women in the region face unique risks due to the influence of patriarchal norms and because fewer women are…


Cutting Edge TensorFlow – Keras Tuner: hypertuning for humans

May 9, 2019

Keras Tuner is a hypertuning framework made for humans. It aims at making the life of AI practitioners, hypertuner algorithm creators and model designers as simple as possible by providing them with a clean and easy to use API for hypertuning. Keras Tuner makes moving from a base model to a hypertuned one quick and easy by only requiring you to change a few lines of code. Source: http://feeds.feedburner.com


Password checkup: from 0 to 650, 000 users in 20 days

March 31, 2019

On February 5th, for Safer Internet Day, our team launched its first public-facing system, called Password Checkup. Password checkup allows users to check, in a privacy-preserving manner, whether their username and password matches one of the more than 4B+ credentials exposed by third-party data breaches of which Google is aware. This launch success vastly exceeded our wildest expectations, with over 650,000 users installing our chrome extension in the first three…


Account security – a divided user perception

February 18, 2019

This post considers the perception clash that exists between what users perceive to be their most valuable accounts (email and social networks) and those they think they should protect the most (online banking). This perception disconnect is potentially harmful, as it may lead users to invest their limited willingness to secure accounts into the wrong type of accounts. Long term, this disconnect may also hinder the progression of standardized two-factor…


Rethinking the detection of child sexual abuse imagery on the internet

January 29, 2019

A critical part of child sexual abuse criminal world is the creation and distribution of child sexual abuse imagery (CSAI) on the Internet. To combat this crime efficiently and illuminate current defense short-coming, it is vital to understand how CSAI content is disseminated on the Internet. Despite the importance of the topic very little work was done on the subject so far. To fill this gap and provide a comprehensive…


Moving to marcoramilli.com

January 12, 2019

After more then 10 years on this amazing platform I decided to move forward to a professional blogging platform. I’ve reached hundred of  thousands of awesome professionals getting thousands of readers per day. I need a more sophisticated platform able to manage contents and graphically flexible enough to allow my new contents on cybersecurity. I’ve set up a simple client meta-redirect-field so that your browser would automatically redirect to my new…


How to data breaches happen

January 7, 2019

Data breaches happen. Today, as never before, data plays a fundamental role in our real life. Everybody is both:  data producer and data consumer. We are data producer by simply moving from one building to another one, having a smartphone in our pocket or surfing the web or just by tapping on smartphone applications. We are data consumer when we buy things on Amazon or when we read information on social…


The bleak picture of two-factor authentication adoption in the wild

December 21, 2018

This post looks at two-factor authentication adoption in the wild, highlights the disparity of support between the various categories of websites, and illuminates how fragmented the two factor ecosystem is in terms of standard adoption. Performing a longitudinal analysis highlights that the adoption rate of 2FA (two-factor authentication) has been mostly stagnant over the last five years, despite the ever increasing number of accounts hijacked due to the reuse of…


Microsoft Powerpoint as Malware Dropper

November 16, 2018

Nowadays Microsoft office documents are often used to propagate Malware acting like dynamic droppers. Microsoft Excel within macros or Microsoft Word with user actions (like links or external OLE objects) are the main player in this “Office Dropping Arena”. When I figured out that a Microsoft Powerpoint was used to drop and to execute a Malicious payload I was amazed, it’s not so common (at least on my personal experiences),…


MartyMcFly Malware: Targeting Naval Industry

October 17, 2018

Today I’d like to share an interesting analysis of a Targeted Attack found and dissected by Yoroi (technical details are available here). The victim was one of the most important leader in the field of  security and defensive military grade Naval ecosystem in Italy. Everything started from a well crafted  email targeting the right office asking for naval engine spare parts prices. The mail was quite clear, written in a…