Last week my student Ally Nisenoff published "Exploiting the Shared Storage API" at @acm_ccs: www.andrew.cmu.edu/user/nicolas...
3 days later, Google announced they're abandoning Shared Storage:
privacysandbox.com/news/update-...
(Correlation doesn't imply causation. Interesting, though.)
20.10.2025 19:13 β π 2 π 0 π¬ 0 π 0
Advances in Financial Technologies
We're hosting the 7th intl' conf. on Advances in Financial Technologies (AFT'25) at Carnegie Mellon on Oct. 8-10. Join us to hear about the latest exciting developments in crypto research. Registration closes on Sept 16!
advfintech.org/aft25/attend...
(Program: advfintech.org/aft25/progra...)
11.09.2025 19:34 β π 2 π 1 π¬ 0 π 0
Thatβs a wrap for me at #usesec25
Conferences should really consider reusing the tag holders, the amount of wasted plastic is staggering
15.08.2025 18:34 β π 0 π 0 π¬ 0 π 0
βCanadian pharmacist helps run notorious deepfake porn site.β
The online crime jokes write themselves.
15.08.2025 16:37 β π 1 π 0 π¬ 1 π 0
Ah true but I should try again today then
14.08.2025 19:14 β π 0 π 0 π¬ 0 π 0
Poster for our paper "How Researchers De-Identify Data in Practice"
I'm presenting my USENIX paper "How Researchers De-Identify Data in Practice" at 9am this Thursday. Kudos to my co-authors Paige Pepitone, @adamaviv.bsky.social, and @mmazurek.bsky.social. Come say hiβI am on the academic job market!
Here's the paper: www.usenix.org/conference/u...
#usesec25
13.08.2025 16:40 β π 6 π 2 π¬ 0 π 0
Taro just presented this at #usesec25, and will be manning the poster shortly. If you are around we would love to hear from you.
13.08.2025 20:30 β π 2 π 2 π¬ 0 π 0
Iβm not sure there is a more clichΓ©ed Seattle experience than having a latte at a local coffee shop with some salmon on toast while theyβre blaring Soundgardenβs βOutshined.β
13.08.2025 15:26 β π 3 π 0 π¬ 1 π 0
My student Jenny Tang (coadvised with @lujobauer.bsky.social) is making friends at SOUPS with our paper on looking at 10 years of SOUPS papers and reviewing how solid the stats were. Basically: not great, not great at all. (And that includes my own work.)
Paper: www.andrew.cmu.edu/user/nicolas...
12.08.2025 22:18 β π 2 π 1 π¬ 0 π 0
We simulated the lookalike address generation process across various software- and hardware-based implementations. One large attacker group appears to use GPUs for this attack! The paper also discusses some defenses. (6/7)
21.07.2025 17:10 β π 0 π 0 π¬ 1 π 0
We discovered a few large attack entities using clustering techniques. Larger groups are vastly profitable and win against smaller attack groups. We uncovered some attack strategies, such as populations they target, success conditions, and cross-chain attacks. (5/7)
21.07.2025 17:10 β π 0 π 0 π¬ 1 π 0
We developed a detection system and performed measurements on two years of ETH and BSC. We identified 13x the number of attack attempts reported previouslyβin all, 270M on-chain attacks targeting 17M victims. 6,633 incidents have caused at least 83.8M USD in losses. (4/7)
21.07.2025 17:10 β π 1 π 0 π¬ 1 π 0
The attacker generates βlookalikeβ addresses that resemble the victimβs recipientβs address, engages with the victim to βpoisonβ the transaction history, and fools the victim into sending their assets to the attacker by mistake. (3/7)
21.07.2025 17:10 β π 0 π 0 π¬ 1 π 0
Background: Crypto wallet addresses are usually impossible to memorize. As a result, users often select addresses from their recent transaction history, which facilitates phishing-like attacks: blockchain address poisoning. (2/7)
21.07.2025 17:10 β π 1 π 0 π¬ 1 π 0
Blockchain Address Poisoning
In many blockchains, e.g., Ethereum, Binance Smart Chain (BSC), the primary representation used for wallet addresses is a hardly memorable 40-digit hexadecimal string. As a result, users often select ...
New research alert π¨ from my group, βBlockchain Address Poisoningβ (Tsuchiya et al.), to appear at USENIX Security 2025 (arxiv.org/abs/2501.16681)! As a follow-up, we also developed a real-time detection system: cryptotrade.cylab.cmu.edu/poisoning/ and x.com/toxin_tagger (1/7)
21.07.2025 17:10 β π 4 π 2 π¬ 1 π 1
Just because your prof didn't file an academic dishonesty report does not mean that they don't know you cheated.
Knowing you did it and proving it to the hearing board are two different thresholds.
17.06.2025 00:46 β π 31 π 5 π¬ 2 π 0
Details: it's likely that there are some symbol mismatches between some homebrew libraries linked against old OpenGL libs and the new OpenGL shipping with Sequoia. This drove me nuts. So I'm posting this here in hopes people don't waste their time. Oh, and don't ask an LLM, they're clueless.
16.06.2025 22:46 β π 0 π 0 π¬ 0 π 0
PSA: If you're using homebrew, and discovered that MAME crashes w/ a Bus Error upon startup after upgrading to Sequoia, 1) update mame.ini so that the line containing gl_lib points to /System/Library/Frameworks/OpenGL.framework/Libraries/libGLVMPlugin.dylib 2) launch w/ DYLD_LIBRARY_PATH="" mame
16.06.2025 22:46 β π 0 π 0 π¬ 1 π 0
𧡠about a new paper by my amazing students and collaborators. To appear this week at SIGMETRICS. π
09.06.2025 22:39 β π 1 π 0 π¬ 0 π 0
CMU Researchers Build Personalized Models To Advance Precision Cancer Care
Researchers from Carnegie Mellon Universityβs School of Computer Science developed a new approach to bridge this gap between available data and actionable insight, creating personalized models to help...
CMU researchers are using personalized models to decode how cancer behaves in individual patients, one of medicine's toughest challenges.
Through individualized data and insights, their work revealed hidden #cancer subtypes that could inform treatment and improve survival predictions.
#Research
06.06.2025 13:32 β π 8 π 4 π¬ 0 π 0
Advances in Financial Technologies
Looking for a home for your great scientific result in fintech that is almost all written up and ready to go? The AFT deadline is in less than 24 hoursβ¦
aftconf.github.io/aft25/index....
28.05.2025 11:57 β π 0 π 0 π¬ 0 π 0
Jokes aside yeah it seems like this could work.
25.05.2025 14:10 β π 0 π 0 π¬ 0 π 0
Do you live in England, by any chance?
25.05.2025 14:10 β π 1 π 0 π¬ 1 π 0
Possible? Yes. Putting the contents of a can of sardines in a yoghurt is also possible, from a physics standpoint.
25.05.2025 13:26 β π 1 π 0 π¬ 1 π 0
Pasta sauce cookie is something you should only attempt after youβve gotten your second Michelin star.
Like, David Chang, Iβd eat his pasta sauce cookie no questions. Doing it myself because the teevee told me to, yeah, no.
25.05.2025 04:24 β π 26 π 7 π¬ 0 π 1
In NYC, a man was tortured for two weeks for Bitcoin. He escaped. Alice Hutchings @message4bob.bsky.social and colleagues tell us it's happening around the world.
Conference paper: "Investigating Wrench Attacks: Physical Attacks: Targeting Cryptocurrency Users"
drops.dagstuhl.de/storage/00li...
24.05.2025 21:00 β π 12 π 5 π¬ 1 π 0
Assistant Professor at UWaterloo; member of the CrySP group. I research Internet censorship and surveillance.
Privacy, law, tech fights, memes. Got locked out of the @ Iwillleavenow account, so recreated.
Tenured Researcher @Inria
USENIX Security Artifact Evaluation Co-Chair 2025 & 2026
Web Security & Privacy: JavaScript (in)security, browser extensions
https://aurore54f.github.io
Founder of #PasswordsCon. Above average interested in passwords & digital authentication. Online since 2400baud. I do security & privacy. Want me to speak at your conference / org? Reach out!
PhD student at UMD researching human-centered security and privacy for professionals. On the job market!
Also climate advocate, swimmer, and musician.
wentaoguo.com
Associate professor (Reader) at Edinburgh, Informatics. Networking, security & systems research. Ex-NetApp. Foodie. Dad. π΄σ §σ ’σ ³σ £σ ΄σ Ώπ¬π§βπ©πͺβπ―π΅
https://micchie.net
Ph.D. Student at Carnegie Mellon. Cylab Studying computer security & online crime.
https://taro-tsuchiya.github.io/
Neovim is a hyperextensible Vim-based text editor
Ways to support the project:
- https://github.com/sponsors/neovim
- https://store.neovim.io
- Have fun using it and spread the word
Two guys with a couple radios. Always listening to Pittsburgh Police/Fire/EMS. https://linktr.ee/pghscanner
CS PhD student at CMU
Retrieval, Webgraphs, Source Credibility, Adversarial Adaptation
Computer security & privacy research, Georgetown University, he/him
Incoming Assistant Professor of HCI at Carnegie Mellon studying the psychology of technology. NSF postdoc at NYU, PhD from Cambridge, BA from Stanford. stevenrathje.com
CyLab is @cmu.edu's Security & Privacy Institute. Our 300+ researchers are passionate about creating a world in which technology can be trusted. Follow our latest research at https://www.cylab.cmu.edu/.
Distinguished Scientist at Google. Computational Imaging, Machine Learning, and Vision. Posts are personal opinions. May change or disappear over time.
http://milanfar.org
At Carnegie Mellon University's Software and Societal Systems Department (S3D), we solve big, complex challenges at the critical intersection of technology and society.
computer security person. former helpdesk
At CMU, the (Blue)sky's the limit. United by curiosity and driven by passion, we reach across disciplines, forge new ground and deploy our expertise to make real change that benefits humankind.
