The market leading smartphone operating systems, Android and iOS, allow users to install apps through official pre-installed markets. Android also supports app installation from third-party sources, known as sideloading. Sideloading fosters competition and enables open source app markets. However, it also enables the proliferation of markets distributing pirated and modded apps: apps whose features and functionality have been altered by a third-party. Modded apps typically claim to offer user...| Light Blue Touchpaper
“Booters” (they usually call themselves “stressers” in a vain attempt to appear legitimate) are denial-of-service-for-hire websites where anyone can purchase small scale attacks that will take down a home Internet connection, a High School (perhaps there’s an upcoming maths test?) or a poorly defended business website. Prices vary but for around $20.00 you can purchase as many 10 minute attacks as you wish to send for the next month! In pretty much every jurisdiction, booters are il...| Light Blue Touchpaper
In December 2022, we first blogged about a law enforcement takedown of DDoS-for-hire services (often known as “booters”), sharing details about their changing landscape shortly after the initial seizures. Now that we have more data covering a longer period post-takedown, we can form a clearer picture of the impact.| Light Blue Touchpaper
The Cambridge Cybercrime Centre‘s eight one day conference on cybercrime was held on Monday, 23rd June 2025, which marked 10 years of the Centre.| Light Blue Touchpaper
Attacks on encryption continue. The UK government has just reportedly handed Apple a Technical Capability Notice – effectively demanding that Apple allow UK law enforcement access to their users’ encrypted cloud servers. This is the latest in a series of recent pushes by the UK Government and security services to establish backdoors in the end-to-end encrypted services which underpin a great deal of our lives. It is also happening at a time when many of us are really quite scared of the t...| Light Blue Touchpaper
In an article in the February, 2025 issue of Communications of the ACM, I join 20 coauthors from across academia and industry in writing about the remarkable opportunity for universal strong memory safety in low-level Trusted Computing Bases (TCBs) enabled by recent advances in type- and memory-safe systems programming languages (e.g., the Rust language), hardware memory protection (e.g., our work on CHERI), formal methods, and software compartmentalisation. These technologies are seeing incr...| Light Blue Touchpaper
On 2 October, TU Delft are starting a new online three course series on cybersecurity economics. I am co-teaching this course with Michel van Eeten (TU Delft), Daniel Woods (University of Edinburgh), Simon Parkin (TU Delft), Rolf van Wegberg (TU Delft), Tyler Moore (Tulsa Uni) and Rainer Böhme (Innsbruck Uni). The course also features content … Continue reading Join Our 3-Course Series on Cybersecurity Economics→| Light Blue Touchpaper
TL;DR Two invitations to Cambridge (UK): 2025-03-25: the Rossfest Symposium, in honour of Ross Anderson (1956-2024)https://www.cl.cam.ac.uk/events/rossfest/ 2025-03-26 and 27: the 29th Security Protocols Workshophttps://www.cl.cam.ac.uk/events/spw/2025/ Start writing, and sign up here for updates on either or both:https://forms.gle/Em9Hy43aRqrdGmd17 Rossfest Symposium25 March 2025 The Rossfest Symposium and its posthumous Festschrift is a celebration and remembrance of our friend … Continue...| Light Blue Touchpaper
The seventeenth Security and Human Behavior workshop was hosted by Bruce Schneier at Harvard University in Cambridge, Massachusetts on the 4th and 5th of June 2024 (Schneier blog).| Light Blue Touchpaper
Until about now, most of the text online was written by humans. But this text has been used to train GPT3(.5) and GPT4, and these have popped up as writing assistants in our editing tools. So more and more of the text will be written by large language models (LLMs). Where does it all lead? What will happen to GPT-{n} once LLMs contribute most of the language found online?| Light Blue Touchpaper
We were welcomed to WEIS 2023 in the University of Geneva by Afroditi Anastasaki from UNITAR, the UN Institute for Training and Research, whose mission is training diplomats, particularly from less developed countries. Her agency has recently been working on digital empowerment and digital sovereignty, which encompasses many questions around how states can maintain sovereignty in today’s complex online world. There will be a digital sovereignty hackathon on Friday and Saturday where UNITAR,...| Light Blue Touchpaper
