IEEE Symposium on Security and Privacy


This page collects links to media coverage of papers in the 2009 IEEE Symposium on Security and Privacy. If you know of other articles that should be linked here, email them to David Evans (

Blueprint: Robust Prevention of Cross-site Scripting Attacks for Existing Browsers, Mike Ter Louw, V.N. Venkatakrishnan (University of Illinois at Chicago)

A Blueprint to Stop Browser Attacks, Technology Review, 14 May 2009.
De-anonymizing Social Networks, Arvind Narayanan, Vitaly Shmatikov (University of Texas, Austin)
Unmasking Social-Network Users, Technology Review, 6 May 2009.

Joining dots between social sites reveals anonymous users, New Scientist, 30 March 2009.

Pulling back the curtain on "anonymous" Twitterers, ars technica, 31 March 2009.

Social sites dent privacy efforts, BBC, 27 March 2009.

Fingerprinting Blank Paper Using Commodity Scanners, William Clarkson (Princeton University), Tim Weyrich (University College London), Adam Finkelstein, Nadia Heninger, Alex Halderman, Ed Felten (Princeton University)
Fingerprinting blank sheets of paper by scanning them, boingboing, 13 March 2009.

Inexpensive scanners can 'fingerprint' paper, researchers say, NetworkWorld, 10 March 2009.

It's No Secret. Measuring the Security and Reliability of Authentication via ‘Secret’ Questions, Stuart Schechter, A. J. Bernheim Brush (Microsoft Research), Serge Egelman (Carnegie Mellon University)
Study: Secret questions don't safeguard passwords, NetworkWorld, 19 May 2009. (Also in CIO Magazine, 19 May 2009.)

Are Your "Secret Questions" Too Easily Answered?, Technology Review, 18 May 2009.

Native Client: A Sandbox for Portable, Untrusted x86 Native Code, Bennet Yee, David Sehr, Gregory Dardyk, Brad Chen, Robert Muth, Tavis Ormandy, Shiki Okasaka, Neha Narula, Nicholas Fullagar (Google)
Google Chrome's Security Practices Raise Eyebrows, PC Magazine, 18 May 2009.

The Security Implications Of Google Native Client, Matasano Security Blog, 15 May 2009.

Google plugs PC power into cloud computing, cnet News, 27 April 2009.

Google hopes to find community in security contest, cnet News, 26 February 2009.

Safer than ActiveX: a look at Google's Native Client plugin, ars technica, 9 December 2008.

Pretty-Bad-Proxy: An Overlooked Adversary in Browsers' HTTPS Deployments, Shuo Chen (Microsoft Research), Ziqing Mao (Purdue University), Yi-Min Wang, Ming Zhang (Microsoft Research)
Breaking Web Browsers' Trust, Technology Review, 21 May 2009.
Tempest in a Teapot: Compromising Reflections Revisited, Michael Backes (Saarland University and Max Planck Institute for Software Systems), Tongbo Chen (Max Planck Institute for Informatics), Markus Duermuth (Saarland University), Hendrik P. A. Lensch (Max Planck Institute for Informatics), Martin Welk (Saarland University)
How Hackers Can Steal Secrets from Reflections, Scientific American, 27 April 2009.
Wirelessly Pickpocketing a Mifare Classic Card, Flavio D. Garcia, Peter van Rossum, Roel Verdult, Ronny Wichers Schreur (Radboud University Nijmegen)
Popular Smart Card Can Be Hacked, Researchers Show, Government Technology, 20 May 2009.