_/_/_/_/ _/_/_/ _/_/_/_/ _/ _/ _/_/_/_/ _/_/_/_/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/_/_/_/ _/_/_/_/ _/_/ _/_/_/_/ _/ _/ _/ _/ _/ _/ _/ _/ _/_/_/_/ _/_/_/ _/ _/ _/ _/_/_/_/ _/ _/ ============================================================================ Newsletter of the IEEE Computer Society's TC on Security and Privacy Electronic Issue 184 March 24, 2025 Hilarie Orman, Editor Sven Dietrich, Assoc. Editor cipher-editor @ ieee-security.org cipher-assoc-editor @ ieee-security.org Sven Dietrich Yong Guan Book Review Editor Calendar Editor cipher-bookrev @ ieee-security.org cipher-cfp @ ieee-security.org ============================================================================ The newsletter is also at http://www.ieee-security.org/cipher.html Cipher is published 6 times per year Contents: * Letter from the Editor * Commentary and Opinion and News o Review of the RossFest (Cambridge, UK, 3/25/2025) by Sven Dietrich o Sven Dietrich's review of "Fancy Bear Goes Phishing - The Dark History of the Information Age, in Five Extraordinary Hacks" by Scott J. Shapiro o News Items - No Security, No Press (2 items) - US Pivots on Cybersecurity - Good-bye to Information Integrity, Talented Employees, Etc. (4 items) - Ransomware Profits Hit a Low (2 items) - The Computer Goes Random Like a Cookie - Three Bites of the Apple (3 items) - California Gets Seriously Private (2 items) - The Ether That Vanished - Immigrants' Locations Revealed to ICE via License Plate Scanners - The Engineer Who Outed NSA o Book reviews, Conference Reports and Commentary and News items from past Cipher issues are available at the Cipher website * List of Computer Security Academic Positions, by Cynthia Irvine * Conference and Workshop Announcements * Staying in Touch o Information for subscribers and contributors o Recent address changes * Links for the IEEE Computer Society TC on Security and Privacy o Becoming a member of the TC o TC Officers o TC publications for sale ==================================================================== Letter from the Editor ==================================================================== Dear Readers: We try to keep up on the highlights of computer security news by selecting published articles from the past several weeks before each edition of this newsletter. Clever or surprising zero day attacks, large-scale disruptions due to malware, interesting uses or failures of security methods, etc. are the usual fare. We also try to follow government policies regulating cybersecurity and privacy. Between the last Cipher issue in January and this one, there have been so many changes that it is difficult to even understand what the "highlights" are. Thus, we have many more news articles than usual in this edition. Whether any of them will seem relevant in May is anybody's guess. Welcome to Sturm and Drang Part II. A couple of decades ago I was surprised to get text messages from some youth sports club. I sent back a message asking that they take my number out of their list. There were a lot of people in the text group, and none of them knew or cared about administering the phone number list. In fact, some were hostile, as if I were the culprit --- an interloper trying to disrupt their organization with bogus complaints! Finally, I sent a message about violations of communications acts, legal actions, cancellation of accounts, and accrual of extra charges. It was nonsense, but the messages ceased. When I read about White House advisors mistakenly adding a reporter to their discussions of military actions, I spent some time laughing. Maybe one of them was a youth soccer coach in the past. This month we have a review by Sven Dietrich of a book that illuminates five pieces of malware that are important to the history of Internet security. The news items in our newsletter are snippets of larger stories about malware development and deployment, sometimes with pointers to more detailed explanations, but the book "Fancy Bear Goes Phishing" travels much further into five delectable examples. Dietrich also provides a short report about the festschrift for the late Ross Anderson, one of the finest security researchers and authors of our time. Fine Fettle I dosed the disk drives with vitamin A, The machine went blue screen anyway. My firewall jettisoned all methods diverse, But the straightened defenses only got worse. My keyboard has beef tallow bathing the keys, My photos are raw, no processing please. But rather than healthy, I feel a demise, For even my chatbot won't have that with fries. Hilarie Orman cipher-editor @ ieee-security.org ==================================================================== Commentary and Opinion ==================================================================== ____________________________________________________________________ Review of RossFest Cambridge, UK, 3/25/2025 by Sven Dietrich RossFest website: https://www.cl.cam.ac.uk/events/rossfest/ ____________________________________________________________________ RossFest was one of the events that have honored Ross Anderson, a colleague in the field of computer security, the author of the well-known (and heavy) book "Security Engineering" published by Wiley, over the last year since his passing on March 28, 2024. The team of former PhD students of Ross, Joseph Bonneau (New York University), Richard Clayton, (University of Cambridge), Markus Kuhn (University of Cambridge), Tyler Moore (University of Tulsa), Ilia Shumailov (Google DeepMind), Frank Stajano (University of Cambridge) put together the event itself, as well as solicited inputs (papers, memories), and finally published a Festschrift for this event. It is distributed as a Springer Verlag hardcopy which can be ordered, but can also be downloaded as PDF (DRM-free, as Ross would have liked it) from the event website (see above). The daytime event at the Computer Laboratory was a collection of talks, panels, and even short memories given by relatives or colleagues in the field of computer security. The list is too long to be reproduced here. The speeches given summarized the many ways in which Ross Anderson influenced the field of computer security and help steer it forward, but also brought forth who he was as a person in the context of often funny anecdotes. In attendance in the auditorium were over 100 colleagues, students, staff, former collaborators, and other participants that felt they had been influenced by Ross Anderson in some way. The website has the program with a list of all the speakers. The videos of the presentations will be eventually released on that site for those speakers who agreed to have their memories recorded. After the daytime attendees changed into their "fancier" clothes, the crowd gathered at "The Pickerel Pub" before wandering over to the also well-attended evening banquet at Trinity College, with another talk by Iain Anderson, the brother of Ross Anderson. Ross, we will all miss you. Rest in peace. ____________________________________________________________________ Book Review by Sven Dietrich March 24, 2025 ____________________________________________________________________ "Fancy Bear Goes Phishing - The Dark History of the Information Age, in Five Extraordinary Hacks" by Scott J. Shapiro Picador - Farrar, Straus and Giroux; MacMillan Publishing 2024. ISBN-13: 978-1-2503-3567-8 (print) 432 pages, first edition, paperback, 2024 Don't you sometimes wish you knew the background stories to some big hacks? You've heard about the 1988 Morris Worm, the Paris Hilton sex tape and photos, the Internet of Things botnets, the Minecraft Wars, the Bulgarian virus factories, Fancy Bear sending phishing emails, but what is the context behind them? In the times of hybrid warfare, perhaps looking back at the last few decades of hacks could provide some strong background on the origins and motivations of the perpetrators as well as the techniques way back then. It all depends on when you think the information age or the Internet started, but the basics are found here on these pages. Scott J. Shapiro has tackled this problem in creating a 430+-page book "Fancy Bear Goes Phishing - The Dark History of the Information Age, in Five Extraordinary Hacks." He has chosen the lens of five major hacks to provide background, often in narrative (shall this reviewer say 'popular science?') form, mixed with snippets of computer code, illustrative diagrams, screenshots, and other supporting materials. The book is divided into 10 chapters (with the five major hacks bleeding over from one chapter to another), with an introduction, a conclusion, and an epilogue. There is a set of endnotes, 70 pages long, that show the sources with more in-depth information for those who prefer reading the original reports, plus an index. The "Introduction" of the book starts with the "Brilliant Project," the inception of the so-called "Morris Worm" that took down the Internet in November 1988 and led to the creation of the CERT Coordination Center. Over the next two chapters "The Great Worm" and "How the Tortoise Hacked Achilles," the story continues with understanding the inception, the mitigation, and the legal aftermath of the "Morris Worm," with Robert Morris Jr., a Cornell University PhD Student at the time, at center stage. In the next two chapters, "The Bulgarian Virus Factory" and "The Father of Dragons", the reader learns about first efforts to create computer viruses and worms, as well as ways to contain them. The author takes the reader on an excursion into various dark (and not so dark) chapters of computer security history, showing the evolution of sometimes funny, sometimes very destructive pieces of malware. With names such as Vesselin Bontchev and Sarah Gordon on one side, and on the other their nemesis Dark Avenger, the story continues. The mysterious and elusive central character, Dark Avenger, is one of the creators of malicious software, sometimes motivated to write more malicious software by the continued efforts to fight him. The chapters "Winner Take All" and "Snoop Dogg Does His Laundry" goes down a different road for the next hack: simple account (reset) passwords and SQL injection. We are talking about the T-Mobile Sidekick and backend database hacks from the early 2000s, leaking Paris Hilton's private photos among others. Then came the Melissa and ILOVEYOU viruses turning into super-spreaders as more and more users join the Internet, many (too many?) unaware of its dangers at the time. The chapters "How to Mudge" and "Kill Chain" continue the email idea, but enter the domain of phishing, in other words social engineering. Here the reader "meets" Fancy Bear, the malicious character from the title of the book. Fancy Bear helped penetrate the American Democratic National Convention by using a phishing ruse. What followed was a release of a series of emails from within the US Democratic Party in fall of 2016, at the time of the US national election, which is put into several contexts here. In "The Minecraft Wars" and "The Attack of the Killer Toasters" we veer off to the attacks on the Internet infrastructure via Distributed Denial of Service [DDoS, one of my favorite topics -SD]. In the mid 2010s, the targets of DDoS malware (source of the traffic, making large sites such as Brian Krebs' site or the Dyn DNS servers go offline with heavy DDoS traffic) were now the Internet of Things devices, such as routers, cameras, digital video recorders, and perhaps connected toasters. The main contender is the Mirai botnet, which still exists in many variations to this day. Wrapping up, in the "Conclusion: The Death of Solutionism" the author tries to find a path forward, mentioning that many companies offer solutions to the Internet problems mentioned here, but will they work. An "Epilogue" follows. This book is aimed at a broader audience, but it does delve deeper into technical details for those who understand the techniques. The background stories certainly fill the gap left behind when one reads scientific papers on hacking topics and one wonders, "what REALLY happened here?" The extensive references at the end of the book will lead the reader to more technical knowledge, should their interest be piqued. I very much enjoyed reading this book. The book is light and entertaining reading and provides anecdotal background information for why we do some of the things we do on the Internet. And maybe how certain incidents played out. Read it for yourself. ------------------------------------------ Sven Dietrich reviews technology and security books for IEEE Cipher. He welcomes your thoughts at spock at ieee dot org ------------------------------------------------------------------------------ Book reviews from past issues of Cipher are archived at http://www.ieee-security.org/Cipher/BookReviews.html, and conference reports are archived at http://www.ieee-security.org/Cipher/ConfReports.html ==================================================================== News Briefs ==================================================================== News briefs from past issues of Cipher are archived at http://www.ieee-security.org/Cipher/NewsBriefs.html ------------------------------------------------------------------------------ No Security, No Press Cyberattack Disrupts Publication of Lee Newspapers Across the U.S. The media company Lee Enterprises, parent to more than 70 daily papers, said a "cybersecurity event" had impacted publishing at dozens of its newspapers. https://www.nytimes.com/2025/02/09/business/media/newspaper-cyberattack-lee-enterprises.html Publisher: New York Times Date: Feb. 9, 2025 By: Amanda Holpuch Summary: The information about the disruption was in an SEC filing. The company said it was involved in an investigation about the origination and scope of the problems. ----------------------------------------------------- Lee Enterprises: Cybersecurity threat 'contained' but recovery work remains The company, which owns newspapers in Virginia and elsewhere, said it is still investigating whether personal information was stolen. https://cardinalnews.org/2025/03/07/lee-enterprises-cybersecurity-threat-contained-but-recovery-work-remains/ Publisher: Cardinal News Date: March 7, 2025 By: Matt Busse Summary: Lee newspapers were subjected to a ransomware and data exfiltration attack that impacted their ability to print papers. Their lender, Berkshire Hathaway, is helping out by waiving interest fees for March, while the papers struggle to resume publication and get ad revenue. Some of their backoffice function were also impacted. ------------------------------------------------------------------------------ US Pivots on Cybersecurity - Good-bye to Information Integrity, Talented Employees, Etc. Trump administration retreats in fight against Russian cyber threats https://www.theguardian.com/us-news/2025/feb/28/trump-russia-hacking-cyber-security Recent incidents indicate US is no longer characterizing Russia as a cybersecurity threat, marking a radical departure: 'Putin is on the inside now' Publisher: The Guardian Date: 1 Mar 2025 By: Stephanie Kirchgaessner Summary: In recent remarks to the UN, the US deputy assistant secretary for international cybersecurity at the state department, named China and Iraq as cybersecurity threats, but made no mention of Russia. Many reports of devastating attacks on American businesses have been attributed to the "ransomware as a service" operation called LockBit. Experts have attributed the source of the malware to Russians, so the remarks are at sharp variance to previous US concerns. ------------------------------------------------- CISA staff focused on disinformation and influence operations put on leave https://www.nextgov.com/people/2025/02/cisa-staff-focused-disinformation-and-influence-operations-put-leave/402958/ US Secretary of Homeland Security Kristi Noem spoke to staff for the first time at Department of Homeland Security (DHS) headquarters in Washington, DC, on January 28, 2025. Noem has stated her desire to rescope CISA away from misinformation efforts. Publisher: Nextgov FCW Date: February 12, 2025 By: David DiMolfetta Summary: The DHS Assistant Secretary announced that while the agency re-evaluates the parts of its mission that deal with online information that is meant to harm the US, the state dealing with election interference have been put on leave. This move is aligned with Attorney General Pam Bondi's elimination of the FBI's Foreign Influence Task Force, which was formed in 2017 to address foreign election interference threats (see https://cyberscoop.com/doj-disbands-foreign-influence-task-force/) ------------------------------------------------- The Survival of Biden's EO on Government Cybersecurity January and February 2025 Cybersecurity Developments Under the Biden and Trump Administrations https://www.insidegovernmentcontracts.com/2025/03/january-and-february-2025-cybersecurity-developments-under-the-biden-and-trump-administrations/ Publisher: Inside Government Contracts Date: March 6, 2025 By: Susan B. Cassidy, Ashden Fein, Robert Huffman, Ryan Burnette, Darby Rourick & Kristen Chapman on Summary: This blog describes Biden's EO 14144 which affects contractual requirements for software purchased for the Federal government. The new regulations require attestations and artifacts re security for review by the Cybersecurity and Infrastructure Security Agency (CISA). Although many of Biden's EOs were removed by the incoming administration, this one is still in effect. ------------------------------------------------- Cyber council's demise shakes public-private sector trust https://www.axios.com/2025/03/18/dhs-cisa-cyber-council-industry-trust Publisher: Axios Date: Mar 18, 2025 By: Sam Sabin Summary: In order to "eliminate redundancies to create a more efficient, streamlined department" and "minimize government waste, abuse, reduce inflation, and promote American freedom and innovation", a spokesperson for DHS announced that the Critical Infrastructure Partnership Advisory Council (CIPAC) was terminated. The council had provided a protected forum to exchange information about cybersecurity intelligence. This unique public-private partnership maintained sensitive relationships, and without it, it is unclear how such trust can be maintained going forward. ------------------------------------------------- Cybersecurity agency's top recruits decimated by DOGE cuts https://www.cbsnews.com/news/cybersecurity-agencys-top-recruits-doge-cuts/ Publisher: CBS News Date: March 7, 2025 By: Nicole Sganga Summary: In one "fell swoop", some of the most talented cyber threat investigators were fired from CISA as part of a general cost-cutting measure that targets probationary employees in the US government. Hired under a program aimed at recruiting the best cybersecurity talent in the nation, the employees are thoroughly vetted and subject to a 3-year probationary term. About 130 of those employees were let go last month. ------------------------------------------------------------------------------- Ransomware Profits Hit a Low Global ransomware payments plunge by a third amid crackdown https://www.theguardian.com/technology/2025/feb/05/global-ransomware-payments-plunge-by-a-third-amid-crackdown Money stolen falls from record $1.25bn to $813m as more victims refuse to pay off criminal gangs Publisher: The Guardian UK Date: 02/05/25 By: Dan Milmo Summary: The big news about crime and crypto currency from 2024 is that ransomware payments decreased significantly. The blockchain analysis firm Chainanalysis gave those numbers as part of their https://www.chainalysis.com/blog/crypto-crime-ransomware-victim-extortion-2025/ target = "_">annual crypto crime report. They attribute the 35% drop to law enforcement and stubborn customers. Chainalysis' Jacqueline Burns Koven said the new figures indicated a "ransomware apocalypse" had been avoided. That is small comfort to those victimized by recent attacks, like Lee Newspapers (see above) and the numerous businesses afflicted by "Medusa" (next item). ------------------------------------------------- Ransomware, No Source Attribution Cybersecurity officials warn against potentially costly Medusa ransomware attacks https://www.ksl.com/article/51276010/cybersecurity-officials-warn-against-potentially-costly-medusa-ransomware-attacks Publisher: Associated Press Date: March 17, 2025 By: Sarah Parvini Summary: A new ransomware attack, named Medusa has affected more than 300 organizations, according to CISA. The agency advises using good security practices. [Ed. Notably missing from the government announcement is any mention of information about the "Medusa actors". Normally such announcements come with a mention of China, North Korea, or Russia. ------------------------------------------------------------------------------- The Computer Goes Random Like a Cookie Keep Hardware Safe by Cutting Out Code's Clues https://news.mit.edu/2025/to-keep-hardware-safe-cut-out-codes-clues-0211 New "Oreo" method from MIT CSAIL researchers removes footprints that reveal where code is stored before a hacker can see them. Publisher: MIT News Date: February 11, 2025 By: Alex Shipps, MIT CSAIL Summary: Address space randomization can help protect software from intruders by making it hard to find where the software is actually located in the memory of a computer system, but the technique is more of a bandaid than a cure. An MIT group has developed a method for hiding addresses effectively by introducing a "masked address space" between virtual and physical memory. That layer re-maps code from random virtual addresses to fixed locations so that when the code runs the virtual address is not revealed. Because their remapping layer is between the two normal addressing layers in a computer, they use the term "Oreo" to describe the 3-layer combination. ------------------------------------------------------------------------------- Three Bites of the Apple Zero-Day Forensic Block re-Blocked https://www.bleepingcomputer.com/news/apple/apple-fixes-zero-day-exploited-in-extremely-sophisticated-attacks/ Apple Fixes Zero-Day Exploited in 'Extremely Sophisticated' Attacks Publisher: BleepingComputer Date: 02/10/25 By: Sergiu Gatlan Summary: Presumably law enforcement knows that if they seize an Apple IOS device, they have only one hour to attach a forensic USB device before being locked out. That seems to be a kind of compromise between user privacy and law enforcement needs. However, the organization Citizen Lab, which specializes in discovering zero-day exploits, found a way around that one hour limit. Apple responded with a patch to keep the feature intact. ------------------------------------------------- Apple Pulls Data Protection Tool After U.K. Government Security Row https://www.bbc.com/news/articles/cgj54eq4vejo Publisher: BBC Date: February 22, 2025 By: Zoe Kleinman Summary: The UK Home Office invoked the Investigatory Powers Act in demanding that Apple put a backdoor in its end-to-end data encryption scheme for iCloud data (aka Advanced Data Protection). Apple instead is going about disabling the use of the feature for UK customers. Their data will be encrypted using a different scheme, and Apple will comply with warrants demanding decryption. The feature became unavailable to new users in the UK on February 21, and further restrictions are expected in the near future. At the same time, Apple is pursuing court rulings to have the law enforcement demands rejected. ------------------------------------------------- Apple encrypted data row hearing begins in secret https://www.bbc.com/news/articles/c9vy0m8ggz3o Publisher: BBC Date: March 14, 2025 By: Zoe Kleinman and Tom Gerken Summary: Apple's Advanced Data Protection offers end-to-end encryption for Cloud storage, as do the messaging apps WhatsApp, Signal and iMessage. The UK Home Office has demanded the right to access this data, and a hearing on the issue is underway. However, the proceedings are barred to reporters, something that Apple and the app companies object to. We may or may not hear more about this. ------------------------------------------------------------------------------- California Gets Seriously Private CPPA Enforces Delete Act Against Data Brokers https://natlawreview.com/article/cppa-enforces-delete-act-against-data-brokers Publisher: National Law Review Date: February 28, 2025 By: Hunton Andrews Kurth's Privacy and Information Security Law Blog Summary: The California Privacy Protection Agency (CPPA) regulates some aspects of collection of user data, and last November they adopted new data broker regulations under the Delete Act. They are now looking to enforce those regulations through legal action. Although state data privacy laws are frequently ignored, California requires data brokers to register with the state or face fines of $200 per day, a requirement that could give its Delete Act some teeth. The state's privacy watchdog recently filed suit against National Public Data for failure to comply with the registration requirement. The Florida-based data broker is one of two such businesses targeted by CPPA. The other is Background Alert, a California company that also failed to register. ------------------------------------------------- Honda Settles With CPPA Over Privacy Violations https://cppa.ca.gov/announcements/2025/20250312.html Automaker Will Change Business Practices and Pay $630k+ Fine Publisher: Date: March 12, 2025 Summary: The CPPA accused the car company Honda of violating state regulations by requiring too much personal data from customers, using online tools that obscured the right to opt-out of data collection, making it difficult to authorize agents to exercise privacy rights, and sharing data with ad tech companies without consumer protection. Honda agreed to change its business practices and to pay a $630+ fine. ------------------------------------------------------------------------------- The Ether That Vanished How the Biggest Crypto Heist in History Went Down https://www.nytimes.com/2025/03/06/technology/bybit-crypto-hack-north-korea.html The cryptocurrency exchange Bybit lost $1.5 billion to North Korean hackers last month - and it all traced back to an account on a free digital storage service. Publisher: New York Times Date: March 6, 2025 By: David Yaffe-Bellany Summary: The chief executive for the cryptocurrency exchange Bybit approved a transfer of Ether cryptocurrency, but he had been hacked, and the assets were transferred to a North Korean hacker group, a fact that he learned about 30 minutes later. The Bybit people had put their trust in open source software for safeguarding their logins, but they had not realized that the software has been subtly hacked to give their credentials away. They were able to cover $1.5B loss and remain viable, but they got little sympathy from the security community. The theft was preventable, and the company was foolishly careless. ------------------------------------------------------------------------------- Immigrants' Locations Revealed to ICE via License Plate Scanners ICE accessed car trackers in sanctuary cities that could help in raids, files show https://www.theguardian.com/us-news/2025/mar/11/ice-car-trackers-sanctuary-cities Westchester County has laws limiting cooperation, but ICE has accessed trove of data that holds license plate readers Publisher: The Guardian Date: Mar 11, 2025 By: Johana Bhuiyan Summary: The tension between US immigration authorities and local governments is a theme that has been developing such the new administration took control of the Federal government. Although Westchester County avoids working with ICE, their police records have been used to get information about where immigrants are driving their cars. This is because the police regularly use license plate scanners to gather information from parking lots and roadways. ------------------------------------------------------------------------------- The Engineer Who Outed NSA In Memoriam: Mark Klein, AT&T Whistleblower Who Revealed NSA Mass Spying https://www.eff.org/deeplinks/2025/03/memoriam-mark-klein-att-whistleblower-about-nsa-mass-spying Publisher: Electronic Freedom Foundation (EFF) Date: March 12, 2025 By: Cindy Cohn and Corynne McSherry Summary: The EFF notes the passing of an AT&T engineer who realized that he had facilitated a massive NSA spying project, one that the American people were being mislead about. At the company's San Francisco office, he had installed optical splitters to copy all the communications data to a locked room. His moral compass led him to the EFF, and the EFF publicized the spying and filed lawsuits to stop it. ==================================================================== Listing of academic positions available by Cynthia Irvine ==================================================================== http://cisr.nps.edu/jobscipher.html -------------- This job listing is maintained as a service to the academic community. If you have an academic position in computer security and would like to have in it included on this page, send the following information: Institution, City, State, Position title, date position announcement closes, and URL of position description to: irvine@cs.nps.navy.mil ==================================================================== Upcoming Calls-For-Papers and Events ==================================================================== The complete Cipher Calls-for-Papers is located at http://www.ieee-security.org/CFP/Cipher-Call-for-Papers.html The Cipher event Calendar is at http://www.ieee-security.org/Calendar/cipher-hypercalendar.html Requests for inclusion in the list should sent per instructions: http://www.ieee-security.org/Calendar/submitting.html ICICS 2025 27th International Conference on Information and Communications Security, Nanjing, China, October 29-31, 2025. https://www.icics2025.org/index.html Submission date: 23 May 2025 CSR 2025 IEEE International Conference on Cyber Security and Resilience, Chania, Crete, Greece, August 4-6, 2025. https://www.ieee-csr.org/ Submission date: 10 March 2025 ACM WiSec 2025 18th ACM Conference on Security and Privacy in Wireless and Mobile Networks, Arlington, Virginia, USA, June 30 - July 3, 2025. https://wisec2025.gmu.edu Submission date: 26 November 2024 and 12 March 2025 CVC 2025 8th Crypto Valley Conference on Blockchain Technology, Zug, Switzerland, June 5-6, 2025. https://cryptovalleyconference.com/call-for-papers Submission date: 13 March 2025 SACMAT 2025 30th ACM Symposium on Access Control Models and Technologies, Stony Brook, NY, USA, July 8-10, 2025. https://www.sacmat.org/2025/ Submission date: 24 March 2025 Elsevier Online Social Networks and Media Journal (OSNEM), Special issue on Disinformation, toxicity, harms in Online Social Networks and Media. https://www.sciencedirect.com/journal/online-social-networks-and-media Submission date: 31 March 2025 ACM Transactions on the Web, Special Issue on Advanced Technologies in the Decentralized Web. https://dl.acm.org/pb-assets/static_journal_pages/tweb/pdf/ACM-TWEB-SI-Advanced-Technologies-Decentralized-Web.pdf Submission date: 31 March 2025 TX4Nets 2025 2nd International Workshop on Trustworthy and eXplainable Artificial Intelligence for Networks, Co-located with IFIP Networking 2025, Limassol, Cyprus, May 25-29, 2025. https://sites.google.com/view/tx4nets-2025/important-dates-and-cfp Submission date: 31 March 2025 Journal of Systems Architecture, Special Issue of Journal of Systems Architecture on Security and Privacy in AIoT-enabled Smart Cities. https://www.sciencedirect.com/special-issue/313735/security-and-privacy-in-aiot-enabled-smart-society Submission date: 1 April 2025 DFDS 2025 1st Digital Forensics Doctoral Symposium, Held in conjunction with Digital Forensics Research Conference Europe (DFRWS EU 2025), Brno, Czech Republic, April 1, 2025. https://www.dfrws.org/conferences/dfds2025/ DFRWS EU 2025 Digital Forensics Research Conference Europe, Hybrid, Brno, Czech Republic, April 1-4, 2025. https://dfrws.org/conferences/dfrws-eu-2025/ PST 2025 22nd Annual International Conference on Privacy, Security & Trust, Fredericton, Canada, August 26-28, 2025. http://pstnet.ca/ Submission date: 4 April 2025 SaTML 2025 3rd IEEE Conference on Secure and Trustworthy Machine Learning, Copenhagen, Denmark, April 9-11, 2025. https://satml.org/participate-cfp/ ACM CCS 2025 32nd ACM Conference on Computer and Communications Security, Taipei, Taiwan, October 13-17, 2025. https://www.sigsac.org/ccs/CCS2025/call-for-papers/ Submission date: 14 April 2025 MarCaS 2025 3rd LCN Special Track on Maritime Communication and Security, Held in conjunction with the 50th Annual IEEE Conference on Local Computer Networks (IEEE LCN 2025), Sydney, Australia, October 14-16, 2025. https://garykessler.net/lcn_marcas/ Submission date: 20 April 2025 ESORICS 2025 30th European Symposium on Research in Computer Security, Toulouse, France, September 22-26, 2025. https://www.esorics2025.org/ Submission date: 22 April 2025 HOST 2025 18th IEEE International Symposium on Hardware Oriented Security and Trust, San Jose, CA, USA, May 5-8, 2025. http://www.hostsymposium.org/call-for-paper.php SP 2025 46th IEEE Symposium on Security and Privacy, San Francisco, CA, USA, May 12-15, 2025. https://www.sp2025.ieee-security.org/cfpapers.html IFIP TC-11 SEC 2025 40th IFIP TC-11 International Information Security and Privacy Conference, Maribor, Slovenia, May 21-23, 2025. https://www.ndss-symposium.org/ndss2025/submissions/cfp-wosoc/ WNDSS 2025 International Workshop on Network and Distributed Systems Security, Co-located with the 40th International Information Security and Privacy Conference (IFIP SEC 2025), Maribor, Slovenia, May 23, 2025. https://ifiptc11.org/wg114-events/wg114-workshop/ ICICS 2025 27th International Conference on Information and Communications Security, Nanjing, China, October 29-31, 2025. https://www.icics2025.org/index.html Submission date: 23 May 2025 TX4Nets 2025 2nd International Workshop on Trustworthy and eXplainable Artificial Intelligence for Networks, Co-located with IFIP Networking 2025, Limassol, Cyprus, May 25-29, 2025. SP 2026 47th IEEE Symposium on Security and Privacy, San Francisco, CA, USA, MAY 18-21, 2026. https://sp2026.ieee-security.org/cfpapers.html Submission dates: 5 June 2025 and 13 November 2025 CVC 2025 8th Crypto Valley Conference on Blockchain Technology, Zug, Switzerland, June 5-6, 2025. https://cryptovalleyconference.com/call-for-papers IWSPA 2025 11th ACM International Workshop on Security and Privacy Analytics, Co-located with ACM CODASPY 2025, Pittsburgh, Pennsylvania, June 6, 2025. https://sites.google.com/view/iwspa-2025 CSF 2025 38th IEEE Computer Security Foundations Symposium, Santa Cruz, CA, USA, June 16-20, 2025. https://csf2025.ieee-security.org/ WEIS 2025 24th Annual Workshop on the Economics of Information Security, Tokyo, Japan, June 23-25, 2025. http://kmlabcw.iis.u-tokyo.ac.jp/weis/2025/index.html WTMC 2025 10th International Workshop on Traffic Measurements for Cybersecurity, Co-located with the 10th IEEE European Symposium on Security and Privacy (IEEE EuroS&P 2025), Venice, Italy, June 30, 2025. https://wtmc.info/index.html ACM WiSec 2025 18th ACM Conference on Security and Privacy in Wireless and Mobile Networks, Arlington, Virginia, USA, June 30 - July 3, 2025. https://wisec2025.gmu.edu IEEE EuroS&P 2025 10th IEEE European Symposium on Security and Privacy, Venice, Italy, June 30 - July 4, 2025. https://eurosp2025.ieee-security.org/ SACMAT 2025 30th ACM Symposium on Access Control Models and Technologies, Stony Brook, NY, USA, July 8-10, 2025. https://www.sacmat.org/2025/ PETS 2025 25th Privacy Enhancing Technologies Symposium, Washington, DC and Online, July 14-19, 2025. https://petsymposium.org/cfp25.php APWG eCrime 2025 20th APWG Symposium on Electronic Crime Research, San Diego, CA, USA, November 4-7, 2025. https://apwg.org/events/ecrime2025 Submission date: 15 July 2025 DFRWS-USA 2025 25th Annual Digital Forensics Research Conference, Chicago, Illinois, USA, July 22-25, 2025. https://dfrws.org/conferences/dfrws-usa-2025/ CSR 2025 IEEE International Conference on Cyber Security and Resilience, Chania, Crete, Greece, August 4-6, 2025. https://www.ieee-csr.org/ ARES 2025 20th International Conference on Availability, Reliability and Security, Ghent, Belgium, August 10-13, 2025. https://2025.ares-conference.eu/ USENIX Security 2025 34th USENIX Security Symposium, Seattle, WA, USA, August 13-15, 2025. https://www.usenix.org/conference/usenixsecurity25 PST 2025 22nd Annual International Conference on Privacy, Security & Trust, Fredericton, Canada, August 26-28, 2025. http://pstnet.ca/ ESORICS 2025 30th European Symposium on Research in Computer Security, Toulouse, France, September 22-26, 2025. https://www.esorics2025.org/ ACM CCS 2025 32nd ACM Conference on Computer and Communications Security, Taipei, Taiwan, October 13-17, 2025. https://www.sigsac.org/ccs/CCS2025/call-for-papers/ MarCaS 2025 3rd LCN Special Track on Maritime Communication and Security, Held in conjunction with the 50th Annual IEEE Conference on Local Computer Networks (IEEE LCN 2025), Sydney, Australia, October 14-16, 2025. https://garykessler.net/lcn_marcas/ ICICS 2025 27th International Conference on Information and Communications Security, Nanjing, China, October 29-31, 2025. https://www.icics2025.org/index.html APWG eCrime 2025 20th APWG Symposium on Electronic Crime Research, San Diego, CA, USA, November 4-7, 2025. https://apwg.org/events/ecrime2025 SP 2026 47th IEEE Symposium on Security and Privacy, San Francisco, CA, USA, May 18-21, 2026. https://sp2026.ieee-security.org/cfpapers.html Submission dates: 5 June 2025 and 13 November 2025 SP 2026 47th IEEE Symposium on Security and Privacy, San Francisco, CA, USA, May 18-21, 2026. https://sp2026.ieee-security.org/cfpapers.html ==================================================================== Information on the Technical Committee on Security and Privacy ==================================================================== ____________________________________________________________________ Information for Subscribers and Contributors ____________________________________________________________________ SUBSCRIPTIONS: Two options, each with two options: 1. To receive the full ascii CIPHER issues as e-mail, send e-mail to cipher-admin@ieee-security.org (which is NOT automated) with subject line "subscribe". OR send a note to cipher-request@mailman.xmission.com with the subject line "subscribe" (this IS automated - thereafter you can manage your subscription options, including unsubscribing, yourself) 2. To receive a short e-mail note announcing when a new issue of CIPHER is available for Web browsing send e-mail to cipher-admin@ieee-security.org (which is NOT automated) with subject line "subscribe postcard". OR send a note to cipher-postcard-request@mailman.xmission.com with the subject line "subscribe" (this IS automated - thereafter you can manage your subscription options, including unsubscribing, yourself) To remove yourself from the subscription list, send e-mail to cipher-admin@ieee-security.org with subject line "unsubscribe" or "unsubscribe postcard" or, if you have subscribed directly to the xmission.com mailing list, use your password (sent monthly) to unsubscribe per the instructions at http://mailman.xmission.com/cgi-bin/mailman/listinfo/cipher or http://mailman.xmission.com/cgi-bin/mailman/listinfo/cipher-postcard Those with access to hypertext browsers may prefer to read Cipher that way. It can be found at URL http://www.ieee-security.org/cipher.html CONTRIBUTIONS: to cipher @ ieee-security.org are invited. Cipher is a NEWSletter, not a bulletin board or forum. It has a fixed set of departments, defined by the Table of Contents. Please indicate in the subject line for which department your contribution is intended. Calendar and Calls-for-Papers entries should be sent to cipher-cfp @ ieee-security.org and they will be automatically included in both departments. To facilitate the semi-automated handling, please send either a text version of the CFP or a URL from which a text version can be easily obtained. For Calendar entries, please include a URL and/or e-mail address for the point-of-contact. For Calls for Papers, please submit a one paragraph summary. See this and past issues for examples. ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. All reuses of Cipher material should respect stated copyright notices, and should cite the sources explicitly; as a courtesy, publications using Cipher material should obtain permission from the contributors. ____________________________________________________________________ Recent Address Changes ____________________________________________________________________ Address changes from past issues of Cipher are archived at http://www.ieee-security.org/Cipher/AddressChanges.html _____________________________________________________________________ How to become <> a member of the IEEE Computer Society's TC on Security and Privacy _____________________________________________________________________ You may easily join the TC on Security & Privacy (or other TCs) by completing the on-line form at IEEE at https://www.computer.org/web/tandc/technical-committees ______________________________________________________________________ TC Conference Publications Online ______________________________________________________________________ The proceedings of previous conferences are available from the Computer Society's Digital Library. IEEE Security and Privacy Symposium IEEE Computer Security Foundations IEEE European Security and Privacy Symposium From 2012 onward, these are available without charge from the digital library 12 months after the conference. ____________________________________________________________________________ TC Officers ____________________________________________________________________________ Chair: Security and Privacy Symposium Chair Emeritus: Thorsten Holz Trent Jaeger Faculty Member Associate Professor CISPA Helmholtz Center for Pennsylvania State University Information Security https://www.cse.psu.edu/~trj1 tcchair at ieee-security.org sp24-chair@ieee-security.org Vice Chair: Treasurer: Alvaro Cardenas Yong Guan Professor Professor University of California, Department of Electrical and Computer Santa Cruz Engineering tcchair at ieee-security.org Iowa State University, Ames, IA 50011 treasurer@ieee-security.org Newsletter Editor: Security and Privacy Symposium, 2025 Chair: Hilarie Orman Marina Blanton Purple Streak, Inc. Associate Professor 500 S. Maple Dr. University at Buffalo Woodland Hills, UT 84653 sp25-chair at ieee-security.org cipher-editor@ieee-security.org TC Awards Chair: Tegan Brennan Assistant Professor Stevens Institute of Technology tbrenna5 at stevens.edu ____________________________________________________________________________ BACK ISSUES: Cipher is archived at: http://www.ieee-security.org/cipher.html Cipher is published 6 times per year --=====================_purplestreak_932242421235479791===--