_/_/_/_/ _/_/_/ _/_/_/_/ _/ _/ _/_/_/_/ _/_/_/_/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/_/_/_/ _/_/_/_/ _/_/ _/_/_/_/ _/ _/ _/ _/ _/ _/ _/ _/ _/_/_/_/ _/_/_/ _/ _/ _/ _/_/_/_/ _/ _/ ============================================================================ Newsletter of the IEEE Computer Society's TC on Security and Privacy Electronic Issue 188 December 8, 2025 Hilarie Orman, Editor Sven Dietrich, Assoc. Editor cipher-editor @ ieee-security.org cipher-assoc-editor @ ieee-security.org Sven Dietrich Yong Guan Book Review Editor Calendar Editor cipher-bookrev @ ieee-security.org cipher-cfp @ ieee-security.org ============================================================================ The newsletter is also at http://www.ieee-security.org/cipher.html Cipher is published 6 times per year Contents: * Letter from the Editor * Commentary and Opinion and News o Sven Dietrich's review of The Ghidra Book - The Definitive Guide by Chris Eagle and Kara Nance o News items: - In Memoriam: Daniel J. Edwards - It's Not the Mortar, It's the Brick - Your Beverage Is Being Held for Ransom - Bitcoin ATMs: Easier Than Gambling - Crash the Internet? - Seriously, Another Deserialization Bug?! o Book reviews, Conference Reports and Commentary and News items from past Cipher issues are available at the Cipher website * List of Computer Security Academic Positions, by Cynthia Irvine * Conference and Workshop Announcements * Staying in Touch o Information for subscribers and contributors o Recent address changes * Links for the IEEE Computer Society TC on Security and Privacy o Becoming a member of the TC o TC Officers o TC publications for sale ==================================================================== Letter from the Editor ==================================================================== Dear Readers: It is often difficult for me to write the Editor's letter. Although the letter is short and informal, choosing a few tidbits for it from the rising tide of events, research, and news items is a challenge. This time, facing another discouraging evening of writer's block, I decided to take my own frequent advice to my generation and tried using an AI tool - Anthropic's Claude AI. I asked Claude to write the editor's letter for a security newsletter and to mention upcoming security conferences. Claude had these wise words: "The IEEE Symposium on Security and Privacy in May remains the premier venue for groundbreaking research, and this year's program committee has indicated an exceptionally strong submission pool." Is the submission pool actually "exceptionally strong" this year? It is always "strong", but I wonder about "exceptionally". Maybe I should try adding the prompt "Death to all modifiers." Anyway, I was encouraged by Claude's unprompted high regard for S&P. Moving on, Claude expressed concern and hope: "Nation-state actors are more sophisticated, ransomware operations are increasingly professionalized, and the attack surface expands with each new connected device and cloud service. Yet the research community continues to rise to meet these challenges with creativity, rigor, and dedication." That kind of writing isn't my style (I often express despair over the research community's inability to eliminate the challenges). I almost abandoned the experiment, but I had one more query to try. I asked Claude to write a parody based on the BRICKSTORM malware to close out the editor's letter, and this is what it produced: A Brick-Layer's Lament 'Twas BRICKSTORM, and the slithy threats Did burrow deep in vCenter's code; All flimsy were the network sets, And the backdoors silently bode. Beware the BRICKSTORM, admin son! The jaws that breach, the claws that steal! Beware the APT, and shun The firmware that conceals the real! (With apologies to Lewis Carroll) Claude then congratulated itself for its "short, clever poem" and the attribution to the original author "just as Hilarie Orman does." And so, I have succeeded in using AI to parody my own parody style, albeit with a rather disappointing "cleverness" score IMHO. Claude recommended that I use the name "Dr. Sarah Chen" and that I tell you to "stay vigilant". I'll do neither, but I will urge you to keep the research fires burning next to the Yule log, and please do the writing yourself. Hilarie Orman cipher-editor @ ieee-security.org ==================================================================== Commentary and Opinion ==================================================================== Book reviews from past issues of Cipher are archived at http://www.ieee-security.org/Cipher/BookReviews.html, and conference reports are archived at http://www.ieee-security.org/Cipher/ConfReports.html ____________________________________________________________________ Book Review By Sven Dietrich December 7, 2025 ____________________________________________________________________ The Ghidra Book - The Definitive Guide by Chris Eagle and Kara Nance No Starch Press 2026 (forthcoming). ISBN 978-1-7185-0468-4 (print), 978-1-7185-0469-1 (ebook) XXVIII, 578 pages, 2nd Edition As the threats from malware persist, reverse engineering is remains an important discipline. Looking back at the many years that reverse engineering tools have been in use, whether in the back rooms of some agencies, the commercial labs at corporations large or small, or in research labs in general, there tend to be two main contenders over time: the greybeard that is the commercial software IDA Pro and the much younger open-source Ghidra that emerged unexpectedly from the US-based National Security Agency Research Directorate about 6 years ago or so. Here we are in anticipation of the early 2026 release of the second edition of "The Ghidra Book - The Definitive Guide," again authored by the successful team Chris Eagle and Kara Nance, to be published by No Starch Press in February. The early review copy is of similar size to the previous edition at around 600 pages. When I reviewed the first edition of this book back in 2020, Ghidra had been released the year before and was the new kid on the block. Much excitement surrounded the idea of an open-source project that would allow reverse engineering across multiple architectures. The expected audience for the book remains unchanged: reverse engineers at various skill levels, professionals, and students alike. This review will be strongly based on the original review, with an emphasis on the changes for the second edition. The reverse engineering world is a fascinating one: an analyst is undoing the work of compilers and assemblers, creating something that describes the functionality of the binary program that is being scrutinized by transforming it into a disassembled, intermediate, or even decompiled form. Many tools now exist that replace the manual and repetitive tasks that reverse engineers used to do by hand. The need for faster turnaround times have created an ecosystem of plugins or scripts that extend the capabilities of the basic reverse engineering framework. If one can call such a framework "basic," that is. The second edition book is divided into five parts, for a total of 23 chapters, followed by an appendix. While the structure resembles the first edition of the book, the reader should understand that the book has undergone a serious general "overhaul" for content in connection to the evolution and expansion that happened for Ghidra over the last few years. The book is illustrated with helpful, updated Ghidra screenshots and even more expanded code samples than before. The latter are available from a book companion website for those readers whose curiosity has been piqued and can't wait to just try it out. The five parts are, in order, 'Introduction', 'Basic Ghidra Usage,' 'Customizing and Extending Ghidra,' 'A Deeper Dive,' and 'Real-world Applications,' followed by an appendix called 'Ghidra for IDA Pro Users.' In the first part 'Introduction', the reader learns the basics of the field. For the first chapter 'Introduction to Disassembly,' this means grasping the proper context of programming languages from machine languages to higher forms such as C/C++ or Java, and understanding that the compilation process is lossy, making the job of the reverse engineer having to reverse that process a challenging task. For the second chapter, 'Reversing and Disassembly Tools,' the reader recognizes that there are two classical disassembly techniques, namely Linear Sweep and Recursive Descent, plus a few ways of expressing the disassembled code, such as the AT&T and Intel notation variants. The first part wraps up with a quick introduction to Ghidra. The second part 'Basic Ghidra Usage' contains seven chapters that explain the basics of Ghidra, such as data displays (i.e. how you view the disassembly in multiple functional windows), untangling a Ghidra disassembly and how to manipulate it to your liking. Further chapters discuss data types that come with each programming language, as well as data structures, and capturing cross-references in a program, as well as graphs as a more or less simple way of displaying what a program does. In the end, the reader will realize that Ghidra is really a database that allows you to label or annotate the code incrementally, sometimes automagically, as you move along. The basics explained here include initial guidance on accepting recommendations for code identification, such as processor type, bitness (16/32/64), or even suggested compiler types that may have generated the binary program. In the third part, 'Customizing and Extending Ghidra,' the authors explore the above-mentioned collaborative software reverse engineering across multiple analysts' devices, customization (for one Ghidra is available in source, for two, Ghidra can be adjusted to taste), extending the worldview such as improving the automagic labeling and function identification in the binary, and basic scripting for repeated or repetitive tasks. Moreover, one chapter discusses the integration of the Eclipse IDE of Java fame using the GhidraDev plugin. Last but not least in this part, the authors guide the reader on the headless (dragon?) mode, when a GUI is not needed, say in scripting mode or for batches of binaries. Here the python-based pyGhidra extension stands out as a new addition to the second edition, as it lets python users tap into the capabilities of Ghidra. For the fourth part 'A Deeper Dive,' the book goes even further into the nitty gritty of Ghidra, looking at Ghidra loaders for when Ghidra is at wit's end, say in the case of shellcode without proper program headers. Another chapter looks at Ghidra processors, for the (unlikely?) event the reader may have to write - using the SLEIGH language - their own processor definition for a firmware image for a particular embedded processor they may have discovered. That chapter also mentions p-code or intermediate representation (IR), with an intermediate language (IL), an important concept found in the common reverse engineering and security literature. The authors also mention the Ghidra Decompiler, which builds on p-code among other things, and the challenges that may occur when dealing with Compiler Variations that can throw the analyst off. In the last part 'Real-world Applications,' the real fun stuff awaits: a discussion of Ghidra use in the context of Obfuscated Code Analysis such as anti-static analysis techniques (e.g. opcode obfuscation, dynamic target computation, control flow obfuscation) and anti-dynamic-analysis techniques (virtualization detection, debugging detection), and the new(er) emulator capabilities. They also mention Patching Binaries, for when the reader may want to modify a program for a variety of reasons (remove debugging, bypass system checks, phoning home), and Binary Differencing and Version Tracking for understanding the lineage of a malware family, for example, especially for those readers that are familiar the IDA Pro bindiff tool. The discussion of the Ghidra Bsim comparison tool stands out here in the new edition, with an example of using this tool for ransomware code evolution. The book wraps up with an Appendix on 'Ghidra for IDA Pro Users,' for those die-hards who got used to another framework of thinking about reverse engineering and want to explore a new world, even if it is 6-7 years in the "public life" of Ghidra, as this maps the concepts from the other (IDA Pro) world to the Ghidra world discussed in the book. Chris Eagle and Kara Nance have - once more - delivered a very readable and hands-on book on reverse engineering using a publicly available tool. This second edition will join the first edition on my bookshelf. I enjoyed reading this book by the Eagle-Nance team that will continue to make the black art of reverse engineering more accessible. ----------------------------------------------- Sven Dietrich reviews technology and security books for IEEE Cipher. He welcomes your thoughts at spock at ieee dot org. ____________________________________________________________________ ==================================================================== News Briefs ==================================================================== News briefs from past issues of Cipher are archived at http://www.ieee-security.org/Cipher/NewsBriefs.html -------------------------------------------------------- In Memoriam: Daniel J. Edwards Daniel J. Edwards, retired computer scientist and early computer pioneer passed away peacefully Monday Jan 27, 2025 close to his home in Troutville, Virginia. https://regionalobituaries.com/obituary/daniel-j-edwards/ Summary: Dan wrote a masters thesis at MIT in 1966 about automating the decoding of simple cipher systems with computers. At the time he was at Project MAC. He continued contributing to the foundations of computer security and was one of the authors of the Orange Book. His interview for the Charles Babbage Institute's oral history project is here: https://conservancy.umn.edu/items/4d5d430a-4064-4949-88df-b2b55362b681 The Applied Computer Security Association maintains information about people in the computer security field who have died. Dan's entry will appear there ( https://www.appliedcomputersecurity.org/memoriam.html ). ------------------------------------------------------------------------------- It's Not the Mortar, It's the Brick Another BRICKSTORM: Stealthy Backdoor Enabling Espionage into Tech and Legal Sectors Publisher: Mandiant Services and Google Threat Intelligence Group https://cloud.google.com/blog/topics/threat-intelligence/brickstorm-espionage-campaign Date: September 24, 2025 By: Sarah Yoder, John Wolfram, Ashley Pearson, et al. Summary: This new malware has been insinuating itself in various platforms for at least two years (see https://cloud.google.com/blog/topics/threat-intelligence/ivanti-post-exploitation-lateral-movement) Google Cloud blog from April of 2024) when it was noticed in Ivanti Connect Secure. More recently it was detected in a variety of Linux and BSD-based appliances. BRICKSTORM is remarkably hard to detect, and its initial entry point was known when it was first detected. Researchers think that it gains access to edge appliances using zero-day exploits and from there moves inward to VMware vCenter and ESXi hosts. ------------------------------------------ Analysis Report: BRICKSTORM Backdoor Publisher: CISA https://www.cisa.gov/news-events/analysis-reports/ar25-338a> Date: December 5, 2025 Summary: The stealth and persistence of BRICKSTORM malware are due to clever engineering, the type associated with espionage from the People's Republic of China. This CISA report about an analysis of eight samples of BRICKSTORM reveals the multilayered capabilities of the software, with is embodied in a "custom Executable and Linkable Format (ELF) Go-based backdoor". Stolen credentials, encrypted messages, automatic reinstall, jumps from server to server, and many other coordinated techniques make this malware hard to stop. The report makes for an interesting true cybercrime story. ------------------------------------------------------------------------------- Your Beverage Is Being Held for Ransom Asahi restarts beer production after cyber-attack Publisher: BBC https://www.bbc.com/news/articles/c5yje27je5jo> Date: Oct 6, 2025 By: Faarea Masud Summary: In late September the Asahi beer company was the victim of a cyber-attack that shut down its order and shipment operations. The problem was so serious that beer production was halted, and restaurants in Japan found it difficult to stock the popular brew. By early September partial production was resumed at all six breweries in Japan (production outside of Japan was unaffected by the attack). Overall, the attack had a serious affect on the company's ability to produce beer, soft drinks, and other food items. ---------------------------------------- Japan: Asahi needs at least two more months to restore logistics Publisher: Inside Beer https://www.inside.beer/news/detail/japan-asahi-needs-at-least-two-more-months-to-restore-logistics> Date: November 27, 2025 Summary: The attack on Asahi not only disrupted their logistics, it also may have disclosed data about as many as 2 million people, most of them Asahi customers. Asahi refused to pay ransom, and it is still recovering from the "sophisticated and cunning" attack. Their CEO estimates that full production of their products will not resume until February of 2026. ------------------------------------------------------------------------------ Bitcoin ATMs: Easier Than Gambling Bitcoin ATMs increasingly used by scammers to target victims; critics say Americans in 2024 lost nearly $250 million to scams that used Bitcoin ATMs Publisher: ABC News https://abcnews.go.com/US/bitcoin-atms-increasingly-scammers-target-victims-critics/story?id=126305810> Date: October 9, 2025 By: Jay O'Brien and Lucien Bruggeman Summary: Is it possible to convince several thousand people, most of them elderly, to convert their life savings to hundred dollar bills and feed them into a machine at a gas station for "safeguarding"? According to the FBI and AARP, that happened last year, and presumably has continued in the current year. The machines are Bitcoin ATMs, and scammers convince their victims to divert the money to themselves. The owners of the ATMs collect impressive fees to the transactions, and they are reluctant to take measures that might reduce the risk to unwitting customers. ------------------------------------------------------------------------------ Crash the Internet? Could the internet go offline? Inside the fragile system holding the modern world together Behind every meme and message is creaking, decades-old infrastructure. Internet experts can think of scenarios that could bring it all crashing down Publisher: The Guardian https://www.theguardian.com/technology/2025/oct/26/internet-infrastructure-fragile-system-holding-modern-world-together> Date: 26 Oct 2025 By: Aisha Down Summary: The Internet is composed of a myriad of communicating devices. Its ad hoc complexity is thought to be its best defense. To "take it down" would be like cutting through curtains of glue and string. But as the Internet grows, people need to find ways to manage the myriad of devices, and economics and information theory tend to favor centralization of resources. So, the Internet grows and the Internet coalesces. Inquiring minds want to know if it has an Achilles heel (or several of them) that could be toppled like a stack of dominoes. DNS, AWS, Google data centers, BGP, ... ? Do these hide weaknesses in our digital ecosystem? This article has musings from 3 Internet experts about disaster scenarios. One of them mentioned an informal Internet recovery plan for the UK that would involve gathering their gurus at a London pub to map out a restart strategy. He told the reporter: "I don't know if this is still the case. It was quite a few years ago and I was never told which pub it was." ------------------------------------------------------------------------------- Seriously, Another Deserialization Bug?! WSUS attacks hit 'multiple' orgs as Google and other infosec sleuths ring Redmond's alarm bell If at first you don't succeed, patch and patch again Publisher: The Register https://www.theregister.com/2025/10/27/microsoft_wsus_attacks_multiple_orgs/> Date: 27 Oct 2025 By: Jessica Lyons Summary: Windows Server Update Services (WSUS) had an exploitable bug in its data deserialization routines that led to remote code execution. Microsoft issued a patch for the problem, and that caused malicious actors to take note. However, machines running WSUS shouldn't be accessible from the Internet, so it would be hard to launch an attack, right? Sadly, Trend Micro found 500K servers on the Internet, and it is likely that all of them will be probed by attackers at some point. Once the attackers obtain remote shell access, they generally perform reconnaissance and exfiltration as well as covering their tracks. The potential danger to other parts of an enterprise are catastrophic. ---------------------------------- ShadowPad Malware Actively Exploits WSUS Vulnerability for Full System Access Publisher: The Hacker News https://thehackernews.com/2025/11/shadowpad-malware-actively-exploits.html> Date: Nov 24, 2025 By: Ravie Lakshmanan Any hope that the WSUS remote execution vulnerability would be a small glitch were dashed when a server with the patch to fix the deserialization bug was subsequently infected with a modular malware system called ShadowPad. It origins date back to 2015, and its current instantiation has been called a "masterpiece of privately sold malware in Chinese espionage." ==================================================================== Listing of academic positions available by Cynthia Irvine ==================================================================== http://cisr.nps.edu/jobscipher.html -------------- This job listing is maintained as a service to the academic community. If you have an academic position in computer security and would like to have in it included on this page, send the following information: Institution, City, State, Position title, date position announcement closes, and URL of position description to: irvine@cs.nps.navy.mil ==================================================================== Conference and Workshop Announcements ==================================================================== ==================================================================== Upcoming Calls-For-Papers and Events ==================================================================== The complete Cipher Calls-for-Papers is located at http://www.ieee-security.org/CFP/Cipher-Call-for-Papers.html The Cipher event Calendar is at http://www.ieee-security.org/Calendar/cipher-hypercalendar.html Requests for inclusion in the list should sent per instructions: http://www.ieee-security.org/Calendar/submitting.html ____________________________________________________________________ Cipher Event Calendar ____________________________________________________________________ IEEE Transactions on Privacy, https://www.computer.org/csdl/journals/pr Submission date: On-going HOST 2026 19th IEEE International Symposium on Hardware Oriented Security and Trust, Washington DC, USA, May 4-7, 2026. https://host.conferences.computer.org/2026/ Submission dates: 1 September 2025 and 8 December 2025 ACSAC 2025 41th Annual Computer Security Applications Conference, Honolulu, Hawaii, USA, December 8-12, 2025, https://www.acsac.org/ HealthSec 2025 Workshop on Cybersecurity in Healthcare, Co-located with the Annual Computer Security Applications Conference (ACSAC41), Honolulu, HI, USA, December 9, 2025. https://publish.illinois.edu/healthsec2025/ ACM ASIACCS 2026 21st ACM ASIA Conference on Computer and Communications Security, Bangalore, India, June 1-5, 2026. https://asiaccs2026.cse.iitkgp.ac.in/call-for-papers/ Submission dates: 25 August 2025 and 12 December 2025 ICISS 2025 21st International Conference on Information Systems Security, Indore, India, December 16-20, 2025, https://iciss.isrdc.in/ IFIP 119 DF 2026 22nd Annual IFIP WG 11.9 International Conference on Digital Forensics, New Delhi, India, January 5-6, 2026, http://www.ifip119.org/ ICBC 2026 8th IEEE International Conference on Blockchain and Cryptocurrency, Brisbane, Australia, June 1-5, 2026, https://icbc2026.ieee-icbc.org/ Submission date: 7 January 2026 ACM CCS 2026 33rd ACM Conference on Computer and Communications Security, Hague, The Netherlands, November 15-19, 2026. https://www.sigsac.org/ccs/CCS2026/call-for/call-for-papers.html Submission dates: 7 January 2026 and 22 April 2026 CSF 2026 39th IEEE Computer Security Foundations Symposium, Colocated with FLoC 2026, Lisbon Portugal, July 26-29, 2026, https://csf2026.ieee-security.org/ Submission dates: 24 July 2025, 9 October 2025, and 29 January 2026 USENIX Security 2026 35th USENIX Security Symposium, Baltimore, MD, USA, August 12-14, 2026, https://www.usenix.org/conference/usenixsecurity26 Submission dates: 19 August 2025 and 29 January 2026 AMASS 2026 Workshop on Advances in Malware Analysis and Software Security, Held in conjunction with ACM ASIACCS, Bangalore, India, June 2, 2026, https://sites.google.com/view/amass2026/home Submission date: 31 January 2026 NDSS 2026 Network and Distributed System Security, San Diego, CA, USA, February 23-27, 2026. https://www.ndss-symposium.org/ndss2026/submissions/call-for-papers/ PETS 2026 26th Privacy Enhancing Technologies Symposium, Calgary, Canada, July 20-25, 2026, https://petsymposium.org/cfp26.php Submission dates: 31 May 2025, 31 August 2025, 30 November 2025, and 28 February 2026 ACM WiSec 2026 19th ACM Conference on Security and Privacy in Wireless and Mobile Networks, Saarbrucken, Germany, June 30 - July 3, 2026, https://wisec26.events.cispa.de/ Submission dates: 18 November 2025 and 3 March 2026 Electronics Journal, Special Issue on Data Privacy Protection in Blockchain Systems. https://www.mdpi.com/journal/electronics/special_issues/14QMWO4O7C Submission date: 15 March 2026 SaTML 2026 4th IEEE Conference on Secure and Trustworthy Machine Learning, Munich, Germany, March 23-25, 2026, https://satml.org/ ACM CCS 2026 33rd ACM Conference on Computer and Communications Security, Hague, The Netherlands, November 15-19, 2026. https://www.sigsac.org/ccs/CCS2026/call-for/call-for-papers.html Submission date: 7 January 2026 and 22 April 2026 HOST 2026 19th IEEE International Symposium on Hardware Oriented Security and Trust, Washington DC, USA, May 4-7, 2026. https://host.conferences.computer.org/2026/ SP 2026 47th IEEE Symposium on Security and Privacy, San Francisco, CA, USA, May 18-21, 2026, https://sp2026.ieee-security.org/cfpapers.html ICBC 2026 8th IEEE International Conference on Blockchain and Cryptocurrency, Brisbane, Australia, June 1-5, 2026, https://icbc2026.ieee-icbc.org/ ACM ASIACCS 2026 21st ACM ASIA Conference on Computer and Communications Security, Bangalore, India, June 1-5, 2026, https://asiaccs2026.cse.iitkgp.ac.in/call-for-papers/ AMASS 2026 Workshop on Advances in Malware Analysis and Software Security, Held in conjunction with ACM ASIACCS, Bangalore, India, June 2, 2026, https://sites.google.com/view/amass2026/home ACM WiSec 2026 19th ACM Conference on Security and Privacy in Wireless and Mobile Networks, Saarbrucken, Germany, June 30 - July 3, 2026, https://wisec26.events.cispa.de/ PETS 2026 26th Privacy Enhancing Technologies Symposium, Calgary, Canada, July 20-25, 2026, https://petsymposium.org/cfp26.php CSF 2026 39th IEEE Computer Security Foundations Symposium, Colocated with FLoC 2026, Lisbon Portugal, July 26-29, 2026, https://csf2026.ieee-security.org/ USENIX Security 2026 35th USENIX Security Symposium, Baltimore, MD, USA, August 12-14, 2026. https://www.usenix.org/conference/usenixsecurity26 ACM CCS 2026 33rd ACM Conference on Computer and Communications Security, Hague, The Netherlands, November 15-19, 2026. https://www.sigsac.org/ccs/CCS2026/call-for/call-for-papers.html ==================================================================== Information on the Technical Committee on Security and Privacy ==================================================================== ____________________________________________________________________ Information for Subscribers and Contributors ____________________________________________________________________ SUBSCRIPTIONS: Two options, each with two options: 1. To receive the full ascii CIPHER issues as e-mail, send e-mail to cipher-admin@ieee-security.org (which is NOT automated) with subject line "subscribe". OR send a note to cipher-request@mailman.xmission.com with the subject line "subscribe" (this IS automated - thereafter you can manage your subscription options, including unsubscribing, yourself) 2. To receive a short e-mail note announcing when a new issue of CIPHER is available for Web browsing send e-mail to cipher-admin@ieee-security.org (which is NOT automated) with subject line "subscribe postcard". OR send a note to cipher-postcard-request@mailman.xmission.com with the subject line "subscribe" (this IS automated - thereafter you can manage your subscription options, including unsubscribing, yourself) To remove yourself from the subscription list, send e-mail to cipher-admin@ieee-security.org with subject line "unsubscribe" or "unsubscribe postcard" or, if you have subscribed directly to the xmission.com mailing list, use your password (sent monthly) to unsubscribe per the instructions at http://mailman.xmission.com/cgi-bin/mailman/listinfo/cipher or http://mailman.xmission.com/cgi-bin/mailman/listinfo/cipher-postcard Those with access to hypertext browsers may prefer to read Cipher that way. It can be found at URL http://www.ieee-security.org/cipher.html CONTRIBUTIONS: to cipher @ ieee-security.org are invited. Cipher is a NEWSletter, not a bulletin board or forum. It has a fixed set of departments, defined by the Table of Contents. Please indicate in the subject line for which department your contribution is intended. Calendar and Calls-for-Papers entries should be sent to cipher-cfp @ ieee-security.org and they will be automatically included in both departments. To facilitate the semi-automated handling, please send either a text version of the CFP or a URL from which a text version can be easily obtained. For Calendar entries, please include a URL and/or e-mail address for the point-of-contact. For Calls for Papers, please submit a one paragraph summary. See this and past issues for examples. ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. All reuses of Cipher material should respect stated copyright notices, and should cite the sources explicitly; as a courtesy, publications using Cipher material should obtain permission from the contributors. ____________________________________________________________________ Recent Address Changes ____________________________________________________________________ Address changes from past issues of Cipher are archived at http://www.ieee-security.org/Cipher/AddressChanges.html _____________________________________________________________________ How to become <> a member of the IEEE Computer Society's TC on Security and Privacy _____________________________________________________________________ You may easily join the TC on Security & Privacy (or other TCs) by completing the on-line form at IEEE at https://www.computer.org/web/tandc/technical-committees ______________________________________________________________________ TC Conference Publications Online ______________________________________________________________________ The proceedings of previous conferences are available from the Computer Society's Digital Library. IEEE Security and Privacy Symposium IEEE Computer Security Foundations IEEE European Security and Privacy Symposium From 2012 onward, these are available without charge from the digital library 12 months after the conference. ____________________________________________________________________________ TC Officers ____________________________________________________________________________ Chair: Security and Privacy Symposium Chair Emeritus: Thorsten Holz Trent Jaeger Faculty Member Associate Professor CISPA Helmholtz Center for Pennsylvania State University Information Security https://www.cse.psu.edu/~trj1 tcchair at ieee-security.org sp24-chair@ieee-security.org Vice Chair: Treasurer: Alvaro Cardenas Yong Guan Professor Professor University of California, Department of Electrical and Computer Santa Cruz Engineering tcchair at ieee-security.org Iowa State University, Ames, IA 50011 treasurer@ieee-security.org Newsletter Editor: Security and Privacy Symposium, 2025 Chair: Hilarie Orman Marina Blanton Purple Streak, Inc. Associate Professor 500 S. Maple Dr. University at Buffalo Woodland Hills, UT 84653 sp25-chair at ieee-security.org cipher-editor@ieee-security.org TC Awards Chair: Tegan Brennan Assistant Professor Stevens Institute of Technology tbrenna5 at stevens.edu ____________________________________________________________________________ BACK ISSUES: Cipher is archived at: http://www.ieee-security.org/cipher.html Cipher is published 6 times per year --=====================_purplestreak_932242421235479791===--