Portrait of Shuo Chen

Shuo Chen

Senior Researcher

Press Coverage

About our CCS’13 paper
iOS and Android weaknesses allow stealthy pilfering of website credentials, Ars Technica, August 27, 2013

About our Oakland’12 paper
Study Finds Major Weaknesses in Single Sign-on Systems, Network World, March 27, 2012
Flawed sign-in services from Google and Facebook imperil user account, Ars Technica, March 25, 2012
Trial finds EIGHT WAYS to defeat Google, PayPal and other SSOs, The Register, March 20, 2012
Researchers discover flaws in SSO that leave websites vulnerable, Infosecurity, March 20
Web Services Single Sign-On Contain Big Flaws, Dark Reading, March 19, 2012
Researchers discover “worrisome” authentication flaws in many online services, ZDNet, March 16, 2012

About our finding of an OpenID authentication bug
OpenID Warns Of Serious Bug, InformationWeek, May 9, 2011
OpenID warns of ‘psychic paper’ authentication attack, Register, May 9, 2011
OpenID Foundation warns of identity transmission bug, ZDNet UK, May 9, 2011
OpenID Foundation Warns Websites of Authentication Flaw, eWeek, May 9, 2011

About our Oakland’11 paper
How to Shop for Free Online (video interview), Channel 9, May 17, 2011
Vulnerabilities in Online Payment Systems, Schneier on Security, May 9, 2011

(Shaz Qadeer and I didn’t directly participate in the following interviews because of a non-academic reason.)
Researchers find major flaws in online payment systems. CNN, April 13, 2011.
Exploit-wielding boffins go on free online shopping binge — World’s biggest e-commerce sites wide open, Register, April 12, 2011
Could criminals shop for free online? CNET, April 11, 2011
Security Researchers Exploit Logic Flaws to Shop for Free Online, Network World, April 11, 2011

About our finding of a Facebook authentication bug

About our Oakland’10 paper
Side Channel Attacks in SSL, ha.ckers.org, June 21st, 2010
SaaS Apps May Leak Data Even When Encrypted, Study Says, Dark Reading, March 26th, 2010
Side-Channel Attacks on Encrypted Web Traffic, Schneier on Security, March 26th, 2010
Researchers sound alarm on Web app “side channel” data leaks, Network World, March 25th, 2010
Your health, tax, and search data siphoned: Software-as-a-service springs SSL leak, The Register, March 23rd, 2010.
Side-Channel Leaks in Web Applications, Freedom To Tinker, March 23rd, 2010

About our Oakland’09 paper
Browser flaws expose users to man-in-the-middle attacks, ZDNet, August 7th, 2009
Mozilla patches 11 Firefox bugs, six critical. Plugs SSL hole reported by Microsoft researchers, Computer World, June 12, 2009
Breaking Web Browsers’ Trust, Technology Review, May 21st, 2009