Georgiev and Shmatikov's discovery of short-URL vulnerabilities receives extensive press coverage

Vitaly Shmatikov's paper with Cornell Tech visitor Martin Georgiev, "Gone in six characters: Short URLS considered harmful for cloud services", received widespread press coverage, including in Wired, Forbes, Vice, Boing Boing, Hacker News, and around the world.  Wired wrote, "The researchers’ work demonstrates the unexpected privacy-invasive potential of “brute-forcing” shortened URLs: By guessing at shortened URLs until they found working ones, the researchers say that they could have pulled off tricks ranging from spreading malware on unwitting victims’ computers via Microsoft’s cloud storage service to finding out who requested Google Maps directions to abortion providers or drug addiction treatment facilities."

The Cornell Chronicle writes, "Since their warning appeared, the researchers reported, Google has lengthened the URLs of its map links and Microsoft has dropped the 'shorter URL' option for OneDrive users (causing users to complain). A lot of other problems have been fixed in various ways, but the thought to keep in mind: 'Any document shared on a cloud service is effectively public.'"

Links to coverage of the discovery can be found here.

Image: Then One / Wired

Date Posted: 8/29/2016

Cornell work part of the discussion on Bitcoin currency issue rate

Ittay Eyal and Emin Gun Sirer's discovery of the power of even a less-than-majority set of colluding parties to compromise the bitcoin ledger once again surfaced in the news.  This time, due to the planned bitcoin operation reduction of minting rate. This prompted concerns, bolstered by Eyal and Sirer's work, that already-influential parties could be better position to create disruptions.

Date Posted: 8/26/2016

Hopcroft receives MSR Outstanding Collaborator Award

John Hopcroft was a recipient of a Microsoft Research Outstanding Collaborator Award. He was cited for his membership on the Microsoft Research Asia (MSRA) Technical Advisory Board; for being one of the strongest advocates for MSR among talented students in China (MSRA has hired over half of his top computer science undergraduates as interns); strengthening the collaboration between MSR and key academic partners; and, in collaboration with MSR researchers Christian Borgs and Jennifer Chayes for over a decade, developing influential network algorithms for decreasing web spam and for identifying communities in massive networks.

Also receiving the award was Stephanie Weirich, who received her PhD from Cornell CS in 2002 and is now full professor at the University of Pennsylvania.

Date Posted: 8/26/2016

Sirer quoted on Ethereum's hard fork

Ethereum, a new cryptocurrency for smart contracts, performed a hard fork to reverse the damage wrecked by The DAO, an investment contract that was identified by Emin Gun Sirer and colleagues as vulnerable. The hard fork went without a hitch, and was covered widely in the press. 

Sirer was an advocate for the hard fork before it happened: "Everybody who bought into The DAO with substantial cash wants a hard fork. People who have no conflict of interest with the DAO, like myself, want to see a hard fork. The folks [the startup created the DAO] will be sued no matter what but they want to follow the path with least legal responsibility."

Afterwards, Sirer, characterized by Quartz as the person "who has perhaps contributed the most research in the aftermath of the DAO hack", praised the Ethereum world for how it adapted to discoveries of technical flaws:  "The Ethereum community has been amazingly science-driven, open and forthright. The civilness of their response should be a shining example to other communities".  

Community was also a theme he drew out as a moral to the story. As a contrast to the "long-chain fetishism" of those who view the length of a blockchain as the source of its value, Sirer said, "The most important lesson, at least for me, and I hope for the public at large as well, is that the fiat currency in my pocket and also the cryptocurrency in various different wallets that I have, they all have value because of community properties, because the community believes them."  

Press coverage:
IT World Canada

Date Posted: 8/26/2016

Joachims co-wins SIGIR Test of Time Award

This year’s ACM SIGIR Test-of-Time Award went to a paper by Thorsten Joachims, Laura Granka, Bing Pan, Helene Hembrooke, and Geri Gay. "Accurately interpreting clickthrough data as implicit feedback" (2005) was one of the first papers to rigorously explore the behavioral biases in implicit feedback from user behavior, giving insight into how to properly use machine learning methods to learn from such data. In particular, the paper combined insights and experimental methodology from the behavioral social sciences with the theory underlying machine learning algorithms. The award recognizes the works’s impact on information retrieval research, as well as on how search engines and other online systems use machine learning today.

The SIGIR Test of Time Award recognizes research that has had long-lasting influence, including impact on a subarea of information retrieval research, across subareas of information retrieval research, and outside of the information retrieval research community (e.g. non-information retrieval research or industry). The winning paper is selected from the set of full papers presented at the main SIGIR conference 10-12 years before.

Date Posted: 8/26/2016

Sirer quoted in multiple outlets on smart contracts

"Smart" contracts have come under fire after the roughly $50M theft from the cryptocurrency-based DAO, which employs the Ethereum blockchain.  Emin Gun Sirer, quoted extensively in CoinJournal, states that "Writing good contracts has always been difficult ... Smart contracts are orders of magnitude more difficult to write, and there will probably be some spectacular failures ahead. The DAO was a wakeup call for improving the science of smart contracts, so we can avoid some of them.  However, he continued, disasters can ultimately aid progress: "Had we backed down after Tacoma Narrows, we would not be able to span many of the bigger valleys with suspension bridges today ... We need to explore the boundaries, and expect occasional failures." 

With respect to the Ethereum Foundation itself, Sirer suggested that it could provide different tiers of scrutiny and allow third parties to vet smart contracts. American Banker credits his point with "[getting] at a key issue of the whole fiasco with the DAO, which is that no one thought this much money was going to be put into an Ethereum smart contract so early in the game".  At the same time, Sirer notes, "Who am I to turn to investors and to tell them not to invest in this potential future technology? Clearly, every individual investor saw a value opportunity, and invested an amount that they could afford into that dream. This is exactly how crowds latch on to good ideas, propel them forward with capital, and how we make technological progress. Trying to stop this is like trying to push back on the Apple II because it's not a 64-bit modern PC."

Date Posted: 8/26/2016

Bitcoinist reports on Chain, Inc.'s new partnership with the Initiative for Cryptocurrency and Contracts

Bitcoinist reports on a new sponsorship by Chain, Inc. for the Initiative for Cryptocurrency and Contracts (IC3).  

The IC3, based at the Jacobs Technion-Cornell Institute at Cornell Tech in NYC, consists of faculty from Cornell University, Cornell Tech, UC Berkeley, UIUC and the Technion, "was founded to advance blockchain development by bringing together the expertise of all participating organizations and making them available to industry partners."  Chain "works together with financial companies to help develop blockchain infrastructures for blockchain-based business solutions".  So, says IC3 co-director Emin Gün Sirer, "The Chain team shares our vision of ubiquitous blockchain-based networks that are fast, scalable, confidential and secure. We look forward to collaborating with Chain to accelerate the deployment and adoption of reliable smart contract solutions.”

The other co-directors of IC3 are Ari Juels and Elaine Shi, and Ittay Eyal is an associate director along with Andrew Miller from UIUC. 

Date Posted: 8/26/2016

Press coverage of "chess and human mistakes" paper by Anderson, Kleinberg, and Mullainathan

Technology Review and Pacific Standard Magazine recently covered a KDD 2016 paper by Ashton Anderson (MSR), Jon Kleinberg, and Sendhil Mullainathan (Harvard; also Cornell CS '93) that used a dataset of 200 million chess games as a model system for analyzing human decisions and errors. A key feature of the domain is that for chess endgames with small numbers of pieces, the winner under an assumption of optimal play can be determined by lookup in computationally-compiled tables, but even the best human players in such settings have a non-trivial "blunder" probability, making moves that worsen their minimax value.

From the Technology Review article: "How do [skill, time, and difficulty] influence the quality of the decision being made? ... These are hard questions to answer, given the difficulty of setting up a controlled experiment to test them. Indeed, nobody has found a satisfactory way of studying the problem. Until now. [The authors] unveil the first large-scale study of decision making under controlled conditions. For the first time, these guys have been able to study how the quality of decision making changes with the time available, the skill of the decision maker, and the difficulty of the decision at hand."

Date Posted: 8/26/2016

Leskovec, Faloutsos, and Kleinberg win 2016 SIGKDD Test of Time Award

Jon Kleinberg, together with Christos Faloutsos and former Cornell postdoc Jure Leskovec won the 2016 SIGKDD Test of Time Award for their 2005 KDD paper, "Graphs over Time: Densification Laws, Shrinking Diameters and Possible Explanations."

From the announcement: "The paper makes new discoveries about how real-world graphs and networks grow and evolve over time. These discoveries fundamentally shaped our understanding of the evolution and growth of real-world networks, and the paper spurred a rich line of research on measuring and modeling the structure and evolution of networks across many domains. [The paper's] observations were fundamentally different from what was believed about the evolution of networks at the time they appeared." 

This is the third year of the SIGKDD Test of Time Award, and Cornell faculty have been among the recipients in each of the years it was conferred: Jon Kleinberg and Eva Tardos in 2014 (with Cornell PhD alum David Kempe); Thorsten Joachims in 2015; and Jon Kleinberg in 2016.   

The award recognizes "outstanding papers from past KDD Conferences beyond the last decade that have had an important impact on the data mining research community."

Date Posted: 8/26/2016


Archived News: