Fake Malware Warning on NYTimes web site

I just got a fake malware warning while reading an article on the New York Times web site. It also locked up my web browser too.

I'm copying and pasting the text here, to help any folks who do a search on the text.
There was a dangerous try to get an access to your personal logins & bank information. Luckily, your Firewall managed to block this suspicious connection. We recommend you to freeze your accounts until some measures will be taken. There is a great threat of leaking of your personal data. So you need to respond swiftly! Trojan Virus may have already hurt your hard disk and its data. That is why we are checking and verifying your system security. Do not waste your tie and consult one of our service centers or call us. Contact Microsoft Support: +1 (866) 273-6507 (TOLL-FREE). Your urgent response is needed. To deal with this problem, contact our network administrator.
How can we tell this is fake? 
First, I'm using the Chrome web browser, and folks from the Chrome …

What are the least secure connected devices?

A journalist was asking my thoughts about the least secure connected devices out there today. Here's my response:


What's insecure? Almost all of the cheaper consumer electronics available on the market today, including toys, light bulbs, weight scales, bread makers, web cams, and more.

There are two major reasons. The first is that most of these are made by hardware manufacturers who have little background in software engineering best practices, let alone security. The result is common security problems, such as default passwords, no support for software updates, little or no encryption, or poor management of cloud servers.

The other reason is economics. We consumers don't make purchasing decisions based on whether a device is secure or not, since we can't easily gauge the quality of security. One result is that manufacturers don't put a lot of effort into security.

I research IoT security, and I basically try to avoid having any of these devices in my h…

Future of Education and Training in a World of Automation

A journalist was asking me about the future of automation, especially in terms of how we (society) should change in regards to training and education of workers. Below are my responses.

1) Do you consider your courses at CMU to be training a workforce for an increasingly automated world?

We don't explicitly gear our courses at CMU for training workforces. Generally, our courses are more about teaching high level concepts, methods, and skills. It's the same difference as learning how to program in Java and learning computer science with Java. The former focuses only on skills, while the latter focuses on bigger picture issues as well as the fundamentals.

2) Is the best way to train for "future jobs" truly in learning the mechanics of the machines that we rely on? Or is it perhaps better to train for truly complementary roles, human skills that a machines are far away from replicating?  (i.e. communications, design).
I would say that it's mostly for complementary rol…

Thoughts on the Future of Technology and Well-Being

I just filled out a survey by Pew Internet and Elon College about the future of Internet technologies on well-being. Here are my responses:

Our question: Over the next decade, how will changes in digital life impact people’s overall well-being, physically and mentally?

Many years ago, the famed Nobel laureate Herb Simon pointed out that "[I]nformation consumes the attention of its recipients. Hence a wealth of information creates a poverty of attention." Simon presciently pointed this out in 1971.

However, back then, the challenge was information overload. Today, we now also have organizations that are actively vying for our attention, distracting us with smartphone notifications, highly personalized news, addictive games, Buzzfeed-style headlines, and fake news. These organizations also have a strong incentive to optimize their interaction loops, drawing on techniques from psychology and mass A/B testing to draw us in. Most of the time it's to increase clickthrough rates…

My Commencement Speech for SCGSSM 2017

I was recently honored with Alumni of the Year award from my high school alma mater, the South Carolina Governor's School for Science and Math. For this award, I was also offered some time to give a short speech at this year's commencement ceremonies.

Note that the main speaker was Mick Mulvaney, who is Trump's budget director at the Office of Management and Budget. As you might know, Mulvaney is in charge of putting together the proposed US government budget, which essentially cuts... well, pretty much everything except the military.

Given that I am a scientist myself, and am an alum of a school for science and math, and would be speaking after someone who is proposing massive cuts to the National Science Foundation, EPA, National Institutes for Health, ARPA-E, Centers for Disease Control, NASA, and more, I felt I had to make a strong case for why science really matters, and to still encourage the graduating seniors that there is hope for the future.

And yes, I did consid…

Cybersecurity under the Trump Administration

A journalist asked me about cybersecurity under the Trump administration, whether anything will change. Here are my thoughts. Note that this is just my opinion and does not represent my employers or any of my funders.


I don't expect much to change. President Obama already made cybersecurity one of his top 10 priorities, and as a result, a lot of the heavy lifting has already started.
However, there are still some opportunities for the next administration. For example: A lot more research funds for longer-term thinking and solutions to big problems. Security today is dominated by the latest data breach, and there isn't enough funding for problems 5-10 years down the road, in particular Internet of Things.Another area that needs longer-term thinking and solutions is foreign countries interfering with elections. It's unclear how much happened this year, but it's only going to get worse. There are a lot of concerns that foreign countries are using our very own…

Some Tips on Protecting Yourself from Ransomware

I've been asked by more and more journalists to offer some insights into various aspects of cybersecurity. I figured that since I'm already writing these up, I might as well share them with the public. This one is on ransomware.


Ransomware is a kind of malware that holds your data hostage. The malware scrambles your data and makes it so that you can't access it, unless you pay a ransom, typically in Bitcoin.

It's not really clear if you can recover your data or not. Some people have been able to by paying the ransom, while others have not.

Instead, the best thing you can do is to prevent being infected in the first place. Here are some tips for protecting yourself:

Don't install any software you weren't expecting to install. A lot of malware and ransomware are designed to trick you into installing them. They might pretend to be anti-virus, or say that you need to update your browser. Don't do it!Be especially careful of email attachments.