April 20, 2016
Gone in Six Characters: Short URLs Considered Harmful for Cloud Services
has received international acclaim:
# HackerNews, USA
# Ars Technica, USA
# Forbes, USA
# Wired, USA
# CNN Indonesia, Indonesia
# The Register, UK
# Heise, Germany
# Xakep.ru, Russia
# Silicon, France
# Bit, Australia
# ldiario, Spain
# WebNews, Italy
# Security, Netherlands
# DigiToday, Finland
# ... and many others
April 14, 2016
Today, we are publicly releasing our paper:
Gone in Six Characters: Short URLs Considered Harmful for Cloud Services.
This paper demonstrates the inherent insecurities of short URLs for cloud services and presents large-scale vulnerabilities in Google Maps and Microsoft OneDrive.
August 17, 2015
I have officially graduated from UT Austin with a PhD in Computer Science.
The topic of my dissertation is:
On the (In)security of Service APIs.
0 to PhD in 20 years.
I would like to take this moment to thank the following people for their continuous support and encouragement throughout the years: Hristo Georgiev and Temenuzhka Georgieva (my parents); Pavel Georgiev (my brother); Vitaly Shmatikov (my PhD adviser); Vitaly Shmatikov, Brent Waters, Emmett Witchel, Lili Qiu and XiaoFeng Wang (my PhD committee members); Nona Sirakova (♥); Sanford Miller, Bogdan Petrenko, Vishal Anand and Sandeep Mitra (my most inspirational college professors); Daniela Zhekova and Stefka Stoilkova (my Math teachers); Suman Jana, Hongkun Yang, Tsvetomira Radeva, Chad Brubaker and many other professors, teachers and friends. Thank you!
May 26, 2015
I am going back to Google for a summer internship. I will be working on the Gmail Security team. I am very thrilled to be part of this team and help improve the security of the best email service in the world.
January 17, 2015
My paper: Rethinking Security of Web-Based System Applications has been accepted for publication at WWW 2015.
September 3, 2014
I have moved to NYC and am currently a visiting student at Cornell NYC Tech.
June 2, 2014
This summer I will be doing an internship at Google (Mountain View office). I will be working on improving the security of OAuth 2.0 clients. I am very excited about this opprotunity and look forward to contributing to Google's great products and services.
November 1, 2013
My paper: Breaking and Fixing Origin-Based Access Control in Hybrid Web/Mobile Application Frameworks has been accepted for publication at NDSS 2014.
September 9, 2013
Today I found something quite hilarious:
RFC 3514 The Security Flag in the IPv4 Header 1 April 2003 The bit field is laid out as follows: 0 +-+ |E| +-+ Currently-assigned values are defined as follows: 0x0 If the bit is set to 0, the packet has no evil intent. Hosts, network elements, etc., SHOULD assume that the packet is harmless, and SHOULD NOT take any defensive measures. (We note that this part of the spec is already implemented by many common desktop operating systems.) 0x1 If the bit is set to 1, the packet has evil intent. Secure systems SHOULD try to defend themselves against such packets. Insecure systems MAY chose to crash, be penetrated, etc.
August 15, 2013
I have been selected to be one of the VMware
student ambassadors at UT Austin for the 2013-2014 academic year.
This program is to run as an extension to the last year's
I look forward to collaborating with the University Relations team at VMware
and organizing events here at UT.
If you are a student and would like to know more about VMware, feel free to contact me. I will be happy to share with you my experience working at VMware, as well as give you tips how to apply for an internship/new grad position.
May 27, 2013
This summer I will be doing an internship at VMware. I will be working on the Product Security team. I am very excited about this work and am looking forward to learning more about virtualization as well as contributing to VMware's efforts to keep the enterprise software secure.
November 17, 2012
My paper: The Most Dangerous Code in the World: Validating SSL Certificates in Non-Browser Software won 1st place at the AT&T Best Applied Security Paper competition held at NYU-Poly.
October 11, 2012
Today I passed my
Research Preparation Exam (RPE). The topic of my RPE talk was:
"The Most Dangerous Code in the World: (In)secure Usage of Security Libraries".
July 9, 2012
The Most Dangerous Code in the World: Validating SSL Certificates in Non-Browser Software
was accepted in ACM CCS 2012.
The acceptance rate of the conference this year is: 19.15% i.e. 81 papers were accepted out of 423 papers submitted.
March 7, 2012
I currently work on verifying how the Secure Sockets Layer protocol is implemented in different frameworks and what effects certain architectural design decisions may have on the end application's security.
August 24, 2011
Today is my "day one" in the PhD program at UT Austin. I am very excited about this opportunity and looking forward to working on some high-impact research problems in the years ahead.