Podcasts about Lorrie Cranor

Eight children between 2 and 17 years old have arrived in the U.S. from Gaza to receive specialized medical treatment for life-threatening injuries. Here & Now's Chris Bentley reports. And, Islamist opposition group in Syria's reignited civil war is on the rise. Nazareth University scholar of Middle East politics Sefa Secen joins us to explain what this means for U.S. troops there. Then, the National Institute of Standards and Technology is issuing new guidelines for passwords, designed to make passwords easier to manage and more secure. Carnegie Mellon University's Lorrie Cranor joins us.Learn more about sponsor message choices: podcastchoices.com/adchoicesNPR Privacy Policy

Artificial intelligence has been around for decades, but the world changed in November with the introduction of ChatGPT, the AI app that lets anyone harness the power of this amazing supercomputing technology—including criminals. In this episode, a look at how fraudsters might be able to use AI to their benefit. Will it change the types of scams they create or simply make it easier for them to fool us? Can AI companies make it harder for crooks to use their technology against us? Can the good guys use AI to fight fraud more effectively? Special guests: Chester Wisniewski, Field Chief Technology Officer for Applied Research at Sophos, the global digital security company. Lorrie Cranor, Director of the CyLab Security and Privacy Institute at Carnegie Mellon University. Brett Johnson, a convicted cyber-criminal who stole millions, and now works as a digital security consultant. Additional Resources: Identity and Cyber Theft: How to Protect Yourself Cyber Crime: A Former Cyber Crook Explains How to Protect Yourself Stop, Thief! How to Protect Yourself from Identity Theft --- Support this podcast: https://podcasters.spotify.com/pod/show/consumerpedia/support

Podcast: Nexus: A Claroty Podcast (LS 28 · TOP 10% what is this?)Episode: Lorrie Cranor on IoT Security and Privacy LabelsPub date: 2023-04-27Lorrie Cranor, Director and Bosch Distinguished Professor in Security and Privacy Technologies at Carnegie Mellon University's CyLab, joins the Nexus podcast to discuss an IoT security and privacy label initiative under way at CyLab. The labels are meant not only to help consumers make informed buying decisions, but also to nudge vendors and manufacturers closer toward delivering secure smart devices to market. The podcast and artwork embedded on this page are from Claroty, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Lorrie Cranor, Director and Bosch Distinguished Professor in Security and Privacy Technologies at Carnegie Mellon University's CyLab, joins the Nexus podcast to discuss an IoT security and privacy label initiative under way at CyLab. The labels are meant not only to help consumers make informed buying decisions, but also to nudge vendors and manufacturers closer toward delivering secure smart devices to market. 

In this episode, I'm joined by Lorrie Cranor, FORE Systems Professor, Computer Science and Engineering & Public Policy at Carnegie Mellon University (CMU); Director, CyLab Usable Privacy and Security Laboratory; and Co-Director, of CMU's MSIT-Privacy Engineering Masters Program. We discuss the different tracks within the Privacy Engineering Program at CMU, privacy engineering hiring trends, the need for industry education, and Lorrie's research outside of the classroom.----------Thank you to our sponsor, Privado, the developer-friendly privacy platform----------Lorrie explains how this next generation of privacy experts and engineers can work together to bring new architectures, innovations, and software to market. She describes the kind of hands-on work in which her students participate, including a capstone project sponsored by Meta that's exploring ways the platform can integrate more privacy education into its UI/UX.In addition, Lorrie shares her perspective on the job market for privacy engineers for recent grads and explains how CMU's Certificate Program in Privacy Engineering aims to meet the high demand for experienced privacy experts with knowledge of privacy engineering concepts. We also get into her research on cookie banners and privacy “nutrition labels” for IoT devices.Topics Covered:Lorrie's professional background and what drew her into privacy engineeringWhat candidates can expect from the Privacy Engineering Program at CMU Insights into how people interact with cookie banners and potential solutions to improve the user experienceWays that we can bridge the hiring gap in our industryDifferent sectors outside of tech that are looking for privacy experts, including finance and retailResources Mentioned:Apply to CMU's Privacy Engineering Program (Applications due Dec 12th, 2022 for the next enrollment period)Learn about CMU's CyLab Security & Privacy InstituteLearn about the CyLab Usable Privacy and Security (CUPS) LaboratoryReview CMU's research on IoT Privacy & Security Labels.Guest Info:Connect with Lorrie on LinkedInFollow Lorrie on TwitterLearn more about Lorrie Privado.ai Privacy assurance at the speed of product development. Get instant visibility w/ privacy code scans.Shifting Privacy Left Media Where privacy engineers gather, share, & learnBuzzsprout - Launch your podcast Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.Copyright © 2022 - 2024 Principled LLC. All rights reserved.

In this episode, we're being joined by Carnegie Mellon University's Dr. Lorrie Cranor for a deep dive into one of the trendiest and most innovative privacy tools being rolled out by platforms: privacy nutrition labels. We'll be talking through the gaps these labels are filling, how developers and consumers feel about these labels, and what they mean for the future of standardized privacy notices. We'll also be covering this month's tech history, the top global tech policy headlines, and of course, our random identifiers.

Dr. Lorrie Cranor began her career in privacy 25 years ago and has been a professor at Carnegie Mellon University in the School of Computer Science for 19 years. Today, she serves as director and professor for the CMU privacy engineering program. In this episode, Dr. Cranor discusses how she started her career in privacy and then eventually moved into academics. She talks about the history of the CMU privacy engineering program, what the program entails as a student, and the career opportunities available to graduates. Dr. Cranor's area of research focuses on the usability of privacy and privacy decision making. She discusses several recent studies looking at how real world users understand and navigate cookie consent popups and design best practices for companies. She also explains privacy labels and how developers building applications on iOS and Android can do a better job creating these labels. We also discuss the future of privacy education and technologies, touching on the responsibilities of companies and privacy-enhancing technologies like differential privacy. Topics: How did you get interested in security and privacy and start working in this field? What's the history of CMU's Privacy Engineering Program? How did it start? Which department is the program part of? If I'm taking the Master's degree program, what does that consist of? What's the typical undergraduate background of someone taking the Master's degree program? Do graduates typically end up working as privacy engineers and what sort of companies do they end up at? What's the difference between the Master's program and the certificate program? How has engagement with the privacy program changed over the past decade? Should privacy education be part of a standard software engineering undergraduate program? How would you describe your areas of privacy research and the types of problems you're interested in studying? What have you discovered about how individuals make privacy-related decisions? How can companies go beyond the bare minimum in terms of communicating privacy choices to their users? Privacy choices are notoriously difficult to navigate and understand, what does your research help teach us about improving the usability of UX for privacy controls? How can you test privacy choice? Does the collection of test data potentially violate someone's privacy? What is a privacy nutrition label and what problems is it meant to address? Starting in 2020, Apple started using this concept by requiring that all apps in the Apple app store include a privacy label. Labels are self-generated by the app developer. How good is the resulting privacy label if the developer lacks privacy training and education? What are the common mistakes developers are making with creating these privacy labels? What advice do you have for developers so that they can create an accurate privacy label? Cookie consent overlays and popups are now very common. What event led to the introduction of these consent dialogs for consumers? What problems have you discovered with the usability of cookie consent screens? Do we need privacy regulations like GDPR to be more prescriptive in terms of how you meet their requirements, which could include usability guidelines for something like cookie consent? Thoughts on the future of privacy engineering? What are your predictions about privacy education and awareness over the next 5-10 years? Resources: CMU's Privacy Program Dr. Cranor's Research Related episode: Data Protocol's Privacy Engineering Certificate Course with Jake Ward

Does anyone actually read privacy policies? What's in them, and why can't we usually understand them? On our second season finale, we’ll talk with Professor Lorrie Cranor, director of the CyLab Usable Privacy and Security Laboratory at Carnegie-Mellon University. The lab brings together more than 100 faculty from across campus to study security and privacy and help shape public policy in those areas. One of her specialties is how humans interact with security and privacy technologies, to make sure the mechanisms we build are not just secure in theory, but are actually things that we can use. Her TED Talk about password security has been viewed more than 1.5 million times. But today, we’ll talk about another pesky aspect of our digital lives – privacy policies, those mysterious terms and conditions we sign off on – often without reading them -- before we can use an app on our smartphone or laptop.

Tracking your exposure to coronavirus doesn’t mean surrendering your privacy. Bradley talks to cybersecurity expert Lorrie Cranor about how COVID tracking technology works.

Traditionally, security and privacy research focused mostly on technical mechanisms and was based on the naive assumptions that Alice and Bob were capable, attentive, and willing to jump through any number of hoops to communicate securely. However, about 20 years ago that started to change when a seminal paper asked "Why Johnny Can't Encrypt" and called for usability evaluations and usable design strategies for security. Today a substantial body of interdisciplinary literature exists on usability evaluations and design strategies for both security and privacy. Nonetheless, it is still difficult for most people to encrypt their email, manage their passwords, and configure their social network privacy settings. In this talk I will highlight some of the lessons learned from the past 20 years of usable privacy and security research, and explore where the field might be headed. About the speaker: Lorrie Faith Cranor is the Director and Bosch Distinguished Professor in Security and Privacy Technologies of CyLab and the FORE Systems Professor of Computer Science and of Engineering and Public Policy at Carnegie Mellon University. She also directs the CyLab Usable Privacy and Security Laboratory (CUPS) and co-directs the MSIT-Privacy Engineering masters program. In 2016 she served as Chief Technologist at the US Federal Trade Commission. She is also a co-founder of Wombat Security Technologies, Inc, a security awareness training company that was acquired by Proofpoint. She has authored over 200 research papers on online privacy, usable security, and other topics. She has played a key role in building the usable privacy and security research community, having co-edited the seminal book Security and Usability and founded the Symposium On Usable Privacy and Security (SOUPS). She has served on a number of boards and working groups, including the Electronic Frontier Foundation Board of Directors, the Computing Research Association Board of Directors, and the Aspen Institute Cybersecurity Group. In her younger days she was honored as one of the top 100 innovators 35 or younger by Technology Review magazine. More recently she was elected to the ACM CHI Academy, named an ACM Fellow for her contributions to usable privacy and security research and education, and named an IEEE Fellow for her contributions to privacy engineering. She has also received an Alumni Achievement Award from the McKelvey School of Engineering at Washington University in St. Louis, the 2018 ACM CHI Social Impact Award, the 2018 International Association of Privacy Professionals Privacy Leadership Award, and (with colleagues) the 2018 IEEE Cybersecurity Award for Practice. She was previously a researcher at AT&T-Labs Research and taught in the Stern School of Business at New York University. She holds a doctorate in Engineering and Policy from Washington University in St. Louis. In 2012-13 she spent her sabbatical as a fellow in the Frank-Ratchye STUDIO for Creative Inquiry at Carnegie Mellon University where she worked on fiber arts projects that combined her interests in privacy and security, quilting, computers, and technology. She practices yoga, plays soccer, walks to work, and runs after her three teenagers.

Traditionally, security and privacy research focused mostly on technical mechanisms and was based on the naive assumptions that Alice and Bob were capable, attentive, and willing to jump through any number of hoops to communicate securely. However, about 20 years ago that started to change when a seminal paper asked "Why Johnny Can't Encrypt" and called for usability evaluations and usable design strategies for security. Today a substantial body of interdisciplinary literature exists on usability evaluations and design strategies for both security and privacy. Nonetheless, it is still difficult for most people to encrypt their email, manage their passwords, and configure their social network privacy settings. In this talk I will highlight some of the lessons learned from the past 20 years of usable privacy and security research, and explore where the field might be headed.

Another key aspect of the security and privacy label project is that the information is also encoded to be machine readable. This way, even if different countries or industries develop their own assessment tools, there's still a way to compare and process all the data. The researchers point out that data from the labels could make it easier to search for products by their privacy and security features, creating the potential for these to be mainstream product considerations rather than niche points that are difficult for consumers to research. Ecommerce websites could even offer filters for privacy and security features like they already do for things like price, weight, or screen size. In this way, consumers could make intentional choices about the products they buy, with digital safety as one of the factors.The researchers say that they've had a lot of private-sector and congressional interest in their label. But so far they've only been able to make example labels based on imaginary products or mock up labels for real products based on public data. The researchers are looking for a manufacturer to pilot the labels in a more serious way, with honest information about the products.There is real momentum toward doing these types of tests. Finland, Singapore, and the United Kingdom are all working on national IoT label programs focused on security. And while some IoT security bills have floated around the US Congress, the National Telecommunications and Information Administration within the Department of Commerce is actively working on a similar type of project for software. The idea is to develop a software "bill of materials" that would help the industry keep track of all the different open source and third-party components that go into one single software program or platform."Standardization I think will help, just like the ingredients label on food educates people about how much sugar or sodium they're consuming," says Chris Wysopal, chief technology officer of the software auditing firm Veracode. "Standardizing a software bill of materials would make it more clear to a consumer what they're getting."The researchers are realistic that for their work to have a long-term impact there would either need to be widespread voluntary adoption of the label by manufacturers or a government mandate to do so. But they say that's why they've designed the label with room for manufacturers to explain their choices to consumers."There may be a really good reason that your thermostat has a microphone, but if the company doesn't tell you, then you're shocked," says Lorrie Cranor, director of Carnegie Mellon's usable privacy and security lab. "If they tell you about the microphone up front and explain why that is, then you might say 'Oh, OK, that makes sense.'"Conventional wisdom says that consumers won't typically pay a premium for privacy and security features. The researchers had preliminary findings, though, that an easy-to-read label might help people better understand potential risks and make them more willing to pay more for strong guarantees. It will take more investigation to expand on that finding, and the easiest way to do extensive testing would be for companies to start adopting security and privacy labels on their IoT products. You likely won't be seeing IoT privacy labels on store shelves anytime soon. But the stakes are high enough that something certainly needs to change.

At Carnegie Mellon University we are designing a usable security and privacy label for smart devices to help consumers make informed choices about Internet of Things device purchases and encourage manufacturers to disclose their privacy and security practices. The label includes information on privacy and security practices of the smart device, such as the type of data the device collects and whether or not the device gets automatic security updates. Based on research with both consumers and experts, we have designed a two-layer label that includes a simple, understandable primary layer for consumers and a more detailed secondary layer that includes information important to experts.   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode645

This week, we welcome Matt Allen, Senior Solutions Engineer at VIAVI Solutions, to discuss Collaboration between NetOps and SecOps in today's world! In our second segment, we welcome Lorrie Cranor, Director of CyLab Security and Privacy Institute at Carnegie Mellon University, to discuss Research on Security and Privacy labels for IoT devices! In the Security News, Two Zoom Zero-Day Flaws Uncovered, Millions of routers running OpenWRT vulnerable to attack, Marriott says 5.2 million guest records were stolen in another data breach, PoC Exploits for CVE-2020-0796 (SMBGhost) Privilege Escalation flaw published, and we welcome our very special guest for tonight, Dave Kennedy, who joins us to talk about Video Chat Client Vulnerability History and the recent Zoom Vulnerabilities!   Show Notes: https://wiki.securityweekly.com/PSWEpisode645 For more information on VIAVI Solutions, visit: https://securityweekly.com/viavi Visit https://www.securityweekly.com/psw for all the latest episodes!   Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

At Carnegie Mellon University we are designing a usable security and privacy label for smart devices to help consumers make informed choices about Internet of Things device purchases and encourage manufacturers to disclose their privacy and security practices. The label includes information on privacy and security practices of the smart device, such as the type of data the device collects and whether or not the device gets automatic security updates. Based on research with both consumers and experts, we have designed a two-layer label that includes a simple, understandable primary layer for consumers and a more detailed secondary layer that includes information important to experts.   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode645

This week, we welcome Matt Allen, Senior Solutions Engineer at VIAVI Solutions, to discuss Collaboration between NetOps and SecOps in today's world! In our second segment, we welcome Lorrie Cranor, Director of CyLab Security and Privacy Institute at Carnegie Mellon University, to discuss Research on Security and Privacy labels for IoT devices! In the Security News, Two Zoom Zero-Day Flaws Uncovered, Millions of routers running OpenWRT vulnerable to attack, Marriott says 5.2 million guest records were stolen in another data breach, PoC Exploits for CVE-2020-0796 (SMBGhost) Privilege Escalation flaw published, and we welcome our very special guest for tonight, Dave Kennedy, who joins us to talk about Video Chat Client Vulnerability History and the recent Zoom Vulnerabilities!   Show Notes: https://wiki.securityweekly.com/PSWEpisode645 For more information on VIAVI Solutions, visit: https://securityweekly.com/viavi Visit https://www.securityweekly.com/psw for all the latest episodes!   Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

Until recently, usability was often an afterthought when developing security tools. These days there's growing realization that usability is a fundamental part of security. Lorrie Cranor is director of the CyLab Usable Privacy and Security lab (CUPS) at Carnegie Mellon University. She shares the work she's been doing with her colleagues and students to improve security through usability. The research can be found here: https://www.cylab.cmu.edu/news/2019/07/29-usability-history.html

Until recently, usability was often an afterthought when developing security tools. These days there's growing realization that usability is a fundamental part of security. Lorrie Cranor is director of the CyLab Usable Privacy and Security lab (CUPS) at Carnegie Mellon University. She shares the work she's been doing with her colleagues and students to improve security through usability. The research can be found here: https://www.cylab.cmu.edu/news/2019/07/29-usability-history.html The CyberWire's Research Saturday is presented by Juniper Networks. Thanks to our sponsor Enveil, closing the last gap in data security.

Privacy policies: most apps and websites have them, buried away somewhere. These legal documents explain how the company collects, uses, and shares your personal data. But let's be honest, few of us actually read these things, right? And that passive acceptance says a lot about our complicated relationship with online privacy. In the Season 5 premiere of IRL, host Manoush Zomorodi speaks with Charlie Warzel, writer-at-large with the New York Times, about our complicated relationship with data and privacy — and the role privacy policies play in keeping things, well, confusing. You'll also hear from Parker and Lila, two young girls who realize how gaming and personal data intersect. Rowenna Fielding, a data protection expert, walks us through the most efficient ways to understand a privacy policy. Professor Lorrie Cranor explains how these policies have warped our understanding of consent. And privacy lawyer Jenny Afia explains why "privacy" is a base element of being human. IRL is an original podcast from Firefox. For more on the series go to irlpodcast.org. Charlie Warzel is an Opinion writer at large for the New York Times. You can get more insights from him about privacy online when you sign up for the Times’ Privacy Project Newsletter. If you’d like to learn more about privacy policies and their impact on our youth, check out Jenny Afia’s article on tech’s exploitative relationship with our children. This IRL podcast episode referenced several privacy policies, and we encourage you to read them. To start, here’s Firefox’s privacy policy. You’ll see that Firefox’s business model is not dependent on packaging your personal info. And, we hope you’ll find that our policy is easy-to-read, fully transparent, and specific. The other privacy policies referenced in this episode include: Google’s privacy policies Uber’s privacy policy Microsoft’s privacy policy Twitter’s privacy policy Facebook’s privacy policy

Wombat Security Technologies, Inc (https://www.wombatsecurity.com/) , a security awareness training company. She has authored over 150 research papers on online privacy, usable security, and other topics. She has played a key role in building the usable privacy and security research community, having co-edited the seminal book Security and Usability and founded the Symposium On Usable Privacy and Security (SOUPS). In this episode, we discuss the difference between privacy and security, lawmakers and technologists working together, founding Wombat security, the famous “password dress,” what makes a good password policy, IoT nutrition labels, and so much more. Where you can find Lorrie: LinkedIn (https://www.linkedin.com/in/lorriecranor/) Twitter (https://twitter.com/lorrietweet) Carnegie Mellon University (https://www.cmu.edu/epp/people/faculty/lorrie-faith-cranor.html) IEEE (https://www.computer.org/)

In today’s podcast, we hear that Ukraine is preparing for this weekend’s elections while facing intense Russian information operations. Estonia’s experience with such interference may hold lessons. A Magneto vulnerability, just patched, could compromise paycards on e-commerce sites. Huawei reports record profits, and comes in for sharp British criticism over slipshod engineering. Prisoners in Finland will be helping train AI. And security companies hungry for talent should take note of tech layoffs in the larger IT sector. Ben Yelin from UMD CHHS with news that law enforcement agencies are encrypting their radio communications. Guest is Lorrie Cranor, director of CyLab at Carnegie Mellon University. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/March/CyberWire_2019_03_29.html  Support our show

In this episode we discuss the first $1m bug hunter, and yet another Facebook privacy scandal. In our Big Topic this week we explain: What is SIM hijacking and how does it work? Dr Lorrie Cranor, Director at the CyLab Security and Privacy Institute, is our special guest this week. We talk about the human-side of security, privacy and passwords. Tweet us **@1Password **using the hashtag #ask1Password. We talked about... New 1Password mini now in beta HackerOne declares first $1m bug hunter! Facebook misuse phone numbers in latest privacy scandal Lorrie Cranor's TED Talk What the phrase?! More tea vicar? • A British saying uttered after someone passes wind as a way of changing the subject.

In this SEI Podcast, Dr. Lorrie Cranor, director of CyLab, discusses her career, her work in privacy and security, and her upcoming keynote at the 2019 Women in Cybersecurity Conference, March 28-30 in Pittsburgh. This podcast is one of the inaugural interviews in our Women in Software and Cybersecurity podcast series.

This week’s guest is Dr. Lorrie Cranor, a professor at Carnegie Mellon University and an expert in online privacy and security. This episode will cover online security and how it can potentially affect influencers with unique and significant consequences. Stressing the importance of password strength and potential vulnerabilities online, we’ll discuss tools and best practices for online security with Dr. Cranor.

Some studies have shown that the average person has over 50 online accounts-- that's a lot of passwords to recall on a daily basis. In this episode, computer science and engineering professor Lorrie Cranor offers her insight on what makes a good password good and how we all can better protect our online data.

Some studies have shown that the average person has over 50 online accounts-- that's a lot of passwords to recall on a daily basis. In this episode, computer science and engineering professor Lorrie Cranor offers her insight on what makes a good password good and how we all can better protect our online data.

Talking Internet Privacy as Bennet speaks with Lorrie Cranor, Associate Professor of Computer Science and of Engineering and Public Policy at Carnegie Mellon University.Maryland Attorney General Douglas Gansler. He discusses how government should view privacy and the Internet, from location tracking to hacking, data safety and data breaches to cyberbullying.

Lorrie Cranor is an Associate Professor of Computer Science and of Engineering and Public Policy at Carnegie Mellon University. We learn about her work on developing user-friendly methods of safeguarding privacy on the Internet and improving Web security.