Podcast appearances and mentions of stefan savage

You click on a link in an email—as one does. Suddenly you see a message from your organization, “You've been phished! Now you need some training!” What do you do next? If you're like most busy humans, you skip it and move on.Researcher Ariana Mirian (and co-authors Grant Ho, Elisa Luo, Khang Tong, Euyhyun Lee, Lin Liu, Christopher A. Longhurst, Christian Dameff, Stefan Savage, Geoffrey M. Voelker) uncovered similar results in their study “Understanding the Efficacy of Phishing Training in Practice.” The solution? Ariana suggests focusing on a more effective fix: designing safer systems.In the episode we talk about:Annual cybersecurity awareness training doesn't reduce the likelihood of clicking on phishing links, even if completed recently. Employees who finished training recently show similar phishing failure rates to those who completed it months ago. The study notes, “Employees who recently completed such training, which has significant focus on social engineering and phishing defenses, have similar phishing failure rates compared to other employees who completed awareness training many months ago.”Phishing simulations combined with training (where companies send out fake phishing emails to employees and, for those who click on the links, lead those employees through training) had little impact on whether participants would click phishing links in the future. Ariana was hopeful about interactive training but found that too few participants engaged with it to draw meaningful conclusions. The type of phishing lure (e.g., password reset vs. vacation policy change) influenced whether users clicked. Ariana warned that certain lures could artificially lower click rates.Ultimately, Ariana suggests focusing on designing safer systems—where the burden is taken off the end users. She recommends two-factor authentication, using phishing-resistant hardware keys (like YubiKeys), and blocking phishing emails before they reach users.This quote from the study stood out to me: “Our results suggest that organizations like ours should not expect training, as commonly deployed today, to substantially protect against phishing attacks—the magnitude of protection afforded is simply too small and employees remain susceptible even after repeated training.”This highlights the need for safer system design, especially for critical services like email, which—and this is important—inherently relies on users clicking links.Ariana Mirian is a senior security researcher at Censys. She completed her PhD at UC San Diego and co-authored the paper, “Understanding the Efficacy of Phishing Training in Practice.”G. Ho et al., "Understanding the Efficacy of Phishing Training in Practice," in 2025 IEEE Symposium on Security and Privacy (SP), San Francisco, CA, 2025, pp. 37-54, doi: 10.1109/SP61157.2025.00076.

Welcome back to PING, at the start of 2025. In this episode, Gautam Akiwate, (now with Apple, but at the time of recording with Stanford University) talks about the 2021 Advanced Network Research Prize winning paper, co-authored with Stefan Savage, Geoffrey Voelker and Kimberly Claffy which was titled "Risky BIZness: Risks Derived from Registrar Name Management". The paper explores a situation which emerged inside the supply chain behind DNS name delegation, in the use of an IETF protocol called Extensible Provisioning Protocol or EPP. EPP is implemented in XML over the SOAP mechanism, and is how registry-registrar communications take place, on behalf of a given domain name holder (the delegate) to record which DNS nameservers have the authority to publish the delegated zone. The problem doesn't lie in the DNS itself, but in the operational practices which emerged in some registrars, to remove dangling dependencies in the systems when domain names were de-registered. In effect they used an EPP feature to rename the dependency, so they could move on with selling the domain name to somebody else. The problem is that feature created valid names, which could themselves then be purchased. For some number of DNS consumers, those new valid nameservers would then be permitted to serve the domain, and enable attacks on the integrity of the DNS and the web. Gautam and his co-authors explored a very interesting quirk of the back end systems and in the process helped improve the security of the DNS and identified weaknesses in a long-standing "daily dump" process to provide audit and historical data.

Stefan Savage, esteemed professor of Computer Science and Engineering gives the lowdown on: - His unique approach to teaching (no tests or papers!) - Groundbreaking research into cybersecurity (including re-assembling a 737 in the lab) - His upcoming November 12 presentation entitled "Modern Automotive Vulnerabilities: The Science Behind the Fast and the Furious" - What he sees on the horizon Transcript (w/ Timestamps): https://www.rev.com/transcript-editor/shared/4E9oxOdOfF2WWmvsdn32TzdbNyB5diBMA7wUxpwdmGBQLJ3DRhFcKGAIE3GMjjBvpcNKoOtAZbUdT4aQmbHVB9xnrq4?loadFrom=SharedLink

Professor Mindy Rhindress is a valued faculty member and Mentor-in-Residence at Queens College's Program in Data Analytics and Applied Social Research. She is also one of her program's highly-successful alumni, with a very successful corporate career that culminated in a senior executive at the major marketing research firm Abt Associates. It often surprises Data Analytics students that our program is decades-old, with a long history of training students to apply quantitative social science to public and private sector enterprise problems. Check out this gem we found! https://youtu.be/RN3kpCPShjE By the way, that's MacArthur award-winning computer scientist Stefan Savage, who worked as a lab assistant back in the day! In our inaugural episode of The QC Pod, we ask Professor Rhindress what it was like to study analytics back in the 1990s. She talks about how QC students were trained to evangelize the idea that enterprises should give all their knowledge workers a computer of their own, and should teach people to use them! We talk about the resistance to computers back in the 1990s, how a male-dominated executive culture thought it too emasculating to type up your own work, and how people like Prof. Rhindress were able to capitalize on their understandings of what techs did to better work with them as a business executive. Queens College's Master's Program in Data Analytics and Applied Social Research continues that tradition today by training students in today's cutting-edge data analytics and applied social science. It is an outstanding program with a great placement record (at a fraction of the cost of our private school competitors). Applications are free for Queens College students.

Ariana is a PhD student at UC San Diego, where she works with the Sysnet, CryptoSec, and CNS groups at UCSD, as well as the Center for Evidence-based Security Research (CESR). She is advised by Geoff Voelker and Stefan Savage. As an undergrad, she started her academic journey in a security lab as an coder. She soon realized that the world of security would be an enthralling space that has repercussions for everyone that uses a computer today, and after doing some coding, she then moved more into a research-oriented role. She discovered that one of security's problems revolved around users and how users interact with our various security mechanisms; and what good are our security mechanisms if they fail to protect people? She then decided to dive into the intersection of usable security and empirical analysis, or how we can use environmental studies to determine user behavior, where is it going wrong, and how we can fix it. This is the philosophy that drives her research Series: "UCTV Prime" [Science] [Show ID: 33422]

Ariana is a PhD student at UC San Diego, where she works with the Sysnet, CryptoSec, and CNS groups at UCSD, as well as the Center for Evidence-based Security Research (CESR). She is advised by Geoff Voelker and Stefan Savage. As an undergrad, she started her academic journey in a security lab as an coder. She soon realized that the world of security would be an enthralling space that has repercussions for everyone that uses a computer today, and after doing some coding, she then moved more into a research-oriented role. She discovered that one of security's problems revolved around users and how users interact with our various security mechanisms; and what good are our security mechanisms if they fail to protect people? She then decided to dive into the intersection of usable security and empirical analysis, or how we can use environmental studies to determine user behavior, where is it going wrong, and how we can fix it. This is the philosophy that drives her research Series: "UCTV Prime" [Science] [Show ID: 33422]

Ariana is a PhD student at UC San Diego, where she works with the Sysnet, CryptoSec, and CNS groups at UCSD, as well as the Center for Evidence-based Security Research (CESR). She is advised by Geoff Voelker and Stefan Savage. As an undergrad, she started her academic journey in a security lab as an coder. She soon realized that the world of security would be an enthralling space that has repercussions for everyone that uses a computer today, and after doing some coding, she then moved more into a research-oriented role. She discovered that one of security's problems revolved around users and how users interact with our various security mechanisms; and what good are our security mechanisms if they fail to protect people? She then decided to dive into the intersection of usable security and empirical analysis, or how we can use environmental studies to determine user behavior, where is it going wrong, and how we can fix it. This is the philosophy that drives her research Series: "UCTV Prime" [Science] [Show ID: 33422]

Ariana is a PhD student at UC San Diego, where she works with the Sysnet, CryptoSec, and CNS groups at UCSD, as well as the Center for Evidence-based Security Research (CESR). She is advised by Geoff Voelker and Stefan Savage. As an undergrad, she started her academic journey in a security lab as an coder. She soon realized that the world of security would be an enthralling space that has repercussions for everyone that uses a computer today, and after doing some coding, she then moved more into a research-oriented role. She discovered that one of security's problems revolved around users and how users interact with our various security mechanisms; and what good are our security mechanisms if they fail to protect people? She then decided to dive into the intersection of usable security and empirical analysis, or how we can use environmental studies to determine user behavior, where is it going wrong, and how we can fix it. This is the philosophy that drives her research Series: "UCTV Prime" [Science] [Show ID: 33422]

Prof. Stefan Savage generated controversy and debate over public policy after demonstrating the vulnerability of modern automobiles to attack from hackers who can take advantage of internal as well as external digital components and systems in today’s cars. Series: "Computer Science Channel" [Public Affairs] [Science] [Show ID: 31921]

Prof. Stefan Savage generated controversy and debate over public policy after demonstrating the vulnerability of modern automobiles to attack from hackers who can take advantage of internal as well as external digital components and systems in today’s cars. Series: "Computer Science Channel" [Public Affairs] [Science] [Show ID: 31921]

UC San Diego Computer Science and Engineering (CSE) Department Chair Rajesh Gupta, an expert in cyber-physical systems, kicks off a conversation with two cyber security experts from the computer-science faculty in UC San Diego’s Jacobs School of Engineering: Prof. Stefan Savage, and Prof. Hovav Shacham. Savage and colleagues generated controversy and debate over public policy after they demonstrated the vulnerability of modern automobiles to attack from hackers who can take advantage of internal as well as external digital components and systems in today’s cars. Most recently, Prof. Shacham uncovered security vulnerabilities involving the full-body backscatter, X-ray scanners deployed at entrances to airports, train stations and other public places. Series: "Computing Primetime" [Science] [Show ID: 28620]

UC San Diego Computer Science and Engineering (CSE) Department Chair Rajesh Gupta, an expert in cyber-physical systems, kicks off a conversation with two cyber security experts from the computer-science faculty in UC San Diego’s Jacobs School of Engineering: Prof. Stefan Savage, and Prof. Hovav Shacham. Savage and colleagues generated controversy and debate over public policy after they demonstrated the vulnerability of modern automobiles to attack from hackers who can take advantage of internal as well as external digital components and systems in today’s cars. Most recently, Prof. Shacham uncovered security vulnerabilities involving the full-body backscatter, X-ray scanners deployed at entrances to airports, train stations and other public places. Series: "Computing Primetime" [Science] [Show ID: 28620]