Junade Ali: Difference between revisions

Add links
From Wikipedia, the free encyclopedia
Next edit →
Content deleted Content added
VisualWikitext
0036947a (talk | contribs)
62 edits
Create article
(No difference)

Revision as of 20:30, 29 January 2022

Junade Ali
Junade Ali (left) with Troy Hunt (right)
Born1996 (age 27–28) [1]
NationalityBritish
CitizenshipUnited Kingdom
Known forCybersecurity research

Junade Ali CEng is a British computer scientist known for research in cybersecurity.[2][1][3][4][5][6]

Ali studied for a Master of Science degree aged 17 and was awarded Chartered Engineer status by 24.[7][8] He started his research career working on the UK's Motorway Incident Detection and Automatic Signalling network and working on the maximum coverage problem in road traffic sensor placement.[9][10][11][12]

Ali later worked for cybersecurity firm Cloudflare as an engineering manager where he worked on developing network diagnostic tooling, a security operations center and safety-engineered natural language processing.[13][14][15][16][17]

In February 2018, Ali created the first Compromised Credential Checking protocol (using k-anonymity and cryptographic hashing) to anonymously verify whether a password was in a data breach without fully disclosing the searched password.[18][19] This protocol was implemented as a public API and is now consumed by multiple websites and services, including password managers[20][21] and browser extensions.[22][23] This approach was later replicated by Google's Password Checkup feature and by Apple iOS.[24][25][26][27] Ali worked with academics at Cornell University to develop new versions of the protocol known as Frequency Smoothing Bucketization (FSB) and Identifier-Based Bucketization (IDB).[28] In March 2020, cryptographic padding was added to the protocol.[29] Ali's research was praised in Canadian cryptographer Carlisle Adams book, Introduction to Privacy Enhancing Technologies.[30]

Ali conducts cybersecurity research on North Korea and provides expert commentary to journalists at NK News.[31][32][33][34]

In January 2022, Ali told journalists at NK News and Reuters that he had observed North Korea's internet being taken offline in a second major outage that month following a missile test, Ali told journalists that data he collected was consistent with a Distributed Deinal-of-Service attack.[35][36][37][38] South Korean Government officials responded by saying "we are monitoring the situation under coordination with relevant government agencies," without elaborating further.[39]

Ali currently owns the technology consultancy, Tansume Limited where he consults for cybersecurity firm Risk Ledger and engineering productivity company Haystack Analytics.[40][41] In July 2021, Ali commissioned a study by Survation for Haystack Analytics which found that 83% of software developers were suffering from burnout.[42][43][44] The poll also found 57% of software engineers agreed “to a great extent” or “to a moderate extent” with the phrase "Software reliability at my workplace concerns me”.[45][46] Ali claimed this was "the first time representative opinion polling was used to understand software engineers."[47]

During the COVID-19 pandemic, Ali worked on security improvements to the (Google/Apple) Exposure Notification used to create public health contact tracing apps.[48]

Selected Publications

  • Li, L., Pal, B., Ali, J., Sullivan, N., Chatterjee, R. and Ristenpart, T., 2019, November. Protocols for checking compromised credentials. In Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security (pp. 1387-1403).[49]
  • Ali, J. and Dyo, V. (2020). Practical Hash-based Anonymity for MAC Addresses. In Proceedings of the 17th International Joint Conference on e-Business and Telecommunications - SECRYPT, ISBN 978-989-758-446-6; ISSN 2184-7711, pages 572-579. DOI: 10.5220/0009825105720579
  • Ali, J. and Dyo, V., 2021, January. Cross hashing: Anonymizing encounters in decentralised contact tracing protocols. In 2021 International Conference on Information Networking (ICOIN) (pp. 181-185). IEEE.[50]
  • Pikies, M. and Ali, J., 2019, April. String similarity algorithms for a ticket classification system. In 2019 6th International Conference on Control, Decision and Information Technologies (CoDIT) (pp. 36-41). IEEE.[51]
  • Ali, J. and Dyo, V. (2017). Coverage and Mobile Sensor Placement for Vehicles on Predetermined Routes: A Greedy Heuristic Approach. In Proceedings of the 14th International Joint Conference on e-Business and Telecommunications - Volume 5: WINSYS, (ICETE 2017) ISBN 978-989-758-261-5, pages 83-88.[52]
  • Ali, J. (2016). Mastering PHP Design Patterns (book). Packt Publishing Ltd.[53]
  • Ali, J. and Pikies, M. (2019). Password Authentication Attacks at Scale. The 6th International Conference on Advanced Engineering – Theory and Applications 2019.[54]

References

  1. ^ a b CEng registration number 673221. https://www.engc.org.uk/regcheck
  2. ^ "From apprentice to Chartered Engineer: at just 24". www.theiet.org. Retrieved 29 January 2022.
  3. ^ Hollister, Sean (7 August 2020). "Have I Been Pwned — which tells you if passwords were breached — is going open source". The Verge. Retrieved 29 January 2022.
  4. ^ Oshin, Olafimihan (26 January 2022). "Cyberattack suspected in North Korean internet outage". TheHill.
  5. ^ Marks, Joseph (27 January 2022). "Analysis | The administration wants to prevent an attack on water supplies". Washington Post. Retrieved 29 January 2022.
  6. ^ Saran, Cliff. "Team leaders urged to address developer mental health". ComputerWeekly.com. Retrieved 29 January 2022.
  7. ^ "From apprentice to Chartered Engineer: at just 24". www.theiet.org. Retrieved 29 January 2022.
  8. ^ "Junade Ali". leaddev.com. Retrieved 29 January 2022.
  9. ^ Smedley, Peggy (8 April 2021). "Are Software Engineers Burned Out? - Connected World". web.archive.org. Retrieved 8 April 2021.
  10. ^ Velisavljevic, Vladan; Cano, Eduardo; Dyo, Vladimir; Allen, Ben (December 2016). "Wireless Magnetic Sensor Network for Road Traffic Monitoring and Vehicle Classification". Transport and Telecommunication Journal. 17 (4). doi:10.1515/ttj-2016-0024.
  11. ^ Ali, Junade; Dyo, Vladimir (2017). "Coverage and Mobile Sensor Placement for Vehicles on Predetermined Routes: A Greedy Heuristic Approach:". Proceedings of the 14th International Joint Conference on e-Business and Telecommunications: 83–88. doi:10.5220/0006469800830088.
  12. ^ Ali, Junade; Dyo, Vladimir; Zhang, Sijing (October 2020). "Battery-assisted Electric Vehicle Charging: Data Driven Performance Analysis". 2020 IEEE PES Innovative Smart Grid Technologies Europe (ISGT-Europe): 429–433. doi:10.1109/ISGT-Europe47291.2020.9248941.
  13. ^ Ali, Junade (2019). "Support Operations Engineering: Scaling Developer Products to the Millions". SRECon 2019. Usenix. Retrieved 29 January 2022.
  14. ^ Pikies, Malgorzata; Ali, Junade (April 2019). "String similarity algorithms for a ticket classification system". 2019 6th International Conference on Control, Decision and Information Technologies (CoDIT): 36–41. doi:10.1109/CoDIT.2019.8820497. Retrieved 29 January 2022.
  15. ^ Pikies, Malgorzata; Ali, Junade (1 July 2021). "Analysis and safety engineering of fuzzy string matching algorithms". ISA Transactions. 113: 1–8. doi:10.1016/j.isatra.2020.10.014. ISSN 0019-0578. Retrieved 29 January 2022.
  16. ^ Pikies, Malgorzata; Riyono, Andronicus; Ali, Junade (24 September 2020). "Novel Keyword Extraction and Language Detection Approaches". arXiv:2009.11832 [cs]. Retrieved 29 January 2022.
  17. ^ Ali, Junade; Pikies, Malgorzata (2021). "Password Authentication Attacks at Scale". AETA 2019 - Recent Advances in Electrical Engineering and Related Sciences: Theory and Application. Springer International Publishing: 394–403. doi:10.1007/978-3-030-53021-1_40. Retrieved 29 January 2022.
  18. ^ "Find out if your password has been pwned—without sending it to a server". Ars Technica. Retrieved 2018-05-24.
  19. ^ "1Password bolts on a 'pwned password' check – TechCrunch". techcrunch.com. Retrieved 2018-05-24.
  20. ^ "1Password Integrates With 'Pwned Passwords' to Check if Your Passwords Have Been Leaked Online". Retrieved 2018-05-24.
  21. ^ Conger, Kate. "1Password Helps You Find Out if Your Password Is Pwned". Gizmodo. Retrieved 2018-05-24.
  22. ^ Condon, Stephanie. "Okta offers free multi-factor authentication with new product, One App | ZDNet". ZDNet. Retrieved 2018-05-24.
  23. ^ Coren, Michael J. "The world's biggest database of hacked passwords is now a Chrome extension that checks yours automatically". Quartz. Retrieved 2018-05-24.
  24. ^ Wagenseil I, Paul (5 February 2019). "Google's New Chrome Extension Finds Your Hacked Passwords". www.laptopmag.com.
  25. ^ "Google Launches Password Checkup Extension to Alert Users of Data Breaches". BleepingComputer.
  26. ^ Dsouza, Melisha (6 February 2019). "Google's new Chrome extension 'Password CheckUp' checks if your username or password has been exposed to a third party breach". Packt Hub.
  27. ^ Hunt, Troy (7 August 2020). "I'm Open Sourcing the Have I Been Pwned Code Base". Troy Hunt. Retrieved 29 January 2022.
  28. ^ Li, Lucy; Pal, Bijeeta; Ali, Junade; Sullivan, Nick; Chatterjee, Rahul; Ristenpart, Thomas (2019-11-06). "Protocols for Checking Compromised Credentials". Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security. New York, NY, USA: ACM: 1387–1403. arXiv:1905.13737. Bibcode:2019arXiv190513737L. doi:10.1145/3319535.3354229. ISBN 978-1-4503-6747-9. S2CID 173188856.
  29. ^ Ali, Junade (4 March 2020). "Pwned Passwords Padding (ft. Lava Lamps and Workers)". The Cloudflare Blog. Retrieved 12 May 2020.
  30. ^ Adams, Carlisle (2021). Introduction to Privacy Enhancing Technologies. Springer. Retrieved 29 January 2022.
  31. ^ Choy, Min Chao (26 February 2021). "North Korean hackers breached sensitive defense network at Russian firm". NK PRO. Retrieved 29 January 2022.
  32. ^ Weisensee, Nils (2 April 2021). "North Koreans sharpen their cyberskills at online coding competitions". NK PRO.
  33. ^ Weisensee, Nils (25 May 2021). "North Korean websites go dark after botched server upgrade - NK News". NK News - North Korea News. Retrieved 29 January 2022.
  34. ^ Referenced in 13 articles from February 2021 to January 2022: https://www.nknews.org/?s=Junade+Ali
  35. ^ Weisensee, Nils (26 January 2022). "DDOS attack cuts off North Korea's internet after fifth missile test". NK PRO. Retrieved 29 January 2022.
  36. ^ Shull, Abbie. "North Korea recently disappeared from the internet for a little while, and it looks like it has happened again". Business Insider.
  37. ^ "North Korean Internet downed by suspected cyber attacks: Researchers". CNA.
  38. ^ Ward, Er; Thompson, Alex; Forgey, Quint. "The NSC's weekly Ukraine crisis club". POLITICO.
  39. ^ "Seoul monitoring situation after N. Korea hit by suspected cyber attack". The Korea Herald. Yonhap. 27 January 2022. Retrieved 29 January 2022.
  40. ^ "Junade Ali". leaddev.com. Retrieved 29 January 2022.
  41. ^ "Junade Ali". Retrieved 29 January 2022.
  42. ^ Anderson, Tim. "Report: 83% of UK software engineers suffer burnout, COVID-19 made it worse". www.theregister.com. Retrieved 29 January 2022.
  43. ^ Hughes, Owen. "83% of developers suffer from burnout". IT PRO. Retrieved 29 January 2022.
  44. ^ Millman, Rene. "83% of developers suffer from burnout". IT PRO. Retrieved 29 January 2022.
  45. ^ Farrell, Nick. "Software reliability a key problem during 2021". www.fudzilla.com. Retrieved 29 January 2022.
  46. ^ Fadilpašić, Sead (1 October 2021). "Software reliability has become a bigger issue for developers". ITProPortal. Retrieved 29 January 2022.
  47. ^ Ali, Junade. "How to prevent developer burnout". ComputerWeekly.com. Retrieved 29 January 2022.
  48. ^ Ali, Junade; Dyo, Vladimir (January 2021). "Cross Hashing: Anonymizing encounters in Decentralised Contact Tracing Protocols". 2021 International Conference on Information Networking (ICOIN): 181–185. doi:10.1109/ICOIN50884.2021.9333939. Retrieved 29 January 2022.
  49. ^ Li, Lucy; Pal, Bijeeta; Ali, Junade; Sullivan, Nick; Chatterjee, Rahul; Ristenpart, Thomas (2019-11-06). "Protocols for Checking Compromised Credentials". Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security. New York, NY, USA: ACM: 1387–1403. arXiv:1905.13737. Bibcode:2019arXiv190513737L. doi:10.1145/3319535.3354229. ISBN 978-1-4503-6747-9. S2CID 173188856.
  50. ^ Ali, Junade; Dyo, Vladimir (January 2021). "Cross Hashing: Anonymizing encounters in Decentralised Contact Tracing Protocols". 2021 International Conference on Information Networking (ICOIN): 181–185. doi:10.1109/ICOIN50884.2021.9333939. Retrieved 29 January 2022.
  51. ^ Pikies, Malgorzata; Ali, Junade (April 2019). "String similarity algorithms for a ticket classification system". 2019 6th International Conference on Control, Decision and Information Technologies (CoDIT): 36–41. doi:10.1109/CoDIT.2019.8820497. Retrieved 29 January 2022.
  52. ^ Ali, Junade; Dyo, Vladimir (2017). "Coverage and Mobile Sensor Placement for Vehicles on Predetermined Routes: A Greedy Heuristic Approach:". Proceedings of the 14th International Joint Conference on e-Business and Telecommunications: 83–88. doi:10.5220/0006469800830088.
  53. ^ Ali, Junade (2016). Mastering PHP design patterns : develop robust and reusable code using a multitude of design patterns for PHP 7. ISBN 9781785887130. Retrieved 29 January 2022.
  54. ^ Ali, Junade; Pikies, Malgorzata (2021). "Password Authentication Attacks at Scale". AETA 2019 - Recent Advances in Electrical Engineering and Related Sciences: Theory and Application. Springer International Publishing: 394–403. doi:10.1007/978-3-030-53021-1_40. Retrieved 29 January 2022.
Retrieved from "https://en.wikipedia.org/w/index.php?title=Junade_Ali&oldid=1068687903"