\u00a0University and vendor researchers are congregating in San Diego this week at USENIX Security \u201914 to share the latest findings in security and privacy, and here are 5 that jumped out to me as being particularly interesting.\u00a0*On the Feasibility of Large-Scale Infections of iOS DevicesGeorgia Tech researchers acknowledge that large-scale iOS device infections have been few and far between, but they claim weaknesses in the iTunes syncing process, device provisioning process and file storage could leave iPhones, iPads and other Apple products vulnerable to attack via botnets. The bad guys could get to the iOS devices via a compromised computer, they say, to install attacker-signed apps and swipe personal info. The researchers came to their conclusion after examining DNS queries within known botnets.*XRay: Enhancing the Web\u2019s Transparency with Differential CorrelationColumbia University researchers introduce XRay, a tool designed to give web users more insight into which of their personal data is being used to target them with ads. The researchers will present at USENIX a prototype of XRay, which has already been posted online as an open source system for others to explore. Initially, the system can be used to explain targeting in Gmail ads, Amazon recommendations and YouTube video suggestions.\u201cToday we have a problem: the web is not transparent. We see XRay as an important first step in exposing how websites are using your personal data,\u201d says Assistant Professor of Computer Science Roxana Geambasu.*The Long \u201cTaile\u201d of Typosquatting Domain Names Investigators from the University of Chicago, Carnegie Mellon University and Budapest University of Technology and Economics took a deep dive into the world of typosquatting, where miscreants prey on unsuspecting web users tricked into visiting websites that only look like the ones they planned to visit and exploiting owners of legitimate websites with similar domain names. The researchers felt a more thorough examination of suspected typosquatting sites was necessarily to separate those that are based on true typos vs. those from cybercrooks, as well as to look more closely at typosquatting involving smaller sites. Much of the previous research, and thus defense tools, have focused on typosquatting that involves big name sites. *The Emperor\u2019s New Password Manager: Security Analysis of Web-based Password ManagersUniversity of California at Berkeley researchers study five popular browser-based password managers (including LastPass and PasswordBox), and naturally, they identify a handful of security conscerns with the password managers themselves. One-time passwords, bookmarklets and shared passwords all present security vulnerabilities, the researchers say. The researchers come up with suggestions, including a defense in depth approach, for developing safer password managers.*From the Aether to the Ethernet\u2014Attacking the Internet using Broadcast Digital TelevisionColumbia University researchers warn that Hybrid Broadcast-Broadband Television, a Web-and-TV integration that is popular in Europe and coming to the United States, is based on an unsecure combination of technologies. Exploits could be widespread, hard to detect and inexpensive to pull off (say $450 to target 20,000 devices), say the researchers \u201cA unique aspect of this attack is that, in contrast to most Internet of Things\/Cyber-Physical System threat scenarios where the attack comes from the data network side and affects the physical world, our attack uses the physical broadcast network to attack the data network,\u201d according to the paper.Note that all research papers should be available at the USENIX Security \u201914 website once the show gets underway on Aug. 20.