The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
We demonstrate a vulnerability in existing content-based message filtering methods, showing how an attacker can use a simple obfuscator to modify any message to a homograph version of the same message, thereby avoiding digest and signature based detection methods. We measure the success of this potential attack against Hotmail, Gmail and Yahoo mail. While the attack is bothersome both in terms of...
Performance assessment of human teaming in complex, real-world contexts is a fundamental challenge for research and training communities alike. We highlight a unique partnership between the cybersecurity training and research communities with the common goal of capturing human team performance. Whether in the context of a training assessment or a research endeavor; both are two sides of the same coin...
Conformance checking is a crucial challenge for modern inter-organizational business processes when critical security, privacy and workflow constraints must be satisfied to ensure the reliability of multi-party business procedures. Many of these constraints can be expressed in terms of causal dependencies, and verifying such dependencies can be fundamental to determine the correctness of transactions...
In this study we investigate malicious spam emails in the context of educational institutes. The goal of the study is two folds, first, is to explore spam types of attacks and what their malicious contents may include and secondly, to analyze if these attacks exhibit discriminative characteristics. This study offers an empirical analysis of spam emails dataset and provides a rich set of features that...
Social networking sites have billions of users who communicate and share their personal information every day. Social engineering is considered one of the biggest threats to information security nowadays. Social engineering is an attacker technique to manipulate and deceive users in order to access or gain privileged information. Such attacks are continuously developed to deceive a high number of...
Cities are seeking new innovative approaches to deliver public services by involving their community in a co-creation process. The main innovation of CLIPS is to provide a usable methodology with a toolkit that enables civil servants and other external stakeholders to collaborate in new designs and delivery of services, starting from a set of basic building blocks available in the cloud. This offers...
The proposed patterns for a specific domain were widely used for the concept of reusing of the resolved problems to similar ones. The verification criteria for proposed patterns evaluation are one of the important factors that affect the patterns quality. This research proposed patterns verification method and criteria based on quality attributes in order to improve patterns validity. The method was...
Ihıs article presents an analysis on the attacks related to the sensitive data breach in the Web ecosystem. The study is based on an Meta-Analysis which identified the significance of 21 years of relevant contributions to the subject. Considering the results we elaborate two contributions: (i) we group attacks according to their behavior and (ii) we reveal the most serious emerging attacks. Additionally,...
The aim of this paper is to present a taxonomy for security threats on the Web ecosystem. We proposes a classification model based on 21 vectors divided into 8 distinct security threats, making use of levels of abstraction and criteria for discrimination which consider propagation and similarity in vulnerabilities. We also propose to estimate the risk factor and impacts on assets, considering data...
Delay Tolerant Networks (DTN) are well adapted for situations where the network nodes suffer from intermittent communications due to the high mobility of the nodes and the constantly changing environment. Several research works tried to address this problem and lately, an ants-based protocol named GrAnt, has been proposed as one of the best solutions. In this paper we firstly assess GrAnt performance...
Cyber criminals use phishing emails in high-volume and spear phishing emails in low volume to achieve their malicious objectives. Hereby they inflict financial, reputational, and emotional damages on individuals and organizations. These (spear) phishing attacks get steadily more sophisticated as cyber criminals use social engineering tricks that combine psychological and technical deceptions to make...
As technological and operational security measures for the protection of information systems are being widely adopted, it is much easier for a malicious user to launch an attack on an information system's weakest link, the humans operating it. Despite the damage that these attacks can cause, they are rarely taken into account in vulnerability assessment models. These models usually focus on representing...
In this work we study information leakage through discussions in online social networks. In particular, we focus on articles published by news pages, in which a person's name is censored, and we examine whether the person is identifiable (de-censored) by analyzing comments and social network graphs of commenters. As a case study for our proposed methodology, in this paper we considered 48 articles...
Analyzing the role of target-related information in a security attack is an understudied topic in the behavioral information security research field. This paper presents an empirical investigation of the effect of adding information about the target in phishing attacks. Data was collected by conducting two phishing experiments using a sample of 158 employees at five Swedish organizations. The first...
Nowadays, many services in the internet including Email, search engine, social networking are provided with free of charge due to enormous growth of web users. With the expansion of Web services, denial of service (DoS) attacks by malicious automated programs (e.g., web bots) is becoming a serious problem of web service accounts. A HIP, or Human Interactive Proofs, is a human authentication mechanism...
The Internet of Things (IoT) demands tailor-made security solutions. Today, there are a number of proposals able to meet IoT's demands in the context of attacks from outsiders. In the context of insiders, however, this does not hold true. Existing solutions to deal with this class of attacks not always take into consideration the IoT's idiosyncrasies and, therefore, they do not produce the best results...
Organizations often suffer harm from individuals who bear no malice against them but whose actions unintentionally expose the organizations to risk-the unintentional insider threat (UIT). In this paper we examine UIT cases that derive from social engineering exploits. We report on our efforts to collect and analyze data from UIT social engineering incidents to identify possible behavioral and technical...
Behavior models of applications are widely used for diagnosing security incidents in complex web-based systems. However, Ajax techniques that enable better web experiences also make it fairly challenging to model Ajax application behaviors in the complex browser environment. In Ajax applications, server-side states are no longer synchronous with the views to end users at the client side. Therefore,...
Configuring access control policies in mobile devices can be quite tedious and unintuitive for users. Software designers attempt to address this problem by setting up default policy configurations. But such global defaults may not be sensible for all users. Modern smart phones are capable of sensing a variety of information about the surrounding environment like Bluetooth devices, WiFi access points,...
We take a detailed look at how users, while focusing on non-permission tasks, notice and fix access-control permission errors depending on where the access-control policy is spatially located on a photo-sharing website. The access-control policy was placed on an online photo-sharing website under the photo or album, on the sidebar, or on a separate settings page. We find that placing the access-control...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.