Collaborate Disseminate
Researchers have found that they can guess various credit-card-number security details by spreading their guesses around multiple websites so as not to trigger any alarms. From a news article: Mohammed Ali, a PhD student at the university’s School of Computing Science, said: "This sort of attack exploits two weaknesses that on their own are not too severe but when used… Continue reading Guessing Credit Card Security Details
Josephine Wolff examines different Internet governance stakeholders and how they frame security debates. Her conclusion: The tensions that arise around issues of security among different groups of internet governance stakeholders speak to the many tangled notions of what online security is and whom it is meant to protect that are espoused by the participants in multistakeholder governance forums. What makes… Continue reading How Different Stakeholders Frame Security
Last week, Yahoo! announced that it was hacked pretty massively in 2014. Over half a billion usernames and passwords were affected, making this the largest data breach of all time. Yahoo! claimed it was a government that did it: A recent investigation by Yahoo! Inc. has confirmed that a copy of certain user account information was stolen from the company’s… Continue reading The Hacking of Yahoo
fMRI experiments show that we are more likely to ignore security warnings when they interrupt other tasks. A new study from BYU, in collaboration with Google Chrome engineers, finds the status quo of warning messages appearing haphazardly — while people are typing, watching a video, uploading files, etc. — results in up to 90 percent of users disregarding them. Researchers… Continue reading Research on the Timing of Security Warnings
I’ve been saying for years that it’s bad security advice, that it encourages poor passwords. Lorrie Cranor, now the FTC’s chief technologist, agrees: By studying the data, the researchers identified common techniques account holders used when they were required to change passwords. A password like "tarheels#1", for instance (excluding the quotation marks) frequently became "tArheels#1" after the first change, "taRheels#1"… Continue reading Frequent Password Changes Is a Bad Security Idea
Interesting analysis: Abstract: Objectives — Informed by situational crime prevention (SCP) this study evaluates the effectiveness of the "West Bank Barrier" that the Israeli government began to construct in 2002 in order to prevent suicide bombing attacks. Methods — Drawing on crime wave models of past SCP research, the study uses a time series of terrorist attacks and fatalities and… Continue reading Security Effectiveness of the Israeli West Bank Barrier
Interesting: Since the team had tracked these groups daily, researchers could observe the tactics that pro-ISIS groups use to evade authorities. They found that 15 percent of groups changed their names during the study period, and 7 percent flipped their visibility from public to members only. Another 4 percent underwent what the researchers called reincarnation. That means the group disappeared… Continue reading Security Behavior of Pro-ISIS Groups on Social Media
Interesting: Since the team had tracked these groups daily, researchers could observe the tactics that pro-ISIS groups use to evade authorities. They found that 15 percent of groups changed their names during the study period, and 7 percent flipped their visibility from public to members only. Another 4 percent underwent what the researchers called reincarnation. That means the group disappeared… Continue reading Security Behavior of Pro-ISIS Groups on Social Media
Really interesting article on the difficulties involved with explosive detection at airport security checkpoints. Abstract: The mid-air bombing of a Somali passenger jet in February was a wake-up call for security agencies and those working in the field of explosive detection. It was also a reminder that terrorist groups from Yemen to Syria to East Africa continue to explore innovative… Continue reading Detecting Explosives
Shortened URLs, produced by services like bit.ly and goo.gl, can be brute-forced. And searching random shortened URLs yields all sorts of secret documents. Plus, many of them can be edited, and can be infected with malware. Academic paper. Blog post with lots of detail…. Continue reading Security Risks of Shortened URLs