The Definitive Fraud Encyclopedia

Reading Time: 1 minuteThis unique guide provides step-by-step instructions on how to commit fraud. From buying the correct hardware and software, to spoofing the personal details of your victims, to actually using stolen cards effectively. Originally published by an...

How Do Vulnerabilities Get Into Software?

Reading Time: 1 minuteThis paper, by application security platform Veracode, addresses the four main causes of vulnerabilities in software today. The authors investigate: insecure coding practises; the ever-shifting threat landscape; the reuse of vulnerable components...

Cyber security: a failure of Imagination by CEOs

Reading Time: 1 minuteThis paper discusses the involvement of CEOs in cyber security. Backed up by strong research, it explores the current state of CEO involvement, addresses some of the challenges involved in CEO involvement and offers four golden rules of cyber...

Predicting Privacy and Security Attitudes

Reading Time: 1 minuteWhile individual differences in decision-making have been examined within the social sciences for several decades, this research has only recently begun to be applied by computer scientists to examine privacy and security attitudes (and...

An Extended Perspective on Individual Security Behaviors

Reading Time: 1 minuteSecurity threats regularly affect users of home computers. As such, it is important to understand the practices of users for protecting their computers and networks, and to identify determinants of these practices. Several recent studies utilize...

The Effect of Social Influence on Security Sensitivity

Reading Time: 1 minuteEven though there has been an increased effort to increase security sensitivity amongst the population, most individuals ignore security advice. This paper found a few social influence processes – processes that influence the behaviours of...

Comprehensive Study on Cybercrime

Reading Time: 1 minuteAn in-depth and thorough study into the world of global cybercrime which highlights lessons learned from current and past cyber efforts. The study explores the global state of cybercrime, the challenges we face as we move into a digitally...

On The Security of Password Manager Database Formats

Reading Time: 1 minuteFindings from this paper show that most password managers are easily broken and use storage formats that are easily accessible, even to weak adversaries. The work does, however, show that it is possible to theoretically construct a format that is...

Scare tactics – A viable weapon in the security war?

Reading Time: 1 minuteEnd users are frequently criticised as the sources of bad security practice, and it is suggested they might take the issue more seriously if they experienced a breach. An option for enabling this would be for security administrators to...

Teaching Johnny Not to Fall for Phish

Reading Time: 1 minuteResearch focusing on educating users about phishing and identifying phishing emails, as opposed to using technology for prevention and detection. The research identified multiple problems, namely: that people were not motivated to learn about...

A large-scale study of web password habits

Reading Time: 1 minuteWe report the results of a large scale study of password use and password re-use habits. The study involved half a million users over a three month period. A client component on users’ machines recorded a variety of password strength, usage and...

Behavioral Response to Phishing Risk

Reading Time: 1 minuteTools that aim to combat phishing attacks must take into account how and why people fall for them in order to be effective. This study reports a pilot survey of 232 computer users to reveal predictors of falling for phishing emails, as well as...

Making security usable: Are things improving?

Reading Time: 1 minuteGiven the increased focus on the need for usable security, it is now to be hoped that the issue will receive greater attention in new software releases. Unfortunately, however, there is still evidence to suggest that usable security receives...

Phishing: can we spot the signs?

Reading Time: 1 minuteDr Steven Furnell at Plymouth University has conducted research, which looks at why some computer users still can’t tell the difference between an official email and a phishing scam. Steven Furnell looks at the increasing sophistication of...

Decision Strategies and Susceptibility to Phishing

Reading Time: 1 minutePhishing emails are semantic attacks that con people into divulging sensitive information using techniques to make the user believe that information is being requested by a legitimate source. In order to develop tools that will be effective in...