The Definitive Fraud Encyclopedia

This unique guide provides step-by-step instructions on how to commit fraud. From buying the correct hardware and software, to spoofing the personal details of your victims, to actually using stolen cards effectively. Originally published by an anonymous individual...

How Do Vulnerabilities Get Into Software?

This paper, by application security platform Veracode, addresses the four main causes of vulnerabilities in software today. The authors investigate: insecure coding practises; the ever-shifting threat landscape; the reuse of vulnerable components and code; and...

Cyber security: a failure of Imagination by CEOs

This paper discusses the involvement of CEOs in cyber security. Backed up by strong research, it explores the current state of CEO involvement, addresses some of the challenges involved in CEO involvement and offers four golden rules of cyber security.    ...

Predicting Privacy and Security Attitudes

While individual differences in decision-making have been examined within the social sciences for several decades, this research has only recently begun to be applied by computer scientists to examine privacy and security attitudes (and ultimately behaviors)....

An Extended Perspective on Individual Security Behaviors

Security threats regularly affect users of home computers. As such, it is important to understand the practices of users for protecting their computers and networks, and to identify determinants of these practices. Several recent studies utilize Protection Motivation...

The Effect of Social Influence on Security Sensitivity

Even though there has been an increased effort to increase security sensitivity amongst the population, most individuals ignore security advice. This paper found a few social influence processes – processes that influence the behaviours of individuals with words and...

Comprehensive Study on Cybercrime

An in-depth and thorough study into the world of global cybercrime which highlights lessons learned from current and past cyber efforts. The study explores the global state of cybercrime, the challenges we face as we move into a digitally connected society and...

On The Security of Password Manager Database Formats

Findings from this paper show that most password managers are easily broken and use storage formats that are easily accessible, even to weak adversaries. The work does, however, show that it is possible to theoretically construct a format that is secure, that’s usable...

Scare tactics – A viable weapon in the security war?

End users are frequently criticised as the sources of bad security practice, and it is suggested they might take the issue more seriously if they experienced a breach. An option for enabling this would be for security administrators to deliberately create conditions...

Teaching Johnny Not to Fall for Phish

Research focusing on educating users about phishing and identifying phishing emails, as opposed to using technology for prevention and detection. The research identified multiple problems, namely: that people were not motivated to learn about security; that security...

A large-scale study of web password habits

We report the results of a large scale study of password use and password re-use habits. The study involved half a million users over a three month period. A client component on users’ machines recorded a variety of password strength, usage and frequency metrics. This...

Behavioral Response to Phishing Risk

Tools that aim to combat phishing attacks must take into account how and why people fall for them in order to be effective. This study reports a pilot survey of 232 computer users to reveal predictors of falling for phishing emails, as well as trusting legitimate...

Making security usable: Are things improving?

Given the increased focus on the need for usable security, it is now to be hoped that the issue will receive greater attention in new software releases. Unfortunately, however, there is still evidence to suggest that usable security receives insufficient consideration...

Phishing: can we spot the signs?

Dr Steven Furnell at Plymouth University has conducted research, which looks at why some computer users still can’t tell the difference between an official email and a phishing scam. Steven Furnell looks at the increasing sophistication of phishing emails and...

Decision Strategies and Susceptibility to Phishing

Phishing emails are semantic attacks that con people into divulging sensitive information using techniques to make the user believe that information is being requested by a legitimate source. In order to develop tools that will be effective in combating these schemes,...