Why Johnny can’t rely on anti-phishing educational interventions to protect himself against contemporary phishing attacks?

Phishing is a way of stealing people’s sensitive information such as username, password and banking details by disguising as a legitimate entity (i.e. email, website). Anti-phishing education considered to be vital in strengthening “human”, the weakest link in information security. Previous research in anti-phishing education focuses on improving educational interventions to better interact the end user. However, one can argue that existing anti-phishing educational interventions are limited in success due to their outdated teaching content incorporated. Furthermore, teaching outdated anti-phishing techniques might not help combat contemporary phishing attacks. Therefore, this research focuses on investigating the obfuscation techniques of phishing URLs used in anti-phishing education against the contemporary phishing attacks reported in PhishTank.com. Our results showed that URL obfuscation with IP address has become insignificant and it revealed two emerging URL obfuscation techniques, that attackers use lately, haven’t been incorporated into existing anti-phishing educational interventions

POINTER:a GDPR-compliant framework for human pentesting (for SMEs)

Penetration tests have become a valuable tool in any organisation’s arsenal, in terms of detecting vulnerabilities in their technical defences. Many organisations now also “penetration test” their employees, assessing their resilience and ability to repel human-targeted attacks. There are two problems with current frameworks: (1) few of these have been developed with SMEs in mind, and (2) many deploy spear phishing, thereby invading employee privacy, which could be illegal under the new European General Data Protection Regulation (GDPR) legislation. We therefore propose the PoinTER (Prepare TEst Remediate) Human Pentesting Framework. We subjected this framework to expert review and present it to open a discourse on the issue of formulating a GDPR- compliant Privacy-Respecting Employee Pentest for SMEs

Cultured epithelial autografts in the management of burn injuries: a review of the literature

Introduction. The management of large burn victims has significantly improved in the last decades. Specifically autologous cultured keratinocytes (CEA) overcame the problem of limited donor sites in severely burned patients. Several studies testing CEA's in their burn centers give mixed results on the general outcomes of burn patients. Methods. A review of publications with a minimum of 15 patients per study using CEA for the management of severe burn injury from 1989 until 2011 were recruited by using an online database including Medline, Pub Med and the archives of the medical library of the CHUV in Lausanne. Results. 18 studies with a total of 977 patients were included into this review. Most of the studies did not specify if CEA's were grafted alone or in combination with split thickness skin grafts (STSG) although most of the patients seemed to have received both methodologies in reviewed studies. The mean TBSA per study ranged from 33% to 78% in patients that were grafted with CEA's. Here no common minimum TBSA making a patient eligible for CEA grafting could be found. The definition of the "take rate" is not standardized and varied largely from 26% to 73%. Mortality and hospitalization time could not be shown to correlate with CEA use in all of the studies. As late complications, some authors described the fragility of the CEA regenerated skin. Conclusion. Since the healing of large burn victims demands for a variety of different surgical and non-surgical treatment strategies and the final outcome mainly depends on the burned surface as well as the general health condition of the patient, no definitive conclusion could be drawn from the use of CEA's of reviewed studies. From our own experience, we know that selected patients significantly profit from CEA grafts although cost efficiency or the reduction of mortality cannot be demonstrated on this particular cases

RHYTHM-AF: design of an international registry on cardioversion of atrial fibrillation and characteristics of participating centers

BACKGROUND Atrial fibrillation is a serious public health problem posing a considerable burden to not only patients, but the healthcare environment due to high rates of morbidity, mortality, and medical resource utilization. There are limited data on the variation in treatment practice patterns across different countries, healthcare settings and the associated health outcomes. METHODS/DESIGN RHYTHM-AF was a prospective observational multinational study of management of recent onset atrial fibrillation patients considered for cardioversion designed to collect data on international treatment patterns and short term outcomes related to cardioversion. We present data collected in 10 countries between May 2010 and June 2011. Enrollment was ongoing in Italy and Brazil at the time of data analysis. Data were collected at the time of atrial fibrillation episode in all countries (Australia, Brazil, France, Germany, Italy, Netherlands, Poland, Spain, Sweden, United Kingdom), and cumulative follow-up data were collected at day 60 (±10) in all but Spain. Information on center characteristics, enrollment data, patient demographics, detail of atrial fibrillation episode, medical history, diagnostic procedures, acute treatment of atrial fibrillation, discharge information and the follow-up data on major events and rehospitalizations up to day 60 were collected. DISCUSSIN A total of 3940 patients were enrolled from 175 acute care centers. 70.5% of the centers were either academic (44%) or teaching (26%) hospitals with an overall median capacity of 510 beds. The sites were mostly specialized with anticoagulation clinics (65.9%), heart failure (75.1%) and hypertension clinics (60.1%) available. The RHYTHM-AF registry will provide insight into regional variability of antiarrhythmic and antithrombotic treatment of atrial fibrillation, the appropriateness of such treatments with respect to outcomes, and their cost-efficacy. Observations will help inform strategies to improve cardiovascular outcomes in patients with atrial fibrillation. TRIAL REGISTRATION Clinical trials NCT01119716Harry JGM Crijns, Lori D Bash, François Chazelle, Jean-Yves Le Heuzey, Thorsten Lewalter, Gregory YH Lip, Aldo P Maggioni, Alfonso Martín, Piotr Ponikowski, Mårten Rosenqvist, Prashanthan Sanders, Mauricio Scanavacca, Alexandra A Bernhardt, Sreevalsa Unniachan, Hemant M Phatak and Anselm K Git

Seminar Users in the Arabic Twitter Sphere

We introduce the notion of "seminar users", who are social media users engaged in propaganda in support of a political entity. We develop a framework that can identify such users with 84.4% precision and 76.1% recall. While our dataset is from the Arab region, omitting language-specific features has only a minor impact on classification performance, and thus, our approach could work for detecting seminar users in other parts of the world and in other languages. We further explored a controversial political topic to observe the prevalence and potential potency of such users. In our case study, we found that 25% of the users engaged in the topic are in fact seminar users and their tweets make nearly a third of the on-topic tweets. Moreover, they are often successful in affecting mainstream discourse with coordinated hashtag campaigns.Comment: to appear in SocInfo 201

The paradigm-shift of social spambots: Evidence, theories, and tools for the arms race

Recent studies in social media spam and automation provide anecdotal argumentation of the rise of a new generation of spambots, so-called social spambots. Here, for the first time, we extensively study this novel phenomenon on Twitter and we provide quantitative evidence that a paradigm-shift exists in spambot design. First, we measure current Twitter's capabilities of detecting the new social spambots. Later, we assess the human performance in discriminating between genuine accounts, social spambots, and traditional spambots. Then, we benchmark several state-of-the-art techniques proposed by the academic literature. Results show that neither Twitter, nor humans, nor cutting-edge applications are currently capable of accurately detecting the new social spambots. Our results call for new approaches capable of turning the tide in the fight against this raising phenomenon. We conclude by reviewing the latest literature on spambots detection and we highlight an emerging common research trend based on the analysis of collective behaviors. Insights derived from both our extensive experimental campaign and survey shed light on the most promising directions of research and lay the foundations for the arms race against the novel social spambots. Finally, to foster research on this novel phenomenon, we make publicly available to the scientific community all the datasets used in this study.Comment: To appear in Proc. 26th WWW, 2017, Companion Volume (Web Science Track, Perth, Australia, 3-7 April, 2017

Coevolutionary algorithms for the optimization of strategies for red teaming applications

Red teaming (RT) is a process that assists an organization in finding vulnerabilities in a system whereby the organization itself takes on the role of an “attacker” to test the system. It is used in various domains including military operations. Traditionally, it is a manual process with some obvious weaknesses: it is expensive, time-consuming, and limited from the perspective of humans “thinking inside the box”. Automated RT is an approach that has the potential to overcome these weaknesses. In this approach both the red team (enemy forces) and blue team (friendly forces) are modelled as intelligent agents in a multi-agent system and the idea is to run many computer simulations, pitting the plan of the red team against the plan of blue team. This research project investigated techniques that can support automated red teaming by conducting a systematic study involving a genetic algorithm (GA), a basic coevolutionary algorithm and three variants of the coevolutionary algorithm. An initial pilot study involving the GA showed some limitations, as GAs only support the optimization of a single population at a time against a fixed strategy. However, in red teaming it is not sufficient to consider just one, or even a few, opponent‟s strategies as, in reality, each team needs to adjust their strategy to account for different strategies that competing teams may utilize at different points. Coevolutionary algorithms (CEAs) were identified as suitable algorithms which were capable of optimizing two teams simultaneously for red teaming. The subsequent investigation of CEAs examined their performance in addressing the characteristics of red teaming problems, such as intransitivity relationships and multimodality, before employing them to optimize two red teaming scenarios. A number of measures were used to evaluate the performance of CEAs and in terms of multimodality, this study introduced a novel n-peak problem and a new performance measure based on the Circular Earth Movers‟ Distance. Results from the investigations involving an intransitive number problem, multimodal problem and two red teaming scenarios showed that in terms of the performance measures used, there is not a single algorithm that consistently outperforms the others across the four test problems. Applications of CEAs on the red teaming scenarios showed that all four variants produced interesting evolved strategies at the end of the optimization process, as well as providing evidence of the potential of CEAs in their future application in red teaming. The developed techniques can potentially be used for red teaming in military operations or analysis for protection of critical infrastructure. The benefits include the modelling of more realistic interactions between the teams, the ability to anticipate and to counteract potentially new types of attacks as well as providing a cost effective solution

Territorial behavior and the economics of Botnets

This paper looks at the economics associated with botnets. This research can be used to calculate territorial sizes for online criminal networks. Looking at the types of systems we can compare the time required to maintain the botnet against the benefits received. In doing this it will be possible to formulate economic defence strategies that reduce the benefits received through the control of the botnet. We look at the decision to be territorial or not from the perspective of the criminal bot-herder. This is extended to an analysis of territorial size. The criminal running a botnet seeks to maximize profit. In doing this they need analyse the costs expended and benefits received against the territorial size. The result is a means to calculate the optimal size of the botnet and the expected returns. This information can be used to formulate security strategies that are designed to reduce the profitability of criminal botnets

Investigating causes of mortality in live export cattle

This research project was initiated to provide industry with current, credible, scientific data on causes of death and risk factors for mortality in Australian live export cattle on long-haul voyages. Animal data and necropsy samples were collected from animals that died on 20 research voyages during the study period March 2010 to September 2012. The average voyage mortality percentage was 0.37%. Respiratory disease was the most commonly diagnosed cause of death, accounting for 107/215 (49.8%) of deaths overall, and 107/181 (59.1%) of deaths for which a diagnosis could be made. In addition, pneumonia was identified in 33% of animals for which respiratory disease was not considered the primary cause of death. Other common causes of death included lameness (n = 22/181, 12.2%), ketosis (n = 12, 6.6%), septicemia (n = 11, 6.1%), and enteric disease (n = 10, 5.5%). Quantitative polymerase chain reaction (qPCR) assays were developed to detect viruses and bacteria known to be associated with bovine respiratory disease (BRD) in necropsy and nasal swab samples: Bovine coronavirus (BCoV, Betacoronavirus 1), Bovine herpesvirus 1 (BoHV-1), Bovine viral diarrhoea virus (BVDV), Bovine respiratory syncytial virus (BRSV), Bovine parainfluenza virus 3 (BPIV-3), Histophilus somni, Mycoplasma bovis, Mannheimia haemolytica and Pasteurella multocida Two-thirds (130/195) of animals from which lung samples were collected had histological changes and/or positive qPCR results suggestive of infectious lung disease: 93/130 (72%) had evidence of primary bacterial infection, 4 (3%) with primary viral infection, 29 (22%) with concurrent bacterial and viral infections, and for 4 (3%) the causative organism could not be indentified. M. bovis, H. somni, P. multocida, M. haemolytica and BCoV were significantly associated with respiratory disease during voyages. Results from nasal swab and serological samples collected at entry to the pre-export assembly depot indicated that there were significant differences in nasal and seroprevalence between animals sourced from different properties. Combined nasal swab and serum results suggest that BCoV and BVDV are likely to be important infectious agents in the development of BRD in live export cattle while BPIV-3 is unlikely to play a major role. The contribution of BoHV-1, BRSV and bacteria of interest is difficult to determine. Analysis of animal and voyage data collected by industry between January 1995 and December 2012 revealed that while there has been an overall reduction in voyage mortality rates since 2000, there remain significant differences in mortality rate between load and discharge regions. Examination of daily mortality data available for research voyages revealed that peak daily mortality risk occurs at 3-4 weeks post-departure. The development of methods for spatial analyses coupled with data available in the National Livestock Identification System database allowed the description of patterns of animal movement prior to export. This study has improved our understanding of causes of death and risk factors for mortality in Australian live export cattle. We now have baseline data on the prevalence of BRD organisms in live export cattle that could be used to develop strategies for BRD prevention and control prior to loading and during voyages

Visual Expressive Arts Therapy with Children: Fostering Multicultural Competency

Multicultural competency is increasingly viewed as a crucial skill for Counselling Psychologists who utilize visual expressive arts therapy. However, little research has provided a multicultural framework for using visual expressive arts therapy specifically with children; thus, in this article, a framework is proposed for using visual expressive arts therapy with children from diverse cultural backgrounds. Collins and Arthur's (2010b) three domains for cultivating multicultural competence (cultural self-awareness, awareness of client cultural identities, and a culturally sensitive working alliance) are used as a working model to demonstrate attitudes, knowledge, and skills particularly relevant when using expressive arts therapy with children. A personal reflection of the author’s cultural background and experiences with the visual arts is engaged in before exploring the culture of childhood, the universality of art-making, the utility of expressive arts with children from diverse cultural backgrounds, the assessment of children through art, and social justice issues.