Smart techniques and tools to detect Steganography - a viable practice to Security Office Department

Dissertation presented as the partial requirement for obtaining a Master's degree in Information Management, specialization in Information Systems and Technologies ManagementInternet is today a commodity and a way for being connect to the world. It is through Internet is where most of the information is shared and where people run their businesses. However, there are some people that make a malicious use of it. Cyberattacks have been increasing all over the recent years, targeting people and organizations, looking to perform illegal actions. Cyber criminals are always looking for new ways to deliver malware to victims to launch an attack. Millions of users share images and photos on their social networks and generally users find them safe to use. Contrary to what most people think, images can contain a malicious payload and perform harmful actions. Steganography is the technique of hiding data, which, combined with media files, can be used to place malicious code. This problem, leveraged by the continuous media file sharing through massive use of digital platforms, may become a worldwide threat in malicious content sharing. Like phishing, people and organizations must be trained to suspect about inappropriate content and implement the proper set of actions to reduce probability of infections when accessing files supposed to be inoffensive. The aim of this study will try to help people and organizations by trying to set a toolbox where it can be possible to get some tools and techniques to assist in dealing with this kind of situations. A theoretical overview will be performed over other concepts such as Steganalysis, touching also Deep Learning and in Machine Learning to assess which is the range of its applicability in find solutions in detection and facing these situations. In addition, understanding the current main technologies, architectures and users’ hurdles will play an important role in designing and developing the proposed toolbox artifact

Studying Malicious Websites and the Underground Economy on the Chinese Web

The World Wide Web gains more and more popularity within China with more than 1.31 million websites on the Chinese Web in June 2007. Driven by the economic profits, cyber criminals are on the rise and use the Web to exploit innocent users. In fact, a real underground black market with thousand of participants has developed which brings together malicious users who trade exploits, malware, virtual assets, stolen credentials, and more. In this paper, we provide a detailed overview of this underground black market and present a model to describe the market. We substantiate our model with the help of measurement results within the Chinese Web. First, we show that the amount of virtual assets traded on this underground market is huge. Second, our research proofs that a significant amount of websites within China’s part of the Web are malicious: our measurements reveal that about 1.49% of the examined sites contain some kind of malicious content

What\u27s So Great about Nothing? The GNU General Public License and the Zero-Price-Fixing Problem

In 1991, Linus Torvalds released the first version of the Linux operating system. Like many other beneficiaries of the subsequent dot-com boom, Torvalds worked on a limited budget. Clad in a bathrobe, clattering away on a computer purchased on credit, subsisting on a diet of pretzels and dry pasta, hiding in a tiny room that was outfitted with thick black shades designed to block out Finland\u27s summer sun, Torvalds programmed Linux. Like some other beneficiaries of the subsequent dot-com boom, Torvalds created a product that is now used by millions. He owns stock options worth seven figures. Computer industry giants, such as IBM, Novell, and Sun, have invested time and energy in his work. But unlike many other beneficiaries of the subsequent dot-com boom, Torvalds gave Linux away for free. This Note argues that Section 2(b) of the GPL, which requires that sublicenses be granted at no charge, is a permissible price restraint. The justification for this is ... nothing. Or, rather: a price of nothing on future distributions can and should be distinguished from non-zero prices. Although the vast majority of price-fixing is per se illegal, restraints on price that are necessary to achieve important procompetitive goals may be evaluated under the less restrictive rule of reason, which weighs the anticompetitive consequences of a practice against the procompetitive results. Part I demonstrates that GPL-based software could not be freely shared and modified without Section 2(b)\u27s restriction on price. The import of this is that Section 2(b)\u27s restraint on price is ancillary to goals that serve competition, and thus a per se rule should not be applied. The prohibition on price-fixing arises out of two separate concerns about competition. First, antitrust law seeks to protect consumers from higher prices fixed by cartels rather than by a competitive market. Second, antitrust law relies on market competition to produce higher-quality products. The remainder of this Note demonstrates that the use of the GPL is consistent with the goals of antitrust law. Establishing that the restraint is ancillary to other considerations does not determine whether the agreement violates antitrust law; instead, the restraint\u27s effect on competition must be evaluated

Reducing the risk of e-mail phishing in the state of Qatar through an effective awareness framework

In recent years, cyber crime has focused intensely on people to bypass existing sophisticated security controls; phishing is one of the most common forms of such attack. This research highlights the problem of e-mail phishing. A lot of previous research demonstrated the danger of phishing and its considerable consequences. Since users behaviour is unpredictable, there is no reliable technological protective solution (e.g. spam filters, anti-viruses) to diminish the risk arising from inappropriate user decisions. Therefore, this research attempts to reduce the risk of e-mail phishing through awareness and education. It underlines the problem of e-mail phishing in the State of Qatar, one of world s fastest developing countries and seeks to provide a solution to enhance people s awareness of e-mail phishing by developing an effective awareness and educational framework. The framework consists of valuable recommendations for the Qatar government, citizens and organisations responsible for ensuring information security along with an educational agenda to train them how to identify and avoid phishing attempts. The educational agenda supports users in making better trust decisions to avoid phishing that could complement any technical solutions. It comprises a collection of training methods: conceptual, embedded, e-learning and learning programmes which include a television show and a learning session with a variety of teaching components such as a game, quizzes, posters, cartoons and a presentation. The components were tested by trial in two Qatari schools and evaluated by experts and a representative sample of Qatari citizens. Furthermore, the research proves the existence and extent of the e-mail phishing problem in Qatar in comparison with the UK where people were found to be less vulnerable and more aware. It was discovered that Qatar is an attractive place for phishers and that a lack of awareness and e-law made Qatar more vulnerable to the phishing. The research identifies the factors which make Qatari citizens susceptible to e-mail phishing attacks such as cultural, country-specific factors, interests and beliefs, religion effect and personal characteristics and this identified the need for enhancing Qatari s level of awareness on phishing threat. Since literature on phishing in Qatar is sparse, empirical and non-empirical studies involved a variety of surveys, interviews and experiments. The research successfully achieved its aim and objectives and is now being considered by the Qatari Government

Reanimating cultural heritage through digital technologies

Digital technologies are becoming extremely important for web-based cultural heritage applications. This thesis presents novel digital technology solutions to 'access and interact' with digital heritage objects and collections. These innovative solutions utilize service orientation (web services), workflows, and social networking and Web 2.0 mashup technologies to innovate the creation, interpretation and use of collections dispersed in a global museumscape, where community participation is achieved through social networking. These solutions are embedded in a novel concept called Digital Library Services for Playing with Shared Heritage (DISPLAYS). DISPLAYS is concerned with creating tools and services to implement a digital library system, which allows the heritage community and museum professionals alike to create, interpret and use digital heritage content in visualization and interaction environments using web technologies based on social networking. In particular, this thesis presents a specific implementation of DISPLAYS called the Reanimating Cultural Heritage system, which is modelled on the five main functionalities or services defined in the DISPLAYS architecture, content creation, archival, exposition, presentation and interaction, for handling digital heritage objects. The main focus of this thesis is the design of the Reanimating Cultural Heritage system's social networking functionality that provides an innovative solution for integrating community access and interaction with the Sierra Leone digital heritage repository composed of collections from the British Museum, Glasgow Museums and Brighton Museum and Art Gallery. The novel use of Web 2.0 mashups in this digital heritage repository also allows the seamless integration of these museum collections to be merged with user or community generated content, while preserving the quality of museum collections data. Finally, this thesis tests and evaluates the usability of the Reanimating Cultural Heritage social networking system, in particular the suitability of the digital technology solution deployed. Testing is performed with a user group composed of several users, and the results obtained are presented

Text books untuk mata kuliah pemrograman web

.HTML.And.Web.Design.Tips.And.Techniques.Jan.2002.ISBN.0072228253.pd