The Voyeur among Us: Navigating Around the Global Spyware Epidemic

Spyware poses a serious threat of privacy infringement to unassuming internet users across the globe. Existing European legislation attempts to protect end-users from unethical review and use of their personal data. Outlawing spyware technology and strengthening the legal consent requirement for data- mining may offer end users additional assurances that their privacy rights are upheld, as well as more tangible shelter from the existing spyware epidemic. These proposed solutions, however, will only create successful safe havens for internet users by obtaining international buy-in

Automated malware analysis based on Cuckoo Sandbox

Bakalářská práce se zabývá vytvořením kontrolovaného prostředí pro analýzu škodlivého kódu, ve kterém je provedena a popsána simulovaná analýza vybraného vzorku. Dále je obsahem práce analýza webového prostředí se zaměřením na malvertising kampaně a sdílení nalezených školdivých kódů.The bachelor thesis deals with the creation of a controlled environment for an analysis of malicious code, where simulated analysis of a selected sample is conducted and described. Furthermore, the content of the work is a web environment analysis aimed on malvertising campaigns and sharing founded malicious codes.

The Legal Status of Spyware

This Article examines the legal status of Spyware under federal and common law in the United States of America. The Authors begin with a technical overview of Spyware technology, which covers Spyware\u27s functionality, methods of dispersion, and classification. The Authors then analyze the treatment of Spyware under the Computer Fraud and Abuse Act, the Stored Communications Act, the Wiretap Act, and under general tort claims of trespass to chattels, invasion of privacy, and intrusion upon seclusion. The Authors conclude that none of the aformentioned causes of action provide an adequate remedy at law for Spyware victims. Moreover, the Authors note that even if an adequate cause of action were to exist, Spyware developers could avoid civil litigation by operating solely within Spyware friendly jurisdictions. The Authors speculate that an appropriate solution would be for the legislature to require all Spyware programs to contain multi-click End User License Agreements. Not only would this approach protect consumers by enabling them to make informed decisions and creating an effective cause of action against Spyware distributors, it would also help the Spyware industry as a whole by legitimizing commercially viable Spyware programs

The Legal Status of Spyware

This Article examines the legal status of Spyware under federal and common law in the United States of America. The Authors begin with a technical overview of Spyware technology, which covers Spyware\u27s functionality, methods of dispersion, and classification. The Authors then analyze the treatment of Spyware under the Computer Fraud and Abuse Act, the Stored Communications Act, the Wiretap Act, and under general tort claims of trespass to chattels, invasion of privacy, and intrusion upon seclusion. The Authors conclude that none of the aformentioned causes of action provide an adequate remedy at law for Spyware victims. Moreover, the Authors note that even if an adequate cause of action were to exist, Spyware developers could avoid civil litigation by operating solely within Spyware friendly jurisdictions. The Authors speculate that an appropriate solution would be for the legislature to require all Spyware programs to contain multi-click End User License Agreements. Not only would this approach protect consumers by enabling them to make informed decisions and creating an effective cause of action against Spyware distributors, it would also help the Spyware industry as a whole by legitimizing commercially viable Spyware programs

Search engine poisoning and its prevalence in modern search engines

The prevalence of Search Engine Poisoning in trending topics and popular search terms on the web within search engines is investigated. Search Engine Poisoning is the act of manipulating search engines in order to display search results from websites infected with malware. Research done between February and August 2012, using both manual and automated techniques, shows us how easily the criminal element manages to insert malicious content into web pages related to popular search terms within search engines. In order to provide the reader with a clear overview and understanding of the motives and the methods of the operators of Search Engine Poisoning campaigns, an in-depth review of automated and semi-automated web exploit kits is done, as well as looking into the motives for running these campaigns. Three high profile case studies are examined, and the various Search Engine Poisoning campaigns associated with these case studies are discussed in detail to the reader. From February to August 2012, data was collected from the top trending topics on Google’s search engine along with the top listed sites related to these topics, and then passed through various automated tools to discover if these results have been infiltrated by the operators of Search Engine Poisoning campaings, and the results of these automated scans are then discussed in detail. During the research period, manual searching for Search Engine Poisoning campaigns was also done, using high profile news events and popular search terms. These results are analysed in detail to determine the methods of attack, the purpose of the attack and the parties behind i

GRAPHICAL ONE-TIME PASSWORD AUTHENTICATION

Complying with a security policy often requires users to create long and complex passwords to protect their accounts. However, remembering such passwords appears difficult for many and may lead to insecure practices, such as choosing weak passwords or writing them down. One-Time Passwords (OTPs) aim to overcome such problems; however, most implemented OTP techniques require special hardware, which not only adds costs, but also raises issues regarding availability. This type of authentication mechanism is mostly adopted by online banking systems to secure their clients’ accounts. However, carrying around authentication tokens was found to be an inconvenient experience for many customers. Not only the inconvenience, but if the token was unavailable, for any reason, this would prevent customers from accessing their accounts securely. In contrast, there is the potential to use graphical passwords as an alternative authentication mechanism designed to aid memorability and ease of use. The idea of this research is to combine the usability of recognition-based and draw-based graphical passwords with the security of OTP. A new multi-level user-authentication solution known as: Graphical One-Time Password (GOTPass) was proposed and empirically evaluated in terms of usability and security aspects. The usability experiment was conducted during three separate sessions, which took place over five weeks, to assess the efficiency, effectiveness, memorability and user satisfaction of the new scheme. The results showed that users were able to easily create and enter their credentials as well as remember them over time. Eighty-one participants carried out a total of 1,302 login attempts with a 93% success rate and an average login time of 24.5 seconds. With regard to the security evaluation, the research simulated three common types of graphical password attacks (guessing, intersection, and shoulder-surfing). The participants’ task was to act as attackers to try to break into the system. The GOTPass scheme showed a high resistance capability against the attacks, as only 3.3% of the 690 total attempts succeeded in compromising the system.King Abdulaziz City for Science and Technolog