Herding Vulnerable Cats: A Statistical Approach to Disentangle Joint Responsibility for Web Security in Shared Hosting

Hosting providers play a key role in fighting web compromise, but their ability to prevent abuse is constrained by the security practices of their own customers. {\em Shared} hosting, offers a unique perspective since customers operate under restricted privileges and providers retain more control over configurations. We present the first empirical analysis of the distribution of web security features and software patching practices in shared hosting providers, the influence of providers on these security practices, and their impact on web compromise rates. We construct provider-level features on the global market for shared hosting -- containing 1,259 providers -- by gathering indicators from 442,684 domains. Exploratory factor analysis of 15 indicators identifies four main latent factors that capture security efforts: content security, webmaster security, web infrastructure security and web application security. We confirm, via a fixed-effect regression model, that providers exert significant influence over the latter two factors, which are both related to the software stack in their hosting environment. Finally, by means of GLM regression analysis of these factors on phishing and malware abuse, we show that the four security and software patching factors explain between 10\% and 19\% of the variance in abuse at providers, after controlling for size. For web-application security for instance, we found that when a provider moves from the bottom 10\% to the best-performing 10\%, it would experience 4 times fewer phishing incidents. We show that providers have influence over patch levels--even higher in the stack, where CMSes can run as client-side software--and that this influence is tied to a substantial reduction in abuse levels

Issues in Evaluating Health Department Web-Based Data Query Systems: Working Papers

Compiles papers on conceptual and methodological topics to consider in evaluating state health department systems that provide aggregate data online, such as taxonomy, logic models, indicators, and design. Includes surveys and examples of evaluations

BIBS: A Lecture Webcasting System

The Berkeley Internet Broadcasting System (BIBS) is a lecture webcasting system developed and operated by the Berkeley Multimedia Research Center. The system offers live remote viewing and on-demand replay of course lectures using streaming audio and video over the Internet. During the Fall 2000 semester 14 classes were webcast, including several large lower division classes, with a total enrollment of over 4,000 students. Lectures were played over 15,000 times per month during the semester. The primary use of the webcasts is to study for examinations. Students report they watch BIBS lectures because they did not understand material presented in lecture, because they wanted to review what the instructor said about selected topics, because they missed a lecture, and/or because they had difficulty understanding the speaker (e.g., non-native English speakers). Analysis of various survey data suggests that more than 50% of the students enrolled in some large classes view lectures and that as many as 75% of the lectures are played by members of the Berkeley community. Faculty attitudes vary about the virtues of lecture webcasting. Some question the use of this technology while others believe it is a valuable aid to education. Further study is required to accurately assess the pedagogical impact that lecture webcasts have on student learning

Strategic management and development of UK university library websites

This research assessed website management and development practices across the United Kingdom university library sector. As a starting point, the design and features of this group of websites was recorded against criteria drawn from the extant literature. This activity established core content and features of UK library websites as: a search box or link for searching the library catalogue, electronic resources or website; a navigation column on the left and breadcrumb trail to aid information location and website orientation; homepage design was repeated on library website sub-pages; university brand elements appeared in the banner; and a contact us link was provided for communication with library personnel. Library websites conformed to 14 of the 20 homepage usability guidelines examined indicating that web managers were taking steps to ensure that users were well served by their websites. Areas for improvement included better navigation support (sitemap/index), greater adoption of new technologies and more interactive features. Website management and development practices were established through national survey and in-depth case studies. These illustrated the adoption of a team approach to website management and development; formal website policy and strategy were not routinely created; library web personnel and their ability to build effective links with colleagues at the institution made a valuable contribution to the success of a library website; corporate services and institutional practices played an important part in library website development; library staff were actively engaged in consultations with their website audience; and a user focused approach to website development prevailed. User studies and metric data were considered in the website evaluation and development process. However, there were some issues with both data streams and interpreting metric data to inform website development. Evaluation and development activities were not always possible due to staff/time shortages, technical constraints, corporate website templates, and, to a lesser extent, lack of finance