Knowledge society arguments revisited in the semantic technologies era

In the light of high profile governmental and international efforts to realise the knowledge society, I review the arguments made for and against it from a technology standpoint. I focus on advanced knowledge technologies with applications on a large scale and in open- ended environments like the World Wide Web and its ambitious extension, the Semantic Web. I argue for a greater role of social networks in a knowledge society and I explore the recent developments in mechanised trust, knowledge certification, and speculate on their blending with traditional societal institutions. These form the basis of a sketched roadmap for enabling technologies for a knowledge society

Danger is My Middle Name: Experimenting with SSL Vulnerabilities in Android Apps

This paper presents a measurement study of information leakage and SSL vulnerabilities in popular Android apps. We perform static and dynamic analysis on 100 apps, downloaded at least 10M times, that request full network access. Our experiments show that, although prior work has drawn a lot of attention to SSL implementations on mobile platforms, several popular apps (32/100) accept all certificates and all hostnames, and four actually transmit sensitive data unencrypted. We set up an experimental testbed simulating man-in-the-middle attacks and find that many apps (up to 91% when the adversary has a certificate installed on the victim's device) are vulnerable, allowing the attacker to access sensitive information, including credentials, files, personal details, and credit card numbers. Finally, we provide a few recommendations to app developers and highlight several open research problems.Comment: A preliminary version of this paper appears in the Proceedings of ACM WiSec 2015. This is the full versio

Towards Enhanced Usability of IT Security Mechanisms - How to Design Usable IT Security Mechanisms Using the Example of Email Encryption

Nowadays, advanced security mechanisms exist to protect data, systems, and networks. Most of these mechanisms are effective, and security experts can handle them to achieve a sufficient level of security for any given system. However, most of these systems have not been designed with focus on good usability for the average end user. Today, the average end user often struggles with understanding and using security mecha-nisms. Other security mechanisms are simply annoying for end users. As the overall security of any system is only as strong as the weakest link in this system, bad usability of IT security mechanisms may result in operating errors, resulting in inse-cure systems. Buying decisions of end users may be affected by the usability of security mechanisms. Hence, software provid-ers may decide to better have no security mechanism then one with a bad usability. Usability of IT security mechanisms is one of the most underestimated properties of applications and sys-tems. Even IT security itself is often only an afterthought. Hence, usability of security mechanisms is often the after-thought of an afterthought. This paper presents some guide-lines that should help software developers to improve end user usability of security-related mechanisms, and analyzes com-mon applications based on these guidelines. Based on these guidelines, the usability of email encryption is analyzed and an email encryption solution with increased usability is presented. The approach is based on an automated key and trust man-agement. The compliance of the proposed email encryption solution with the presented guidelines for usable security mechanisms is evaluated

The New Forgotten Half and Research Directions to Support Them

This is one of a series of five papers outlining the particular domains and dimensions of inequality where new research may yield a better understanding of responses to this growing issue.Using data from the nationally representative Educational Longitudinal Survey (ELS), the authors examine the circumstances of youth who drop out of community college before attaining a credential, discuss institutional challenges in the era of increased college access, and outline a research agenda to help youth move beyond "some college" and achieve their potential

Spoiled Onions: Exposing Malicious Tor Exit Relays

Several hundred Tor exit relays together push more than 1 GiB/s of network traffic. However, it is easy for exit relays to snoop and tamper with anonymised network traffic and as all relays are run by independent volunteers, not all of them are innocuous. In this paper, we seek to expose malicious exit relays and document their actions. First, we monitored the Tor network after developing a fast and modular exit relay scanner. We implemented several scanning modules for detecting common attacks and used them to probe all exit relays over a period of four months. We discovered numerous malicious exit relays engaging in different attacks. To reduce the attack surface users are exposed to, we further discuss the design and implementation of a browser extension patch which fetches and compares suspicious X.509 certificates over independent Tor circuits. Our work makes it possible to continuously monitor Tor exit relays. We are able to detect and thwart many man-in-the-middle attacks which makes the network safer for its users. All our code is available under a free license