26,929 research outputs found
Knowledge society arguments revisited in the semantic technologies era
In the light of high profile governmental and international efforts to realise the knowledge society, I review the arguments made for and against it from a technology standpoint. I focus on advanced knowledge technologies with applications on a large scale and in open- ended environments like the World Wide Web and its ambitious extension, the Semantic Web. I argue for a greater role of social networks in a knowledge society and I explore the recent developments in mechanised trust, knowledge certification, and speculate on their blending with traditional societal institutions. These form the basis of a sketched roadmap for enabling technologies for a knowledge society
Danger is My Middle Name: Experimenting with SSL Vulnerabilities in Android Apps
This paper presents a measurement study of information leakage and SSL
vulnerabilities in popular Android apps. We perform static and dynamic analysis
on 100 apps, downloaded at least 10M times, that request full network access.
Our experiments show that, although prior work has drawn a lot of attention to
SSL implementations on mobile platforms, several popular apps (32/100) accept
all certificates and all hostnames, and four actually transmit sensitive data
unencrypted. We set up an experimental testbed simulating man-in-the-middle
attacks and find that many apps (up to 91% when the adversary has a certificate
installed on the victim's device) are vulnerable, allowing the attacker to
access sensitive information, including credentials, files, personal details,
and credit card numbers. Finally, we provide a few recommendations to app
developers and highlight several open research problems.Comment: A preliminary version of this paper appears in the Proceedings of ACM
WiSec 2015. This is the full versio
Towards Enhanced Usability of IT Security Mechanisms - How to Design Usable IT Security Mechanisms Using the Example of Email Encryption
Nowadays, advanced security mechanisms exist to protect data, systems, and
networks. Most of these mechanisms are effective, and security experts can
handle them to achieve a sufficient level of security for any given system.
However, most of these systems have not been designed with focus on good
usability for the average end user. Today, the average end user often struggles
with understanding and using security mecha-nisms. Other security mechanisms
are simply annoying for end users. As the overall security of any system is
only as strong as the weakest link in this system, bad usability of IT security
mechanisms may result in operating errors, resulting in inse-cure systems.
Buying decisions of end users may be affected by the usability of security
mechanisms. Hence, software provid-ers may decide to better have no security
mechanism then one with a bad usability. Usability of IT security mechanisms is
one of the most underestimated properties of applications and sys-tems. Even IT
security itself is often only an afterthought. Hence, usability of security
mechanisms is often the after-thought of an afterthought. This paper presents
some guide-lines that should help software developers to improve end user
usability of security-related mechanisms, and analyzes com-mon applications
based on these guidelines. Based on these guidelines, the usability of email
encryption is analyzed and an email encryption solution with increased
usability is presented. The approach is based on an automated key and trust
man-agement. The compliance of the proposed email encryption solution with the
presented guidelines for usable security mechanisms is evaluated
The New Forgotten Half and Research Directions to Support Them
This is one of a series of five papers outlining the particular domains and dimensions of inequality where new research may yield a better understanding of responses to this growing issue.Using data from the nationally representative Educational Longitudinal Survey (ELS), the authors examine the circumstances of youth who drop out of community college before attaining a credential, discuss institutional challenges in the era of increased college access, and outline a research agenda to help youth move beyond "some college" and achieve their potential
Spoiled Onions: Exposing Malicious Tor Exit Relays
Several hundred Tor exit relays together push more than 1 GiB/s of network
traffic. However, it is easy for exit relays to snoop and tamper with
anonymised network traffic and as all relays are run by independent volunteers,
not all of them are innocuous.
In this paper, we seek to expose malicious exit relays and document their
actions. First, we monitored the Tor network after developing a fast and
modular exit relay scanner. We implemented several scanning modules for
detecting common attacks and used them to probe all exit relays over a period
of four months. We discovered numerous malicious exit relays engaging in
different attacks. To reduce the attack surface users are exposed to, we
further discuss the design and implementation of a browser extension patch
which fetches and compares suspicious X.509 certificates over independent Tor
circuits.
Our work makes it possible to continuously monitor Tor exit relays. We are
able to detect and thwart many man-in-the-middle attacks which makes the
network safer for its users. All our code is available under a free license
- …