Do Not Advertise: The Current Fight Against Unsolicited Advertisements

Have you ever received a phone call from a telemarketer during dinner? Do e-mails entitled Protect Your Computer Against Viruses for $9.95 or GET A FREE PASS TO THOUSANDS OF XXX SITES annoy you? Are you tired of watching advertisements that continue after the posted start time for a movie? Many Americans are irritated with the amount of daily interruptions caused by the current lack of advertising regulations. In some instances, the advertisers shift their marketing costs to unwilling e-mail users or moviegoers. This article focuses on unsolicited communications and potential solutions to the seemingly endless problem of spam

Technical report and user guide: the 2010 EU kids online survey

This technical report describes the design and implementation of the EU Kids Online survey of 9-16 year old internet using children and their parents in 25 countries European countries

Adversarial behaviours knowledge area

The technological advancements witnessed by our society in recent decades have brought improvements in our quality of life, but they have also created a number of opportunities for attackers to cause harm. Before the Internet revolution, most crime and malicious activity generally required a victim and a perpetrator to come into physical contact, and this limited the reach that malicious parties had. Technology has removed the need for physical contact to perform many types of crime, and now attackers can reach victims anywhere in the world, as long as they are connected to the Internet. This has revolutionised the characteristics of crime and warfare, allowing operations that would not have been possible before. In this document, we provide an overview of the malicious operations that are happening on the Internet today. We first provide a taxonomy of malicious activities based on the attacker’s motivations and capabilities, and then move on to the technological and human elements that adversaries require to run a successful operation. We then discuss a number of frameworks that have been proposed to model malicious operations. Since adversarial behaviours are not a purely technical topic, we draw from research in a number of fields (computer science, criminology, war studies). While doing this, we discuss how these frameworks can be used by researchers and practitioners to develop effective mitigations against malicious online operations.Published versio

Web Tracking: Mechanisms, Implications, and Defenses

This articles surveys the existing literature on the methods currently used by web services to track the user online as well as their purposes, implications, and possible user's defenses. A significant majority of reviewed articles and web resources are from years 2012-2014. Privacy seems to be the Achilles' heel of today's web. Web services make continuous efforts to obtain as much information as they can about the things we search, the sites we visit, the people with who we contact, and the products we buy. Tracking is usually performed for commercial purposes. We present 5 main groups of methods used for user tracking, which are based on sessions, client storage, client cache, fingerprinting, or yet other approaches. A special focus is placed on mechanisms that use web caches, operational caches, and fingerprinting, as they are usually very rich in terms of using various creative methodologies. We also show how the users can be identified on the web and associated with their real names, e-mail addresses, phone numbers, or even street addresses. We show why tracking is being used and its possible implications for the users (price discrimination, assessing financial credibility, determining insurance coverage, government surveillance, and identity theft). For each of the tracking methods, we present possible defenses. Apart from describing the methods and tools used for keeping the personal data away from being tracked, we also present several tools that were used for research purposes - their main goal is to discover how and by which entity the users are being tracked on their desktop computers or smartphones, provide this information to the users, and visualize it in an accessible and easy to follow way. Finally, we present the currently proposed future approaches to track the user and show that they can potentially pose significant threats to the users' privacy.Comment: 29 pages, 212 reference

An Exploratory Study of a User\u27s Facebook Security and Privacy Settings

There are many potential security risks with social networking sites and the individuals who use them. These sites have been adopted by people of all ages worldwide, empowering new opportunities for the presentation of the self-learning, construction of a wide circle of relationships, and the management of privacy and intimacy. This study analyses the effect of social networking security practices, more specifically Facebook and its security and privacy settings. We identify four hypotheses: The more important Facebook users believe security is an important factor in choosing a social network, the more often they will change their security settings, the more important protection against ID theft is for Facebook users, the more frequently they will change their privacy settings, Facebook users who have left their security on a default setting have more frequently fallen victim to a virus or malware attack, and users of Facebook who have their privacy set to a custom setting are less likely to receive an attack on their profile

Command & Control: Understanding, Denying and Detecting - A review of malware C2 techniques, detection and defences

In this survey, we first briefly review the current state of cyber attacks, highlighting significant recent changes in how and why such attacks are performed. We then investigate the mechanics of malware command and control (C2) establishment: we provide a comprehensive review of the techniques used by attackers to set up such a channel and to hide its presence from the attacked parties and the security tools they use. We then switch to the defensive side of the problem, and review approaches that have been proposed for the detection and disruption of C2 channels. We also map such techniques to widely-adopted security controls, emphasizing gaps or limitations (and success stories) in current best practices.Comment: Work commissioned by CPNI, available at c2report.org. 38 pages. Listing abstract compressed from version appearing in repor