2,888 research outputs found
Invisible Pixels Are Dead, Long Live Invisible Pixels!
Privacy has deteriorated in the world wide web ever since the 1990s. The
tracking of browsing habits by different third-parties has been at the center
of this deterioration. Web cookies and so-called web beacons have been the
classical ways to implement third-party tracking. Due to the introduction of
more sophisticated technical tracking solutions and other fundamental
transformations, the use of classical image-based web beacons might be expected
to have lost their appeal. According to a sample of over thirty thousand images
collected from popular websites, this paper shows that such an assumption is a
fallacy: classical 1 x 1 images are still commonly used for third-party
tracking in the contemporary world wide web. While it seems that ad-blockers
are unable to fully block these classical image-based tracking beacons, the
paper further demonstrates that even limited information can be used to
accurately classify the third-party 1 x 1 images from other images. An average
classification accuracy of 0.956 is reached in the empirical experiment. With
these results the paper contributes to the ongoing attempts to better
understand the lack of privacy in the world wide web, and the means by which
the situation might be eventually improved.Comment: Forthcoming in the 17th Workshop on Privacy in the Electronic Society
(WPES 2018), Toronto, AC
Design and Preliminary Testing of Demand-Responsive Transverse Rumble Strips
Transverse rumble strips are common practice to alert drivers by engaging their auditory and tactile senses in addition to visual senses by traffic signals. However, continuous exposure to noise and vibration by transverse rumble strips often results in diminished effectiveness and erratic behaviors, leading to additional safety challenges. In response, demand-responsive transverse rumble strips were developed as traffic safety countermeasures that reduce unnecessary noise and vibration associated with transverse rumble strips by incorporating active control of the rumble strips. Rather than staying static, demand-responsive transverse rumble strips are activated based on the presence of pedestrians, at predesignated times, or in response to abrupt changes in traffic flow. To evaluate the effectiveness of demand-responsive transverse rumble strips, the research team assessed noise and vibration data, both inside the vehicles and on the roadside, for various types of vehicles traveling at different speeds. The test data indicate that demand-responsive transverse rumble strips produced noticeable in-vehicle noise and vibration that could alert drivers to downstream events. Furthermore, demand-responsive transverse rumble strips generated sufficient noise to alert roadside pedestrians to vehicle presence but at low enough level to be considered as acceptable for a residential neighborhood use. Accordingly, demand-responsive transverse rumble strips could address the challenges that static transverse rumble strips face, by providing a design with relatively limited noise while enhancing safety
Definition of Spam 2.0: New Spamming Boom
The most widely recognized form of spam is e-mail spam, however the term “spam” is used to describe similarabuses in other media and mediums. Spam 2.0 (or Web 2.0 Spam) is refereed to as spam content that is hosted on online Web 2.0 applications. In this paper: we provide a definition of Spam 2.0, identify and explain different entities within Spam 2.0, discuss new difficulties associated with Spam 2.0, outline its significance, and list possible countermeasure. The aim of this paper is to provide the reader with a complete understanding of this new form of spamming
Command & Control: Understanding, Denying and Detecting - A review of malware C2 techniques, detection and defences
In this survey, we first briefly review the current state of cyber attacks,
highlighting significant recent changes in how and why such attacks are
performed. We then investigate the mechanics of malware command and control
(C2) establishment: we provide a comprehensive review of the techniques used by
attackers to set up such a channel and to hide its presence from the attacked
parties and the security tools they use. We then switch to the defensive side
of the problem, and review approaches that have been proposed for the detection
and disruption of C2 channels. We also map such techniques to widely-adopted
security controls, emphasizing gaps or limitations (and success stories) in
current best practices.Comment: Work commissioned by CPNI, available at c2report.org. 38 pages.
Listing abstract compressed from version appearing in repor
Addressing telecommuting in cyber security guidelines
Cyber security threats are becoming more common than before. New phenomena in society
include new cyber security threats which organisations and society should prepare for. One of
these phenomena is telecommuting. Telecommuting has its roots already in the 1970s, but it has
become increasingly popular during the last years. Especially the pandemic caused by Covid-19
has changed the way of working drastically. Pandemic and the social distancing forced many
organisations to have their employees working from home. Information technology has abled
telecommuting, but it has also brought some problems such as security issues. Cyber security
threats have increased and become more diverse during the mass telecommuting caused by Covid-19. Telecommuting has some special features that can increase cyber security threats and risks.
In this research the following cyber security threats relating to telecommuting were identified to
be most relevant: cyber attacks, social engineering, unauthorized access and physical security.
Previous literature has identified that there exist cyber security threats in telecommuting, but it
has remained unclear how organisations manage and mitigate these in practice. Many of the
identified threats relate to employees’ unwanted behaviour. Employees are unaware of the threats
facing the organisation in telecommuting. Some employees have not been provided with proper
guidelines and instruction on secure way of working. Information security policies and guidelines
are important for maintaining cyber security in organisations. Policies can be even seen as the
basis for organisation’s cyber security. This research studied which guidelines could be applicable
in a telecommuting environment in order to mitigate the common cyber security threats. Most
prominent cyber security guidelines for telecommuting identified in this research were guidelines
for personal and mobile devices, guidelines for social engineering, guidelines for physical
security, network guidelines, password guidelines and guidelines for online meetings.
Case study of multiple cases was used as a method for this study. The cases are seven Finnish
universities. The empirical data consists of cyber security and telecommuting guidelines from the
universities. These guidelines were analysed by reflecting to the theoretical framework. The
analysis showed that especially guidelines for physical security and online meetings were lacking.
The presence of outsiders in the telecommuting environment was addressed poorly. Outsiders are
a threat both to physical and online meeting security as outsiders may see or hear confidential
things. In addition, guidelines were not addressing data labelling and information release. Threats
specific to Covid-19 were also addressed poorly even though cyber criminals have exploited the
pandemic. Guidelines seemed to be otherwise comprehensive. Threats that were addressed poorly
have been especially relevant during the pandemic which suggests that organisations’ guidelines
are not quite up to date even though otherwise applicable. Organisations should review and update
their guidelines periodically and if a major change occurs in the operation environment.Kyberturvallisuusuhat ovat yleistymässä. Uudet ilmiöt tuovat mukanaan uusia
kyberturvallisuusuhkia, joihin organisaatioiden ja yhteiskunnan tulee varautua. Yksi näistä
ilmiöistä on etätyö. Etätyön juuret ovat jo 1970-luvulla, mutta sen suosio on kasvanut viime
vuosina. Erityisesti Covid-19 ja sen aiheuttama pandemia ovat muuttaneet työn toimintatapoja
radikaalisti, sillä pandemia pakotti monet työntekijät etätyöhön. Tietotekniikka on mahdollistanut
etätyön, mutta se on tuonut myös ongelmia liittyen kyberturvaan. Kyberturvallisuusuhat ovat
lisääntyneet ja monipuolistuneet pandemian aiheuttaman laajalle levinneen etätyön myötä.
Etätyössä on joitain erityispiirteitä, jotka voivat lisätä kyberturvallisuusuhkia ja -riskejä
perinteiseen työntekoon verraten. Tässä tutkimuksessa tärkeimmiksi etätyöhön liittyviksi
kyberuhiksi tunnistettiin kyberhyökkäykset, sosiaalinen manipulointi, valtuuttamaton pääsy ja
huono fyysinen turvallisuus.
Aikaisemmassa kirjallisuudessa on havaittu, että etätyöhön liittyy kyberturvallisuusuhkia, mutta
on jäänyt epäselväksi, miten organisaatiot hallitsevat ja vähentävät niitä käytännössä. Monet
tunnistetuista uhista liittyvät työntekijöiden ei-toivottuun käyttäytymiseen. Työntekijät eivät
välttämättä ole tietoisia etätyön uhista organisaatiolle. Osalle työntekijöistä ei ole myöskään
annettu asianmukaisia ohjeita kyberturvallisista työskentelytavoista. Tietoturvapolitiikat ja -
ohjeet ovat tärkeitä organisaatioiden kyberturvallisuuden ylläpitämisessä. Politiikkoja voidaan
pitää jopa organisaation kyberturvallisuuden perustana. Tässä tutkimuksessa selvitettiin,
minkälaisia ohjeita tarvitaan etätyössä yleisten kyberturvallisuusuhkien lieventämiseksi. Tässä
tutkimuksessa tunnistetut kyberturvallisuusohjeet etätyöhön liittyivät henkilökohtaisten ja
mobiililaitteiden käyttöön, sosiaaliseen manipulointiin, fyysiseen turvallisuuteen, turvattomiin
verkkoihin, salasanoihin ja online-kokouksiin.
Tutkimusmetodina tässä tutkimuksessa käytettiin usean tapauksen tapaustutkimusta. Tapauksina
toimivat seitsemän suomalaista yliopistoa. Empiirinen data koostuu Suomessa toimivien
yliopistojen kyberturvallisuus- ja etätyöohjeista. Nämä ohjeet analysoitiin teoreettiseen
viitekehyksen avulla ja siihen viitaten. Analyysi osoitti, että erityisesti fyysistä turvallisuutta ja
online-kokouksia koskevat ohjeet ovat puutteellisia. Ulkopuolisten läsnäolo etätyöympäristössä
on huomioitu huonosti. Ulkopuoliset ovat uhka sekä fyysiselle että online-kokousten
turvallisuudelle, koska ulkopuoliset voivat nähdä tai kuulla luottamuksellisia asioita. Lisäksi
datan merkitsemiseen ja tiedon jakamiseen liittyvät ohjeet puuttuivat. Covid-19 oli myös
huomioitu huonosti, vaikka pandemian aikana on ollut useita kyberhyökkäyksiä, jotka ovat
hyödyntäneet Covid-19 tuomaa epävarmuutta. Yliopistojen ohjeet näyttivät muuten olevan
kattavat. Huonosti huomioon otetut ohjeet ovat sellaisia, jotka ovat olleet esillä etenkin
pandemian aikana. Vaikuttaa siltä, että organisaatioiden ohjeet eivät ole täysin ajan tasalla, vaikka
ne muuten olisivat tarkoituksenmukaiset. Organisaatioiden tuleekin tarkistaa ja päivittää ohjeitaan
säännöllisesti ja aina, jos toimintaympäristössä tapahtuu suuria muutoksia
- …