Regarding “THE METHODOLOGY AND AN APPLICATION TO FIGHT AGAINST UNICODE ATTACKS” —
— Although I really like the work that’s presented in this paper, I do not like the way that Fu, Deng and Liu call this a “Unicode Attack.” This kind of attack has been previously called “homographic attack.” It’s a better name because:
[...]
Read the paper here.
Unicode makes available a wide range of similar-looking characters that can be used to fool us into trusting the wrong domain name or address. For example, “citibank” can be spelled with similar-looking characters in over 200 billion different ways (there are about 20 characters that look like “c”, 58 that look [...]
A number of the presentations and papers have used the term “transparent” to describe their usable design goals. Our authors are using “transparency” to refer to making an interface or service readily understood by hiding the complexity of the underlying system.
This use of the term “transparent” is different from usage in normal English, where “transparent” [...]
Read the paper here.
How do users make decisions? Are they aware of the risks? What cues do they use and how do they interpret security messages?
This study interviewed 20 users who had never changed their security preferences, built a website, or helped someone fix their computer, and asked them to explain their concepts [...]
Read the abstract here.
Ping: Users must know whom they’re talking to
Phishing is a masquerade where who you’re talking to is not who you think you’re talking to. But your computer can’t read your mind and it can’t prevent you from talking to someone, so the best solution is to make sure users can really [...]
Read the paper here.
Many organizations tell users to create “mnemonic phrase-based passwords” — passwords made up by thinking of a memorable sentence or phrase, then compressing each word of the phrase to a character (such as its first letter, a number, or a punctuation character). Association with the phrase helps users remember their passwords, [...]
Read the paper here.
This study compared the real and perceived vulnerability of Passfaces (a graphical password system) to dictionary and non-dictionary passwords. There were four conditions: Passfaces with a mouse, Passfaces with the keyboard, a dictionary password, and a non-dictionary password.
The study confirmed that the concern about shoulder-surfing vulnerability of Passfaces with a mouse [...]
Read the paper here.
This study of password use surveyed about 50 Princeton undergraduates. The participants had, on average, about 3 passwords, they acquire more accounts over time, and they reuse their passwords more as they acquire more accounts. Participants most commonly rely on their memory to recall passwords, and not using software tools. [...]
Read the paper here.
Passpet is a Firefox extension that helps you manage your passwords and protects you from phishing. You memorize one master secret, and you click on your Passpet to generate a unique password for each site. The Passpet icon is a randomly chosen animal that differs from user to user. [...]
Read the paper here.
People tend to share files using e-mail instead of file sharing systems. The authors feel that one of the major obstacles to using file sharing features is the difficulty of end-user access control, and so they decided to analyze this problem. They looked at the access control mechanism in the [...]
Read the paper here.
The authors believe that better tools for communicating privacy policies will lead to better privacy protection and privacy-preserving use of personal information. Their tool, SPARCLE, helps organizations analyze and construct clearer privacy policies, and helps them implement policies and check for compliance.
The policy-writing part of SPARCLE lets users construct privacy rules [...]
Read the paper here.
The Polaris software is described in a technical report at the HP website. It isolates applications in separate user accounts to reduce the damage that can be done by viruses and trojans.
The authors conducted a usability study measuring effectiveness, efficiency, and user satisfaction, and asked users to complete eight tasks. [...]