http://cups.cs.cmu.edu/soups/2007/proceedings/p20_dirik.pdf
More on PassPoints!
Studies on visual attention and eye movements show that most images contain a few portions that humans typically focus on - so-called image “hotspots”. This study seeks to device a model that enables the prediction of the entropy in a given image. Such a model would enable the design of automatic “dictionary” attacks [...]
http://cups.cs.cmu.edu/soups/2007/proceedings/p13_kumar.pdf
Passwords are generally entered through keyboard, mouse, touch screen, or keypad. All of these are subject to shoulder surfing. The paper proposes using a gaze-based entry method rather than actually having to enter the password on a keypad, which avoids both shoulder-surfing and possibly keystroke logging.
Most approaches to combat shoulder surfing add noise/ambiguity for [...]
Awarded SOUPS 2007 Best Paper
http://cups.cs.cmu.edu/soups/2007/proceedings/p1_chiasson.pdf
PassPoints is a system where the user clicks five points on an image instead of entering a textual password. The original studies were undertaken by Susan Wiedenbeck, et al. (click here for more info). They found that entry was slower than text but equally memorable and that the smallest acceptable tolerance [...]
http://cups.cs.cmu.edu/soups/2007/proceedings/p100_botta.pdf
This paper seeks to survey how companies in different sectors actually handle security incidents. Thus far they’ve had trouble getting input from outside of academia. They analyzed their results using grounded theory. Their main findings were that handling of security incidents is seldom handled by a single individual, but rather is typically handled by a [...]
http://cups.cs.cmu.edu/soups/2007/proceedings/p88_sheng.pdf
Researches proposed an on-line game intended to teach users about phishing. Users were shown 10 URLs before training and another 10 after, and were trained either using the game or other methods of anti-phishing training. The results suggested that people learned about phishing better through using this game than through traditional phishing training techniques.
The paper [...]
Hi! If you’re attending SOUPS, please help us blog the sessions, and use this blog for discussing topics related to the presentations and the conference. You can create yourself an account on this site by following this registration link. Enjoy the conference!
There was some questions this morning about “zombie computers” - computers that are infected such that they can be controlled by someone else.
An introductory article can be found on Wikipedia at http://en.wikipedia.org/wiki/Zombie_computer