Alas, here marks the close of SOUPS 2007. I hope you enjoyed all the posts. Let’s keep the discussion going!
Don’t forget to add your paper to the HCISEC Bibliography, and to join the HCISEC Yahoo! group if you’re not already a member.
See y’all at SOUPS 2008.
http://cups.cs.cmu.edu/soups/2007/proceedings/p132_krstic.pdf
It is simply the case that there is a huge number of children in the world with little to no access to a quality education system. There are people working on building schools and creating infrastructure, but that is no reason not to try and get laptops out there now. The OLPC laptop is incredibly [...]
http://cups.cs.cmu.edu/soups/2007/proceedings/p122_lieberman.pdf
This study explored user errors related to e-mail, specifically focusing on “Reply All” or unexpected “Reply To” headers sending responses back to the list. The consequences are usually just embarrassing, but can be serious. The researchers suggest that even if digitally signed and sealed email becomes widely used, people will still make these errors. The [...]
http://cups.cs.cmu.edu/soups/2007/proceedings/p112_conti.pdf
Data gathering and retention is becoming an ever greater part of using the Internet. Users can choose not to be users, or they can choose to give away their data. Google was used as an example of such a data gatherer, though it was also mentioned that Google has announced that it will only retain [...]
Marcia Lausen, http://www.designfordemocracy.org/
Marcia began the talk with a review of the infamous Florida ballot that plagued the US 2000 presidential elections. She then moved on to demonstrate an almost unbelievably worse ballot from a judicial circuit election in Chicago, which she offered to redesign. The redesigned ballot was inarguably clearer and easier to understand, raising [...]
http://cups.cs.cmu.edu/soups/2007/program.html#discuss
Have notes from your discussion session that you’d like to share w/ those that attended one of the other ones? Post them here!
UW2SP: Usable Web 2.0 Security & Privacy
Moderator: Larry Koved (IBM T.J. Watson Research Center)
The goal of this discussion session is to establish new collaborations in topics related to usable security for Web 2.0 [...]
http://cups.cs.cmu.edu/soups/2007/proceedings/p76_brustoloni.pdf
Users not only ignore dialogs, but will lie to them if doing so is necessary to achieve the desired behavior. This research employs polymorphic dialogs that change each time to keep the user from learning/giving automatic answers. Polymorphic dialogs deliberately vary the dialog such that the consequence of automatic answers becomes unpredictable and thus requires [...]
Introduction
Steven Myers
Historically most online banking done with password (single-factor authentication) with the password communicated over SSL/TLS secured channel. Unfortunately, this system is vulnerable to phishing. The FDIC and FFIEC required that all banks have “enhanced” login by the end of 2006. Most banks took this to mean two-factor authentication.
SSL is simply not understood by users, [...]
http://cups.cs.cmu.edu/soups/2007/proceedings/p64_bauer.pdf
Grey is a smartphone-based discretionary access-control system developed at CMU which allows for various forms of physical and digital access. The user can select the resource for which to present authorization from the cell phone screen, and the cell phone transmits a credential to the reader guarding the resource. If the user does not directly [...]
http://cups.cs.cmu.edu/soups/2007/proceedings/p52_krishnamurthy.pdf
Diffusion of private information to third-party sites is a growing issue. Such diffusion occurs without direct knowledge of the users (done by browser). Third-party sites gain knowledge about users (e.g. IP addresses, cookies), and knowledge allows user access to first-party sites to be aggregated and correlated. Primary goal of this work is to examine techniques [...]
http://cups.cs.cmu.edu/soups/2007/proceedings/p41_clark.pdf
This paper compares four deployment methods of Tor for Firefox. There are numerous identifiers used while surfing the web, including those that are self-volunteered (pseudonyms, e-mail addresses, etc.), server-assigned identifier, and protocol-based (i.e. IP address). Tor itself actually only addresses the IP address. Tor is often combined with Vidalia, Privoxy, Torbutton, and/or FoxyProxy.
In most [...]
http://cups.cs.cmu.edu/soups/2007/proceedings/p29_jensen.pdf
iWatch is a webcrawler which builds a central database of global online data practices. It starts with a seed list of the top 50 websites as reported by Comscore Media Metrix and indexes privacy related practices including cookies, webbugs, P3P, etc., while post-processing indexes data by domain, by country, cross-references lists of privacy seals, fetches [...]