![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
a_cubedSandy Clark, University of Pennsylvania
The Honeymoon Period and Secuity Development
Bug identification models don’t work for vulnerability identification.
Casinos have developed good approaches to patching exploits in their systems (general systems, not just computer-based systems).
Scams are the “buffer overflow errors” of human consciousness.
Attackers adapt, so defenders must adapt.
Evolutionary Biology model for Parasite/Host competing evolution (the Red Queen Hypothesis everyone must run in place to maintain the best outcome, which is not a perfect system).
Modelling the defender is not enough. We need to model the attacker. More importantly, we need to model the interaction and the violation of assumptions is one of the key eleents of this.
Richard Clayton, Cambridge
Devo estar falando Portugues? (Should I speak Portugese)
IM Worms.
Portuguese-specific short IMs for infection have significanly higher numbers of click at peak than “language-independent” ones.
Cormac Herley, Microsoft
Fraud
Anything I do with a password can be repudiable.
We should be teaching check(cheque)-clearing rules instead of Byzantine security tips.
Markus Jacobsson, PayPal
What are password strength checkers actually doing?
Strength checker? Fast Runner? Has Tail, Has Black marks, Has Yellow surface, Has Dots? Result is a budgie not a leopard.
Determine the user’s mental process for creating (strong) passwords.
Comment by Richard Clayton: passwords for porn sites need to be enterable with only one hand.
Eric Johnson, Dartmouth College
Fraud in Healthcare
US healthcare costs are $2.5T. Farud is estimated at some hundreds of billions of dollars.
Medical Identity Theft?
The US medical system is setup to provide opportunities for fraud. Particularly dueto the pay-and-chase model.
Very easy to join medicare/medicaid as a payee, just a bureaucratic process.
Geting hold of identity ius not hard. The monetisation model is the keydevelopment.
Grainne Kirwin, Inst of Tech, Ireland
Psychology of Cybercrime
Interrested in victims of cybercrime. Why are they targetted, how do they react?
Trait anxiety, rather than state anxiety (Big-5?): how does it compare to susceptibility to fraud?
Victim facilitation and precipitation. Insult someone and they hit you (precipitation). Leave your keys on the bar (facilitation).
Considering how facilitation relates to liability. Most people will indicate that faciltative victims should be more liable.
David Modic, Exeter
Risk and Internet Scams
Ego-depletion, materlialism, marketing (susceptibility to being scammed).
Ego-depletion has no effect on falling for a scam.
No materialism measure has ay impact.
Appeal is very limited effect.
Scammers offer money not goods and intangibles.
| Originally published at blog.a-cubed.info |
![[identity profile]](https://www.dreamwidth.org/img/silk/identity/openid.png){kind=small}
no subject
Date: 2012-06-05 11:17 am (UTC)A larger part of the fraud in the US system (and this is more likely to be replicated in other systems) is provider fraud where the provider either over-treats (or in particualr over-tests) or claims for tests/treatments that have not been done. That's not to do with whether there is universal coverage but with the motives of the provider. When providers are non-profit or, as in the UK, public sector, there is little or no incentive to do such things, but where the provision is provided on a for-profit basis and different organisations decides what is medically necessary and pay for that treatment then there is also incentive for fraud. This is one of the good arguments against the proposals of the current UK government on privatising much of the provision in the NHS. Introduce profit as a motive for providing service and you also introduce profit as a motive for fraud. At present the NHS is more likely to under-treat than over-treat due to financial incentives. Introduce profit and over-treatment may become a problem as in the US. I don't know what hybrid systems like the Japanese one generate in the way of fraud but I would suspect it's less than the US but more than the UK.