![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
a_cubedPam Briggs, Northumbria
A “Family and Friends” Perspective on Privacy and Security
Prevailing rhetoric is that privacy and security operate at a personal level – with individual decisions.
Too little attention paid to inadvertent disclosure in social or family networks.
Location-based services – one of the potentially most disruptive applications for privacy in the next few years.
Ubicomp in a family setting.
Facebook account hacked – three facebook friends to provide re-authentication.
Jaeyon Jung, Microsoft
Tools to Analyse Personal Data Exposure Through Apps & Developing UIs for Control
Problem is that access to information by Apps is often “all or nothing” for classes and without certain classes the app cannot be used at all – even if the app does not need it, depending on how it is programmed.
Some participants in a study of smartphone app data transfer were unsurprised – this is the price you pay for “free” apps. Others were surprised at things like the collection and transfer of location data when the app did not need it. Others felt they were not bothered by the collection per se, but wanted to know who had the data.
Some participants planned to uninstall particular apps (e.g. Angry Birds) because of their data collection. Some felt that the option of disclose or don’t use was not a good situation.
We need better user experiences for users in knowing about and controlling the information their smartphones give out.
Rob Reeder, Microsoft
NEAT guidance for usable software security
RSA data release started with a spear phishing attack based on an XL.
Security guidance to users in MS products should now follow NEAT: Necessary, Explained, Actionable, Tested.
Christoph Paar, Ruhr University
Real World Hacks
How do attackers learn their trade? With better information about how attackers develop their approaches, then we can potentially improve the defences. Obfuscation may be more use than its reputation (security by obscurity) gives it credit for.
Frank Stajano, Cambridge
The quest to replace passwords
Passwords have really poor usability. Does this mean we get good security? No.
Predictions of the demise of the password have ben greatly exaggereated. We use more and more passwords every year.
Make sense of what has been done – those who fail to study history are doomed to repeat it.
Evaluation framework for authentication systems.
Passwords are not going to die any time soon. Many schemes are better than passwords on security. Some schemes are better on usability than passwords, but most are worse. All are worse on deployability.
Jeff Yan, Newcastle University
Does psychological profiling predict MMORPG cheaters
There are many technical solutions to analysing in-game behaviour to identify cheating. Is it possible to identify likely cheaters with a psychological test. What about the issue of potential cheaters cheating on the questionnaire.
| Originally published at blog.a-cubed.info |
