Global ETD Search

81	Public certificate management : An analysis of policies and practices used by CAs / Offentlig certifikathantering : En analys av policys och praxis som används av CAs Bergström, Anna, Berghäll, Emily January 2021 (has links) Certificate Authorities (CAs) carry a huge responsibility in today's internet security landscape as they issue certificates that establish secure end-to-end connections. This thesis conducts a policy review and survey of CAs' Certificate Policies and Certificate Practice Statements to find similarities and differences that could lead to possible vulnerabilities. Based on this, the thesis then presents a taxonomy-based analysis as well as comparisons of the top CAs to the Baseline Requirements. The main areas of the policies that were focused on are the issuance, revocation and expiration practices of the top 30 CAs as determined by the use of Tranco's list. We also determine the top CA groups, meaning the CAs whose policies are being used by the most other CAs as well as including a top 100 CAs list. The study suggests that the most popular CAs hold such a position because of two main reasons: they are easy to acquire and/or because they are connected to several other CAs. The results suggest that some of the biggest vulnerabilities in the policies are what the CAs do not mention in any section as it puts the CA at risk for vulnerabilities. The results also suggest that the most dangerous attacks are social engineering attacks, as some of the stipulations for issuance and revocations make it possible to pretend to be the entity of subscribes to the certificate rather than a malicious one. Certificate Issuance Revocation Expiration Certificate Authority Certificate Policy Certificate Practice Statement Certificate Management Policy review Social engineering CA/Browser forum Baseline Requirements Computer Sciences Datavetenskap (datalogi)
82	Har utbildningsbakgrund någon påverkan på "Phishabilty"? Grönberg, Alfred, Folemark, Patrik January 2021 (has links) Phishing är en metod som används av angripare på nätet för att lura sitt offer att dela med sig av känslig information som bankuppgifter, lösenord eller användaruppgifter. Författarnas syfte med denna studie är att undersöka ifall det är skillnad på utsattheten för phishing beroende på utbildningsbakgrund. Om de med utbildningsbakgrund inom IT eventuellt presterar bättre än de utan den bakgrunden eller om det går att hitta andra samband varför vissa lättare faller offer för phishing. I takt med att system blir allt säkrare blir den mänskliga faktorn den svaga länken. För är det något som är säkert är det att människor begår misstag och gör fel. Det handlar därför om att minimera dessa risker och ständigt vara i framkant för att bemöta cyberkriminaliteten. Det är viktigt att hitta svaren varför någon faller för phishing och hur det går att stärka människors förmåga att identifiera en phishing attack innan det är försent eftersom det annars kan få negativa konsekvenser. Resultaten togs fram genom en enkät där förmågan att identifiera phishing e-mails undersöktes. Det gjordes med hjälp av ett test där respondenterna fick en verklighetstrogen bild av olika phishing metoder i form av e-mails där det skulle identifiera om e-mailen var phishing eller autentiskt. Undersökningens resultat visar att de med utbildningsbakgrund inom IT hade lättare att dissekera vilka som var phishing och vilka som var autentiska. Denna undersökning replikerade även tidigare studiers resultat att kvinnor som grupp är något mer mottagliga för phishing. Phishing social engineering e-mail phishability Computer Systems Datorsystem Communication Systems Kommunikationssystem Information Systems, Social aspects
83	Estimating human resilience to social engineering attacks through computer configuration data : A literature study on the state of social engineering vulnerabilities / Uppskattning av försvar motattacker som använder social manipulering genom datorkonfigurationsdata Carlander-Reuterfelt Gallo, Matias January 2020 (has links) Social engineering as a method of attack is increasingly becoming a problem for both corporations and individuals. From identity theft to enormous financial losses, this form of attack is notorious for affecting complex structures, yet often being very simple in its form. Whereas for other forms of cyber- attack, tools like antivirus and antimalware are now industry standard, have proven to be reliable ways to keep safe private and confidential data, there is no such equivalent for social engineering attacks. There is not, as of this day, a trustworthy and precise way of estimating resilience to these attacks, while still keeping the private data private. The purpose of this report is to compile the different aspects of a users computer data that have been proven to significantly indicative of their susceptibility to these kinds of attacks, and with them, devise a system that can, with some degree of precision, estimate the resilience to social engineering of the user. This report is a literature study on the topic of social engineering and how it relates to computer program data, configuration and personality. The different phases of research each led to a more comprehensive way of linking the different pieces of data together and devising a rudimentary way of estimating human resilience to social engineering through the observation of a few configuration aspects. For the purposes of this report, the data had to be reasonably accessible, respecting privacy, and being something that can be easily extrapolated from one user to another. Based on findings, ranging from psychological data and behavioral patterns, to network configurations, we conclude that, even though there is data that supports the possibility of estimating resilience, there is, as of this day, no empirically proven way of doing so in a precise manner. An estimation model is provided by the end of the report, but the limitations of this project did not allow for an experiment to prove its validity beyond the theories it is based upon. / Social Manipulering som attackmetod har blivit ett ökande problem både för företag och individer. Från identitetsstöld till enorma ekonomiska förluster, är denna form av attack känd för att kunna påverka komplexa system, men är ofta i sig mycket enkel i sin form. Medans andra typer av cyberattacker kan skyddas med verktyg som antivirus och antimalware och tillförlitligt hålla privat och konfidentiell information säker så finns det inga motsvarande verktyg för att skydda sig mot Social Manipulering attacker. Det finns alltså inte idag ett pålitligt och säkert sätt att motstå Social Manipulering attacker och skydda personliga uppgifter och privat data. Syftet med denna rapport är att visa olika aspekterna hur datoranvändares data är sårbarhet för dessa typer av attacker, och med dessa utforma ett system som med viss mån av precision kan mäta resiliens mot Social Manipulering. Rapporten är ett resultat av studier av litteratur inom ämnet Social Manipulering och hur den relaterar sig till datorns data, konfiguration och personuppgifter. De olika delarna av utredningen leder var och en till ett mer omfattande sätt att koppla samman de olika uppgifterna och utforma ett rudimentärt sätt att uppskatta en persons resiliens mot Social Manipulering, detta genom att observera olika aspekter av datorns konfiguration. För syftet av rapporten så har uppgifterna varit rimligt tillgängliga, har respekterat integriteten och varit något som lätt kan anpassas från en användare till en annan. Baserat på observationerna av psykologiska data, beteendemönster och nätverkskonfigurationer, så kan vi dra slutsatsen att även om det finns data som stöder möjligheten att uppskatta resiliens, finns det idag inget empiriskt bevisat sätt att göra det på ett exakt sätt. En exempel av modell för att uppskatta resiliens finns i slutet av rapporten. Ramen för detta projekt gjorde det inte möjligt att göra ett praktiskt experiment för att validera teorierna. Internet security Social engineering Phishing Privacy Computer configuration Psychology. Internet säkerhet Social manipulering Phishing Integritet Datorkonfiguration Psykologi. Other Computer and Information Science Annan data- och informationsvetenskap
84	Resolving the Password Security Purgatory in the Contexts of Technology, Security and Human Factors Adeka, Muhammad I., Shepherd, Simon J., Abd-Alhameed, Raed 22 January 2013 (has links) Yes / Passwords are the most popular and constitute the first line of defence in computer-based security systems; despite the existence of more attack-resistant authentication schemes. In order to enhance password security, it is imperative to strike a balance between having enough rules to maintain good security and not having too many rules that would compel users to take evasive actions which would, in turn, compromise security. It is noted that the human factor is the most critical element in the security system for at least three possible reasons; it is the weakest link, the only factor that exercises initiatives, as well as the factor that transcends all the other elements of the entire system. This illustrates the significance of social engineering in security designs, and the fact that security is indeed a function of both technology and human factors; bearing in mind the fact that there can be no technical hacking in vacuum. This paper examines the current divergence among security engineers as regards the rules governing best practices in the use of passwords: should they be written down or memorized; changed frequently or remain permanent? It also attempts to elucidate the facts surrounding some of the myths associated with computer security. This paper posits that destitution of requisite balance between the factors of technology and factors of humanity is responsible for the purgatory posture of password security related problems. It is thus recommended that, in the handling of password security issues, human factors should be given priority over technological factors. The paper proposes the use of the (k, n)-Threshold Scheme, such as the Shamir’s secret-sharing scheme, to enhance the security of the password repository. This presupposes an inclination towards writing down the password: after all, Diamond, Platinum, Gold and Silver are not memorised; they are stored. / Petroleum Technology Development Fund Guidelines Internet Education Human factors Computer crime Purgatory Technology Cryptography Computer security Social engineering Human hacking Socio-cryptanalysis Password Password repository
85	The human element in information security : an analysis of social engineering attacks in the greater Tshwane area of Gauteng, South Africa Van Rensburg, Kim Shandre Jansen 06 1900 (has links) Criminology and Security Science / D. Litt. et Phil. (Criminology) Criminological theories Hacking Impersonation Information security Personal information Phishing Privacy Risk Social engineering Social networks Threat Vulnerability Multi-inter-transdisciplinary (MIT) 005.80968227
86	Building Social Capital : A Field Study of the Active, Beautiful and Clean Waters (ABC Waters) Programme in Singapore Tovatt, Oliver January 2015 (has links) This thesis presents a field study examining the effect of the Active, Beautiful and Clean Waters (ABC Waters) Programme in Singapore on social capital. Based on a multi-disciplinary approach and following the theoretical framework of bonding and bridging social capital developed by Robert Putnam and others, three different cases of the ABC Programme were compared, looking particularly at the level of blue-green landscape integration. The three cases comprised the ABC flagship project ‘Bishan-Ang Mo Kio Park’ with high level of blue-green integration as well as the green and the grey section of the Ulu Pandan Park Connector with medium and low level of blue-green integration, respectively. Quantitative data was obtained by counting the share of park users engaged in social interaction and by surveying 330 park users on the perceptions of social interaction and integration. In addition to the quantitative data, a total of 60 face-to-face interviews were carried out in the three park areas, providing an in-depth understanding of the perceptions of the surrounding areas. The study concludes that the ABC Waters Programme is a strong generator of social capital, offering an attractive place for social bonding and to some extent also for social bridging. Singapore social capital landscape perceptions blue-green infrastructure social engineering bioengineering social architecture social sustainability water infrastructure biophilia socialt kapital landskapsarkitektur blågrön infrastruktur social ingenjörskonst social stadsplanering robert putnam
87	Bezpečnostní rizika sociálních sítí a jejich prevence / Security risks of social networks and their prevention Nguyen, Sao Linh January 2018 (has links) This diploma thesis deals with the issue of security risks and threats of social networks. The work includes basic information about the most popular online social networks such as Facebook, Twitter and Instagram. The work analyzes the development and use of the above mentioned networks. In addition, there are the risks and dangers of communicating on social networks and recommendations for safe use.
88	L'ingénierie sociale : la prise en compte du facteur humain dans la cybercriminalité / Social engineering : the importance of the human factor in cybercrime Gross, Denise 08 July 2019 (has links) La révolution numérique a favorisé l’apparition d’une nouvelle forme de criminalité : la cybercriminalité. Celle-ci recouvre un grand nombre de faits dont la plupart sont commis à l’aide de stratégies d’ingénierie sociale. Il s’agit d’un vieux phénomène, pourtant mal connu qui, encouragé par l’accroissement de données circulant sur Internet et par le développement de barrières techniques de sécurité, s’est adapté aux caractéristiques de l’univers virtuel pour une exploitation combinée des vulnérabilités « humaines » avec des outils numériques. L’ingénierie sociale transforme les utilisateurs qui deviennent, inconsciemment, facilitateurs des cyberattaques, au point d’être perçus comme le « maillon faible » de la cybersécurité. Les particuliers, les entreprises et les Etats sont tous confrontés au défi de trouver une réponse à ces atteintes. Cependant, les moyens juridiques, techniques, économiques et culturels mis en place semblent encore insuffisants. Loin d’être éradiquée, l’utilisation de l’ingénierie sociale à des fins illicites poursuit son essor. Face au manque d’efficacité de la politique criminelle actuelle, le travail en amont nous apparaît comme une piste à explorer. Savoir anticiper, détecter précocement et réagir promptement face à la délinquance informatique sont alors des questions prioritaires nécessitant une approche plus humaniste, axée sur la prévention et la coopération. Si nous sommes d’accord sur ce qu’il reste à faire, le défi est de trouver le« comment ». / The digital revolution has encouraged the emergence of a new type of criminal activity : cyber-crime. This includes a vast array of activities and offences that often use social engineering techniques. These techniques are old and not widely understood, yet benefit from the increase of data available online and the use of firewalls and other security systems. They have been adapted to work with the Internet and digital technologies in order to exploit the “vulnerabilities” of human psychology. Social engineering targets the user, who often unconsciously, allows access to systems or data, making the user the weakest link in the cyber-security chain. Individuals, companies and governments are all facing the same challenge in trying to solve these issues, utilising current legal, financial, technological and social resources which seem to be insufficient. Far from being eradicated, fraudulent activities that use social engineering continue to increase in prevalence. The inefficiency of current judicial polices forces us to consider alternative strategies upstream. Being proactive, predicting early and reacting quickly to computer related crimes should be the priority of a more humanistic approach which is focused on prevention and cooperation. Although one can agree on the approach ; the challenge is to find out how to implement it. Ingénierie sociale Facteur humain Information Manipulation Internet Intelligence économique Cybercriminalité Criminalité organisée Politique criminelle Cybersécurité Social engineering Human factor Data Psychological manipulation Internet Economic intelligence Cybercrime Organized crime Criminal policy Cybersecurity 340
89	Personality Traits and Resistance to Online Trust Exploitation Vaishnavi Mahindra (16642734) 07 August 2023 (has links) <p>Social engineering attacks, especially trust exploitation, have become a focus of attention</p> <p>for cybercriminals attempting to manipulate or deceive users to take actions that further</p> <p>expose their vulnerabilities. This has also become a budding field for researchers as these</p> <p>interactions are based on complex social equations that are constantly taken advantage of.</p> <p>Identifying the "weakest link" is a popular method of identifying how these exploits take</p> <p>place, generally by observing when individuals fall for a social engineering attack. However,</p> <p>valuable insights may be used to harden security by observing patterns in users resistant</p> <p>or vigilant to these attacks. Primarily, this trend may be discovered in resistant users’</p> <p>personality traits. This has been found to be a more accurate indicator of behavior than</p> <p>self-reported intentions. Survey responses (n=120) indicate correlations between high test</p> <p>scores in trust exploitation exercises and Conscientiousness in the Big 5 Personality Model</p> <p>(p<0.001). No significant correlation was seen between self-reported cybersecurity habits</p> <p>and actual security behavior.</p> Human-computer interaction Information security management Personality and individual differences Personality assessment -- Research Cybersecurity Social Engineering Survey Five Factor Model (FFM) of personality Phishing Information Security
90	MIXED-METHODS ANALYSIS OF SOCIAL-ENGINEERING INCIDENTS Grusha Ahluwalia (13029936) 29 April 2023 (has links) <p> </p> <p>The following study is a research thesis on the subject matter of Social Engineering (SE) or Social Engineering Information Security Incidents (SEISI). The research evaluates the common features that can be used to cover a social engineering scenario from the perspectives of all stakeholders, at the individual and organizational level in terms of social engineering Tactics, Techniques, and Procedures (TTP). The research utilizes extensive secondary literary sources for understanding the topic of Social Engineering, highlights the issue of inconsistencies in the existing frameworks on social engineering and, addresses the research gap of availability of reliable dataset on past social engineering incidents by information gathered on the common themes of data reported on these. The study annotates salient features which have been identified in several studies in the past to develop a comprehensive dataset of various social engineering attacks which could be used by both computational and social scientists. The resulting codebook or the features of a social engineering are coded and defined based on Pretext Design Maps as well as industry standards and frameworks like MITRE ATT&CK, MITRE CVE, NIST, etc. Lastly, Psychological Theories of Persuasion like Dr. Cialdini’s principles of persuasion, Elaboration Likelihood Model, and Scherer’s Typology of Affective Emotional States guides the psychological TTPs of social engineering evaluated in this study. </p> Digital forensics Information security management Social psychology Social Engineering attacks Threat Modelling Principles of Influence & Persuasion MITRE ATT&CK framework

Search results