Usability Testbed for Website Authentication Technologies
|
|
- Asher Ford
- 5 years ago
- Views:
Transcription
1 Usability Testbed for Website Authentication Technologies Maritza Johnson, Chaitanya Atreya, Adam Aviv, Mariana Raykova, Bryan Gwin, and Steve Bellovin 1
2 Financial Services Technology Consortium: Authenticating the Financial Institution to the Customer 2
3 Overview Problem description Usability Testbed User study design Test harness Results Microsoft CardSpace Verisign Secure Letterhead 3
4 How does a user know what site they re on? 4
5 5
6 But Users Rely On 6
7 Phishing 7
8 Proposed Solutions New login procedures Anti-phishing toolbars Displaying additional information in the browser 8
9 Deploying New Technologies The implementation might be decent, but is it usable? 9
10 Defining Usability Spoofability Learnability Acceptability 10
11 Is a Testbed Necessary? Need a mechanism for evaluating technologies before they re deployed Need a design that takes into account each aspect of our usability definition Results gathered from different user study designs are seldom directly comparable 11
12 Evaluation After Deployment Text Text Schechter, Stuart E.; Dhamija, Rachna; Ozment, Andy; Fischer, Ian, "The Emperor s New Security Indicators," Security and Privacy, SP '07. IEEE Symposium on, vol., no., pp.51-65, May
13 Usability Testbed User Study Design Test Harness 13
14 User Study Design Must evaluate each aspect of our usability definition Must avoid creating an unrealistic focus on security Must have tasks on online banking sites without collecting sensitive personal data 14
15 Method of Evaluation In lab study Survey Tasks self-reported feedback between tasks Post study questionnaire 15
16 Evaluating Spoofability Trick the participant into going to spoofed sites Measure if the participant enters personal information on a spoofed site Study Design Send tasks by , make half of them phishing s Give the option to not complete a task 16
17 Evaluating Learnability Does the user notice the technology is in place? Is effective use possible without instruction? Do instructions contribute to better use? Study Design Separate the tasks by an instructional Compare number of successful spoofs before and after instructions 17
18 Evaluating Acceptability Does the user feel the task warrants the process? Does the user recognize value in the process? Study Design Questions to draw feedback in post-study questionnaire 18
19 Additional Design Questions Role to justify using someone else s account information Wording of the post-task and post-study questionnaires Describing the study purpose without focusing on security 19
20 Session Overview Consent Form Survey Instructions, role, account information 8 tasks alternating real and spoof (4/4) post-task questionnaire task 5 - instructions Post-study questionnaire
21 Test Harness Proxy to serve the webpages Real pages Spoofed pages script Beacons for logging page transitions s 21
22 Testing the Testbed Validate the process and show useful data can be collected with our methodology Demonstrate two different technologies can be tested 22
23 IRB Approval Institutional Review Board IRB training (~ 45 min) Human subjects protocol Consent Form Meetings every 2 weeks Must submit 2 weeks prior to meeting 23
24 Human Subjects Protocol Study purpose and design Participant recruiting Confidentiality and storage of data Potential risks and benefits 24
25 Pilot Two sessions Improved the websites used in the study Reworded some of the s and questions 25
26 Recruiting Posters around campus (4) Facebook Marketplace (1) Craigslist (13) 18 participants Cardspace (13) Secure Letterhead (5) 26
27 Microsoft CardSpace 27
28 CardSpace Participants 4 female, 9 male (age 18-60) All spend >20 hours/week on the Internet All but one use online banking Webmail: Gmail, Hotmail, Yahoo 1 victim of identity theft (IT) Browser: Firefox, IE, Safari, Opera Paypal, Wamu, Bank of America, Ebay, Chase 28
29 Without Instructions 12/13 commented they were confused in task 1 11/13 didn t notice anything suspicious recognized the spoof after submitting info 11/13 fell for the second spoof recognized the spoof without entering info IT only used the URL to make their decision 6 commented it was intuitive in the post-study Q 29
30 After Instructions 2 were still confused in the task that followed 3/13 didn t fall for the first spoof 2 cited the instructions 3/13 didn t fall for the second spoof 1 cited the instructions 1 remarked the site just looked fake One who didn t fall for the previous spoof fell for the second one 30
31 Post-Study Feedback The amount of time required 4 - Slightly too much 6 - perfect amount The information provided: 6 - is useful and seems necessary 5 - appears useful but might not be necessary 2 - is not useful at all 31
32 Secure Letterhead 32
33 Simple Spoof 33
34 Secure Letterhead Participants 2 female, 3 male (age 18-50) Webmail: Gmail, Hotmail Browser: Firefox, Safari, IE All spend >20 hours/week on the Internet ING, Amazon, Paypal, Wamu, Amex, Ebay 1 person was knowledgeable about phishing 34
35 Without Instructions The first spoof fooled all 5 participants One participant realized they were spoofed and wasn t spoofed again, but Secure Letterhead did not play a part in their decision Prior to the instructions, nobody noticed Secure Letterhead in the chrome and no one attempted to access the pop up for more info 4/5 fell for the second spoof 35
36 After Instructions 5/5 attempted to check for it in the task immediately following One commented the instructions were incorrect and the logo was on the left The previously phished didn t complete the task and stated they didn t trust the information One stated the was too wordy, then tried to click the logo in the page content In the remaining 3 tasks, the information was accessed on 2 occasions, once was after a user had been redirected by the phishing page to the real page 36
37 Post-Study Feedback Curious about how easy it would be to fabricate 3/5 reported they would remember to check for the logotype before doing something important 2/5 stated they wouldn t have figured out how to use it without instructions Information doesn t seem useful Information seems useful, but maybe not necessary. 37
38 Testbed Strengths Our testbed can be used for a range of website authentication technologies with only slight modifications. Comparisons between technologies can be done easily with the data collected. Larger studies can be ran to collect a statistically significant amount of data. 38
39 Testbed Weaknesses Asking the participants to play a role may lead to them acting less secure Self reported data is not always reliable Direct observation can yield more insight Effect of the lab setting on results is unknown Not able to evaluate performance over time 39
RUST: A Retargetable Usability Testbed for Website Authentication Technologies
RUST: A Retargetable Usability Testbed for Website Authentication Technologies Maritza L. Johnson Mariana Raykova Chaitanya Atreya Steven M. Bellovin Adam Aviv Gail Kaiser Abstract Website authentication
More informationThe Highly Insidious Extreme Phishing Attacks
The Highly Insidious Extreme Phishing Attacks Rui Zhao, Samantha John, Stacy Karas, Cara Bussell, Jennifer Roberts, Daniel Six, Brandon Gavett, and Chuan Yue Colorado School of Mines, Golden, CO 80401
More informationPrivate Browsing: an Inquiry on Usability and Privacy Protection
Private Browsing: an Inquiry on Usability and Privacy Protection Xianyi Gao*, Yulong Yang*, Huiqing Fu*, Janne Lindqvist*, Yang Wang+ *Rutgers University +Syracuse University Published in WPES 2014 What
More informationSecurity and Privacy
E-mail Security and Privacy Department of Computer Science Montclair State University Course : CMPT 320 Internet/Intranet Security Semester : Fall 2008 Student Instructor : Alex Chen : Dr. Stefan Robila
More informationRobust Defenses for Cross-Site Request Forgery
Robust Defenses for Cross-Site Request Forgery Tsampanaki Nikoleta Lilitsis Prodromos Gigis Petros Paper Authors: Adam Barth, Collin Jackson, John C. Mitchell Outline What is CSRF attack? What is a login
More informationRobust Defenses for Cross-Site Request Forgery
University of Cyprus Department of Computer Science Advanced Security Topics Robust Defenses for Cross-Site Request Forgery Name: Elena Prodromou Instructor: Dr. Elias Athanasopoulos Authors: Adam Barth,
More informationPortal Recipient Guide. The Signature Approval Process
Portal Recipient Guide The Signature Approval Process Contents 1 Introduction... 3 2 Account Activation... 3 3 Document Signing... Error! Bookmark not defined. 4 Authenticating your Device & Browser...
More informationUsing Contextual Information to Improve Phishing Warning Effectiveness. Satyabrata Sharma
Using Contextual Information to Improve Phishing Warning Effectiveness by Satyabrata Sharma A Thesis Presented in Partial Fulfillment of the Requirement for the Degree Master of Science Approved April
More informationBrowser Support Internet Explorer
Browser Support Internet Explorer Consumers Online Banking offers you more enhanced features than ever before! To use the improved online banking, you may need to change certain settings on your device
More informationRobust Defenses for Cross-Site Request Forgery Review
Robust Defenses for Cross-Site Request Forgery Review Network Security Instructor:Dr. Shishir Nagaraja Submitted By: Jyoti Leeka October 16, 2011 1 Introduction to the topic and the reason for the topic
More informationELECTRONIC BANKING & ONLINE AUTHENTICATION
ELECTRONIC BANKING & ONLINE AUTHENTICATION How Internet fraudsters are trying to trick you What you can do to stop them How multi-factor authentication and other new techniques can help HELPING YOU STAY
More informationUser Authentication + Other Human Aspects
CSE 484 (Winter 2010) User Authentication + Other Human Aspects Tadayoshi Kohno Thanks to Dan Boneh, Dieter Gollmann, John Manferdelli, John Mitchell, Vitaly Shmatikov, Bennet Yee, and many others for
More informationIMPORTANT SECURITY CHANGES LOGGING ON. We are replacing the existing enhanced authentication.
IMPORTANT SECURITY CHANGES We are replacing the existing enhanced authentication. All users will be required to reenroll in enhanced authentication. When you are prompted to reenroll, you will be asked
More informationSecurity and Human Factors. Maritza Johnson
Security and Human Factors Maritza Johnson maritzaj@cs.columbia.edu 1 2 Usability the extent to which a product can be used by specified users to achieve specified goals with effectiveness, efficiency
More information<input type="password"> must die!
must die! Daniel R. Sandler and Dan S. Wallach W2SP 2008: Web 2.0 Security & Privacy 2008 May 22, 2008 1 PROBLEM (SOLUTION) This talk is about a big problem. 2 And a small solution.
More informationEnd-to-End Measurements of Spoofing Attacks. Hang Hu, Gang Wang Computer Science, Virginia Tech
End-to-End Measurements of Email Spoofing Attacks Hang Hu, Gang Wang hanghu@vt.edu Computer Science, Virginia Tech Spear Phishing is a Big Threat Spear phishing: targeted phishing attack, often involves
More informationAdobe Security Survey
Adobe Security Survey October 2016 Edelman + Adobe INTRODUCTION Methodology Coinciding with National Cyber Security Awareness Month (NCSAM), Edelman Intelligence, on behalf of Adobe, conducted a nationally
More informationCSCE 813 Internet Security Case Study II: XSS
CSCE 813 Internet Security Case Study II: XSS Professor Lisa Luo Fall 2017 Outline Cross-site Scripting (XSS) Attacks Prevention 2 What is XSS? Cross-site scripting (XSS) is a code injection attack that
More informationPortal Recipient Guide For Virtual Cabinet
Portal Recipient Guide For Virtual Cabinet Contents 1 Introduction... 3 2 Account Activation... 3 3 Forgotten Password... 6 4 Authenticating your Device & Browser... 9 5 Troubleshooting... 13 Page 2 of
More informationUsability Report for Online Writing Portfolio
Usability Report for Online Writing Portfolio October 30, 2012 WR 305.01 Written By: Kelsey Carper I pledge on my honor that I have not given or received any unauthorized assistance in the completion of
More informationAges Donʼt Fall for Fake: Activity 1 Don t bite that phishing hook! Goals for children. Letʼs talk
Ages 11-14 Donʼt Fall for : Activity 1 Don t bite that phishing hook! Children play a game where they study various emails and texts and try to decide which messages are legit and which are phishing scams.
More informationFAQ. Usually appear to be sent from official address
FAQ 1. What is Phishing Email? A form of fraud by which an attacker masquerades as a reputable entity in order to obtain your personal information. Usually appear to be sent from official email address
More informationEasy Survey Creator: User s Guide
Easy Survey Creator: User s Guide The Easy Survey Creator software is designed to enable faculty, staff, and students at the University of Iowa Psychology Department to quickly and easily create surveys
More informationSPOOFING. Information Security in Systems & Networks Public Development Program. Sanjay Goel University at Albany, SUNY Fall 2006
SPOOFING Information Security in Systems & Networks Public Development Program Sanjay Goel University at Albany, SUNY Fall 2006 1 Learning Objectives Students should be able to: Determine relevance of
More informationFrequently Asked Questions
Frequently Asked Questions ABOUT THE COMMUNITY What is an online research community? An online research community is a group of individuals with similar interests, and experiences, who have voluntarily
More informationPhishing. Spoofed s
Phishing Spoofed emails 1 A Few Headlines 11.9 million Americans clicked on a phishing email in 2005 Gartner estimates that the total financial losses attributable to phishing will total $2.8 bln in 2006
More informationAttacks Against Websites. Tom Chothia Computer Security, Lecture 11
Attacks Against Websites Tom Chothia Computer Security, Lecture 11 A typical web set up TLS Server HTTP GET cookie Client HTML HTTP file HTML PHP process Display PHP SQL Typical Web Setup HTTP website:
More informationSecure Recipient Guide
Secure Email Recipient Guide Contents How to open your first Encrypted Message.... 3 Step-by-Step Guide to Opening Your First Envelope... 3 Step One:... 3 Step Two:... 4 Step Three:... 4 Step Four:...
More informationManually Create Phishing Page For Facebook 2014
Manually Create Phishing Page For Facebook 2014 While you are creating phishing page manually you have to do a lot of work Web Templates -- For importing premade template for Gmail, Facebook from SET.
More informationassignment #9: usability study and website design
assignment #9: usability study and website design group #3 christina carrasquilla sarah hough stacy rempel executive summary This report will examine the usability of the website http://iwantsandy.com
More informationAccessing Your Payroll Stubs via
Accessing Your Payroll Stubs via Email Logging On to a Computer within the District: (does not apply to your computer at home) 1) Turn on the computer, if it is not already on. At this screen, press the
More informationWeb Security, Summer Term 2012
IIG University of Freiburg Web Security, Summer Term 2012 Brocken Authentication and Session Management Dr. E. Benoist Sommer Semester Web Security, Summer Term 2012 7 Broken Authentication and Session
More informationWeb Security, Summer Term 2012
Table of Contents IIG University of Freiburg Web Security, Summer Term 2012 Brocken Authentication and Session Management Dr. E. Benoist Sommer Semester Introduction Examples of Attacks Brute Force Session
More informationStream Features Application Usability Test Report
Stream Features Application Usability Test Report Erin Norton and Katelyn Waara HU 4628: Usability and Instruction Writing Michigan Technological University April 24, 2013 Table of Contents Executive Summary
More informationQuick Heal Total Security for Android. Anti-Theft Security. Web Security. Backup. Real-Time Protection. Safe Online Banking & Shopping.
Quick Heal Total Security for Android Anti-Theft Security. Web Security. Backup. Real-Time Protection. Safe Online Banking & Shopping. Product Highlights Complete protection for your Android device that
More informationTec-Ed Whitepaper. Extended Validation. Prepared by Tec-Ed, Inc Varsity Drive, Suite A Ann Arbor, MI 48108
Tec-Ed Whitepaper Extended Validation 4300 Varsity Drive, Suite A Ann Arbor, MI 48108 734-995-1010 (office) 734-995-1025 (fax) October 2007 Contents Executive Summary of Study Findings 1 Recognition of
More informationKASPERSKY FRAUD PREVENTION FOR ENDPOINTS
KASPERSKY FRAUD PREVENTION FOR ENDPOINTS www.kaspersky.com KASPERSKY FRAUD PREVENTION 1. Ways of Attacking Online Banking The prime motive behind cybercrime is making money and today s sophisticated criminal
More informationSecurity PGP / Pretty Good Privacy. SANOGXXX July, 2017 Gurgaon, Haryana, India
Email Security PGP / Pretty Good Privacy SANOGXXX 10-18 July, 2017 Gurgaon, Haryana, India Issue Date: [31-12-2015] Revision: [V.1] Security issues for E-mail Confidentiality Network admin can read your
More informationQuick recap on ing Security Recap on where to find things on Belvidere website & a look at the Belvidere Facebook page
Workshop #7 Email Security Previous workshops 1. Introduction 2. Smart phones & Tablets 3. All about WatsApp 4. More on WatsApp 5. Surfing the Internet 6. Emailing Quick recap on Emailing Email Security
More informationA short introduction to. designing user-friendly interfaces
A short introduction to designing user-friendly interfaces Usability is often ignored until it becomes a problem Introduction This booklet is about Usability and User Experience design. It is aimed at
More informationANATOMY OF A SPEAR PHISHING ATTACK. A Menlo Security Research Report
ANATOMY OF A SPEAR PHISHING ATTACK A Menlo Security Research Report Overview Today s CISOs are trying unsuccessfully to mitigate the threat of malware and credential theft, the two greatest risks associated
More informationYour security on click Jobs
Your security on click Jobs At Click Jobs is a trading name of Raspberry Recruitment Limited, we're committed to helping you find the right job in a safe and secure environment. On these pages, you can
More informationAnalytics, Insights, Cookies, and the Disappearing Privacy
Analytics, Insights, Cookies, and the Disappearing Privacy What Are We Talking About Today? 1. Logfiles 2. Analytics 3. Google Analytics 4. Insights 5. Cookies 6. Privacy 7. Security slide 2 Logfiles Every
More informationPNC.com, Weather.com & SouthWest.com. Usability Analysis. Tyler A. Steinke May 8, 2014 IMS 413
PNC.com, Weather.com & SouthWest.com Usability Analysis Tyler A. Steinke May 8, 2014 IMS 413 2 P a g e S t e i n k e Table of Contents Introduction 3 Executive Summary 3 Methodology 4 Results 4 Recommendations
More informationQualtrics Survey Software
Qualtrics Survey Software GETTING STARTED WITH QUALTRICS Qualtrics Survey Software 0 Contents Qualtrics Survey Software... 2 Welcome to Qualtrics!... 2 Getting Started... 2 Creating a New Survey... 5 Homepage
More informationSelecting a Housing Proxy
Selecting a Housing Proxy If you are abroad or on Personal Leave and will return to campus for Fall 2017 OR you will not be on campus during Housing Selection weekend, you need to designate a person (
More informationPhishing. Eugene Davis UAH Information Security Club April 11, 2013
Phishing Eugene Davis UAH Information Security Club April 11, 2013 Overview A social engineering attack in which the attacker impersonates a trusted entity Attacker attempts to retrieve privileged information
More informationPortal Recipient Guide
Portal Recipient Guide For Virtual Cabinet Reckon Software Limited 2017 Contents 1 Introduction... 3 2 Account Activation... 3 3 Forgotten Password... 7 4 Authenticating your Device & Browser... 11 5 Troubleshooting...
More informationInformation Security CS 526 Topic 11
Information Security CS 526 Topic 11 Web Security Part 1 1 Readings for This Lecture Wikipedia HTTP Cookie Same Origin Policy Cross Site Scripting Cross Site Request Forgery 2 Background Many sensitive
More informationCustom Plugin A Solution to Phishing and Pharming Attacks
Custom Plugin A Solution to Phishing and Pharming Attacks Omer Mahmood School of Information Technology Charles Darwin University Darwin, NT, Australia Abstract - This paper proposes a new method to detect,
More informationLast revised: September 30, e-protocol User Guide 1
e-protocol User Guide Last revised: September 30, 2015 e-protocol User Guide 1 e-protocol is an electronic system for submitting and monitoring the status of Institutional Review Board (IRB) submissions.
More informationMulti-Factor Authentication: Security or Snake Oil? Steven Myers Rachna Dhamija Jeffrey Friedberg
Multi-Factor Authentication: Security or Snake Oil? Steven Myers Rachna Dhamija Jeffrey Friedberg Phishing & Identity Theft Historically most online banking done with passwords (single-factor authentication)
More informationMain area: Security Additional areas: Digital Access, Information Literacy, Privacy and Reputation
Public Wi Fi Created: March 2016 Last Updated: July 2018 Estimated time: Group or individual activity: Ages: 60 minutes [10 minutes] Activity #1 [15 minutes] Activity #2 [10 minutes] Activity #3 [10 minutes]
More informationCSE 484 / CSE M 584: Computer Security and Privacy. Usable Security. Fall Franziska (Franzi) Roesner
CSE 484 / CSE M 584: Computer Security and Privacy Usable Security Fall 2017 Franziska (Franzi) Roesner franzi@cs.washington.edu Thanks to Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno, Ada Lerner,
More informationSecure Frame Communication in Browsers Review
Secure Frame Communication in Browsers Review Network Security Instructor:Dr. Shishir Nagaraja Submitted By: Jyoti Leeka October 16, 2011 1 Introduction to the topic and the reason for the topic being
More informationPhishing Defense against IDN Address Spoofing Attacks.
Phishing Defense against IDN Address Spoofing Attacks Viktor Krammer 1,2 1 E-Commerce Competence Center 2 Vienna University of Technology http://www.quero.at/ Qui quaerit, invenit. Biblia Vulgata, Lc 11,
More informationCIS 4360 Secure Computer Systems XSS
CIS 4360 Secure Computer Systems XSS Professor Qiang Zeng Spring 2017 Some slides are adapted from the web pages by Kallin and Valbuena Previous Class Two important criteria to evaluate an Intrusion Detection
More informationPROTECTING YOUR BUSINESS ASSETS
PROTECTING YOUR BUSINESS ASSETS How to Spot Danger Before Your Computer Gets Infected, Your Site Hosts Malware, and Your Credit Card Number Gets Stolen A MyNAMS Presentation by Regina Smola @2012 Regina
More informationSTEAM Clown Production. Passwords. STEAM Clown & Productions Copyright 2016 STEAM Clown. Page 1 - Cyber Security Class
Production Passwords Page 1 - Cyber Security Class Copyright 2016 Does It Matter? Is your email password the same as your Facebook password? Is that Good? Bad? Why? Page 2 - Cyber Security Class Copyright
More informationCS 361S. Phishing. Vitaly Shmatikov
CS 361S Phishing Vitaly Shmatikov $1,500,000,000 Global losses from phishing in 2012 estimated at $1.5 Billion Source: RSA Fraud Report slide 2 MillerSmiles.co.uk slide 3 A Snapshot of My Mailbox service@paypal.com
More informationWeb Security. Course: EPL 682 Name: Savvas Savva
Web Security Course: EPL 682 Name: Savvas Savva [1] A. Barth and C. Jackson and J. Mitchell, Robust Defenses for Cross-Site Request Forgery, pub. in 15th ACM Conference, 2008. [2] L. Huang and A. Moshchuk
More informationWebomania Solutions Pvt. Ltd. 2017
The other name for link manipulation is Phishing or you can say link manipulation is type of phishing attack done generally to mislead the user to a replica website or a looka-like of some well-known site.
More informationIntroduction. Logging in. WebMail User Guide
Introduction modusmail s WebMail allows you to access and manage your email, quarantine contents and your mailbox settings through the Internet. This user guide will walk you through each of the tasks
More informationAnti-Phishing Working Group
Phishing Attack Trends Report April, 2004 Phishing attacks use spoofed e-mails and fraudulent websites designed to fool recipients into divulging personal financial data such as credit card numbers, account
More informationBerner Fachhochschule Haute cole spcialise bernoise Berne University of Applied Sciences 2
Table of Contents Hacking Web Sites Broken Authentication Emmanuel Benoist Spring Term 2018 Introduction Examples of Attacks Brute Force Session Spotting Replay Attack Session Fixation Attack Session Hijacking
More informationFIS Client Point Getting Started Guide
FIS Client Point Getting Started Guide Table of Contents Introduction... 4 Key Features... 4 Client Point Recommended Settings... 4 Browser and Operating Systems... 4 PC and Browser Settings... 5 Screen
More informationOpenID Security Analysis and Evaluation
University of British Columbia OpenID Security Analysis and Evaluation San-Tsai Sun, Kirstie Hawkey, Konstantin Beznosov Laboratory for Education and Research in Secure Systems Engineering (LERSSE) University
More informationOBTAINING AND USING OWNCLOUD ACCOUNT WITH WESTGRID
OBTAINING AND USING OWNCLOUD ACCOUNT WITH WESTGRID To transfer files from the field trips to the repository, we will be using an interface called OwnCloud. OwnCloud is very much like DropBox or Google
More informationSona Systems, Ltd. Experiment Management System
Sona Systems, Ltd. Experiment Management System 1 RESEARCHER/P.I. DOCUMENTATION Introduction The Experiment Management System is used for the scheduling and management of research participants and the
More informationLogging in to SecureSync
This document provides instructions for logging in to SecureSync as well as describes system requirements and how to retrieve forgotten passwords. System Requirements SecureSync currently supports the
More informationWhy was an extra step of choosing a Security Image added to the sign-in process?
General Information Why was an extra step of choosing a Security Image added to the sign-in process? Criminals can create websites that look very similar to legitimate business websites. We want to take
More informationDirections for Students to Retrieve 1098-Ts Electronically
Directions for Students to Retrieve 1098-Ts Electronically You institution has contracted with Vangent, Inc. a General Dynamics company, to process your 1098-T. As part of this service you have access
More informationDirections for Students to Retrieve 1098-Ts Electronically
Directions for Students to Retrieve 1098-Ts Electronically Kutztown University has contracted with Vangent, Inc. a General Dynamics company, to process your 1098-T. As part of this service you have access
More informationWeb Browser Questions What Web browsers does Johnson Bank Retirement Plan Services support?
FREQUENTLY ASKED QUESTIONS AND ANSWERS Security Questions How secure is the Johnson On-Line - Retirement Account site? What is "strong" SSL encryption? Does the user need a special browser for it? What
More informationIf you're having any trouble accessing Cayuse 424 or the Research Suite, you may want to clear your cookies [1].
Published on Cayuse Support (http://support.cayuse.com) Home > Browser Support & Configuration Browser Support & Configuration The Research Suite is supported in recent versions of Firefox and Internet
More informationPhishing Attacks. Mendel Rosenblum. CS142 Lecture Notes - Phishing Attack
Phishing Attacks Mendel Rosenblum Phishing Basic idea: Get unsuspecting users to visit an evil Web site Convince them that the evil Web site is actually a legitimate site (such as a bank or PayPal) Trick
More informationReport Exec Enterprise Browser Settings. Choose Settings Topic
Report Exec Enterprise Browser Settings Choose Settings Topic Overview... 2 Technical Support... 2 Windows OS... 2 Microsoft Internet Explorer... 2... 2 Trusted Sites... 3 Browsing History... 3 Temporary
More informationStop sweating the password and learn to love public key cryptography. Chris Streeks Solutions Engineer, Yubico
1 Stop sweating the password and learn to love public key cryptography Chris Streeks Solutions Engineer, Yubico Stop Sweating the Password! 2 Agenda Introduction The modern state of Phishing How to become
More informationElementary Computing CSC 100. M. Cheng, Computer Science
Elementary Computing CSC 100 1 Internet (2) TCP/IP and IP Addresses Hostnames and Domain Name System Internet Services Client/Server and Peer- 2- Peer Applications SPAMs & Phishing, Worms, Viruses & Trojans
More informationSecuring today s identity and transaction systems:! What you need to know! about two-factor authentication!
Securing today s identity and transaction systems:! What you need to know! about two-factor authentication! 1 Today s Speakers! Alex Doll! CEO OneID Jim Fenton! Chief Security Officer OneID 2 Contents!
More informationCOMMON WAYS IDENTITY THEFT CAN HAPPEN:
COMMON WAYS IDENTITY THEFT CAN HAPPEN: OLD FASHIONED STEALING / DUMPSTER DIVING Thieves typically steal wallets and purses. They also steal mail such as credit card and bank statements, pre-approved credit
More information24 User education and phishing
24 User education and phishing Lujo Bauer, Nicolas Christin, and Abby Marsh Engineering & Public Policy April 11, 2016 05-436 / 05-836 / 08-534 / 08-734 Usable Privacy and Security 1 2 ebay: Urgent Notification
More informationSpam Protection Guide
Spam Email Protection Guide Version 1.0 Last Modified 5/29/2014 by Mike Copening Contents Overview of Spam at RTS... 1 Types of Spam... 1 Spam Tricks... 2 Imitation of 3 rd Party Email Template... 2 Spoofed
More informationPassword Rescue: A New Approach to Phishing Prevention
Password Rescue: A New Approach to Phishing Prevention Dinei Florêncio and Cormac Herley Microsoft Research, One Microsoft Way, Redmond, WA July 7, 2006 Abstract A phishing attack exploits both the enormous
More informationSocial Phishing. Tom Jagatic Nate Johnson Markus Jakobsson Filippo Menczer
Social Phishing Tom Jagatic Nate Johnson Markus Jakobsson Filippo Menczer Dept. of Computer Science School of Informatics Indiana University, Bloomington http://www.indiana.edu/~phishing/ Motivation Web
More informationOurPartnerPortal.com
OurPartnerPortal.com New users to OurPartnerPortal.com will receive an auto-generated email providing the website address to log into www.ourpartnerportal.com with their user name and a temporary password.
More informationCS 161 Computer Security
Paxson Spring 2011 CS 161 Computer Security Discussion 6 March 2, 2011 Question 1 Cross-Site Scripting (XSS) (10 min) As part of your daily routine, you are browsing through the news and status updates
More informationNEARPOD SET UP. Download and install the Nearpod app on the instructors' ipad and on the students' devices from the App Store:
NEARPOD SET UP 1. Verify that you have WiFi internet access for all devices. 2. Installing the Nearpod app: Download and install the Nearpod app on the instructors' ipad and on the students' devices from
More informationSettings for UPlan PC Users
UPlan operates best with certain browser and screen resolution settings. This job aid will walk you through how to set these. I. UPlan IE 11 Settings (page 1) II. UPlan Firefox Settings (page 4) III. Firefox
More informationInstructions for Configuring Your Browser Settings and Online Security FAQ s
Instructions for Configuring Your Browser Settings and Online Security FAQ s General Settings The following browser settings and plug-ins are required to properly access Digital Insight s webbased solutions.
More informationThe Rise of Phishing. Dave Brunswick Tumbleweed Communications Anti-Phishing Working Group
The Rise of Phishing Dave Brunswick Tumbleweed Communications Anti-Phishing Working Group 2 The Anti-Phishing Working Group Industry association focused on eliminating identity theft and fraud from the
More informationTo register your team for an MB Mission program, you must select the Participant type option I want to register a team (I am a team leader).
To register your team for an MB Mission program, you must select the Participant type option I want to register a team (I am a team leader). Once this option is selected, you must enter a Team Name. (If
More informationFrequently Asked Questions. ECAG User Manual WHERE TO FIND -
Frequently Asked Questions Most of the time, your questions are already answered in the manual through included certification requirements, info you need to know, step-by-step guides (with pictures), and
More informationPROJECT SUMMARY Our group has chosen to conduct a usability study over
LS 560 GROUP 2 Edmund Balzer Michelle Eisele Beth Keene Christine Remenih Usability Study PAGE 4 - CONSENT FORM: REMOTE USABILITY TEST PAGE 5 - SURVEY: QUESTIONS AND GRAPHED RESULTS PAGE 10 - REPORT: OBSERVATIONS,
More informationPhishing: Don t Phall Phor It Part 1
Phishing: Don t Phall Phor It Part 1 Software Training Services Welcome to Part 1 of the online course: Phishing: Don t Fall for it! 1 Objectives Definition of Phishing State of Phishing Today Recognizing
More informationSUPPLY PORTAL MANUAL FOR USERS This document is for the users having the below role in supply portal:
SUPPLY PORTAL MANUAL FOR USERS This document is for the users having the below role in supply portal: 1. Regular Guest users (111) 2. Regular Host users (222) 3. Company Guest Coordinator (444) Contents
More informationQualys SAML 2.0 Single Sign-On (SSO) Technical Brief
Qualys SAML 2.0 Single Sign-On (SSO) Technical Brief Qualys provides its customers the option to use SAML 2.0 Single SignOn (SSO) authentication with their Qualys subscription. When implemented, Qualys
More informationCSCD 303 Essential Computer Security Fall 2018
CSCD 303 Essential Computer Security Fall 2018 Lecture 17 XSS, SQL Injection and CRSF Reading: See links - End of Slides Overview Idea of XSS, CSRF and SQL injection is to violate security of Web Browser/Server
More information3.5 SECURITY. How can you reduce the risk of getting a virus?
3.5 SECURITY 3.5.4 MALWARE WHAT IS MALWARE? Malware, short for malicious software, is any software used to disrupt the computer s operation, gather sensitive information without your knowledge, or gain
More informationSecurity and Privacy. Xin Liu Computer Science University of California, Davis. Introduction 1-1
Security and Privacy Xin Liu Computer Science University of California, Davis Introduction 1-1 What is network security? Confidentiality: only sender, intended receiver should understand message contents
More information