Social engineering in social networking sites : affect-based model

While social engineering represents a real and ominous threat to many organizations, companies, governments, and individuals, social networking sites (SNSs), have been identified as among the most common means of social engineering attacks. Owing to factors that reduce the ability of users to detect social engineering tricks and increase the ability of attackers to launch them, SNSs seem to be perfect breeding ground for exploiting the vulnerabilities of people, and the weakest link in security. This work will contribute to the knowledge of social engineering by identifying different entities and subentities that affect social engineering based attacks in SNSs. Moreover, this paper includes an intensive and comprehensive overview of different aspects of social engineering threats in SNSs.

Toward understanding social engineering

There is no doubt that social engineering plays a vital role in compromising most security defenses, and in attacks on people, organizations, companies, or even governments. It is the art of deceiving and tricking people to reveal critical information or to perform an action that benefits the attacker in some way. Fraudulent and deceptive people have been using social engineering traps and tactics using information technology such as e-mails, social networks, web sites, and applications to trick victims into obeying them, accepting threats, and falling victim to various crimes and attacks such as phishing, sexual abuse, financial abuse, identity theft, impersonation, physical crime, and many other forms of attack. Although organizations, researchers, practitioners, and lawyers recognize the severe risk of social engineering-based threats, there is a severe lack of understanding and controlling of such threats. One side of the problem is perhaps the unclear concept of social engineering as well as the complexity of understand human behaviors in behaving toward, approaching, accepting, and failing to recognize threats or the deception behind them. The aim of this paper is to explain the definition of social engineering based on the related theories of the many related disciplines such as psychology, sociology, information technology, marketing, and behaviourism. We hope, by this work, to help researchers, practitioners, lawyers, and other decision makers to get a fuller picture of social engineering and, therefore, to open new directions of collaboration toward detecting and controlling it.

Social and cultural borders in Rio de Janeiro : the everyday life of community and mainstream photojournalists

This paper takes a multimethod approach which combines ethnographic techniques and discourse studies to investigate two contrasting professional groups: community photographers, who are favela dwellers who have developed photographic projects in Brazil‘s favelas, and photojournalists of the mainstream media. Its purpose is to determine how a cultural and social divide in the city of Rio de Janeiro shapes both community photographers and mainstream photojournalists’ practices, discourses, and identities. While community photographers strive to establish a humane and positive view about favelas and their residents by shifting the focus from poverty, shortages, violence, and criminality to images of the ordinary life, mainstream photojournalists express the view that their role is of primary importance for the defence of human rights in the favelas by helping to prevent, for instance, police abuses and violations. As the data analysis indicated the existence of socio-spatial borders all over Rio de Janeiro, this study adopted the idea of a divided city without denying interconnections between favelas and the city’s political life. Through the analysis of categories which emerged from the data, the complex world of documenting favela life is explored. The major themes touched upon are: the breakdown between the mainstream media and the favela communities; the different kinds of relationships which arise in Rio’s low income suburbs; and the gradual return of mainstream news workers to favelas.

Modifying behaviour to reduce over-speeding in work-related drivers : an objective approach

The goal of this study was to utilise an objective measurement tool, via an on-board Diagnostic tool (OBDII), to explore the effectiveness of a behaviour modification intervention designed to reduce over-speed violations in a group of work-related drivers. It was predicted that over-speed violations would be decreased following participation in a behaviour modification intervention where drivers received weekly feedback on their speeding performance and goal setting exercises. The final analysis included the on-road behaviour of 16 drivers, all of whom completed each stage of the intervention program. As predicted, over-speed violations significantly decreased from pre-test to post-test, after controlling for kilometres driven. These findings offer practical guidance for industry in developing interventions designed to improve work-related driving behaviour.

Trade in 'Dirty Air' : carbon crime and the politics of pollution

‘Carbon trading fraudsters may have accounted for up to 90% of all market activity in some European countries, with criminals pocketing billions, mainly in Britain, France, Spain, Denmark and Holland, according to Europol and the European law enforcement agency.’ (Mason, 2009). ‘Carbon offset projects often result in land grabs, local environmental and social conflicts, as well as the repression of local communities and movements. The CDM approval process for projects allows little space for the voices of Indigenous Peoples and local communities – in fact, no project has ever been rejected on the grounds of rights violations, despite these being widespread’. (Carbon Trade Watch, 2013)

Demonstrating accountable-eHealth systems

The security and privacy of patient information is one of the biggest hindrances to the wide adoption of eHealth systems. For eHealth systems to be successful they must provide protection for patients’ privacy while ensuring healthcare professionals are able to access the information necessary to provide appropriate care. Accountable-eHealth systems are a proposed solution to these potentially competing concerns by enforcing appropriate use and after-the-fact accountability measures. We have developed a Web-based prototype to demonstrate scenarios of how both appropriate and inappropriate use of patient information would be handled in an Accountable-eHealth system.

Key-private proxy re-encryption under LWE

Proxy re-encryption (PRE) is a highly useful cryptographic primitive whereby Alice and Bob can endow a proxy with the capacity to change ciphertext recipients from Alice to Bob, without the proxy itself being able to decrypt, thereby providing delegation of decryption authority. Key-private PRE (KP-PRE) specifies an additional level of confidentiality, requiring pseudo-random proxy keys that leak no information on the identity of the delegators and delegatees. In this paper, we propose a CPA-secure PK-PRE scheme in the standard model (which we then transform into a CCA-secure scheme in the random oracle model). Both schemes enjoy highly desirable properties such as uni-directionality and multi-hop delegation. Unlike (the few) prior constructions of PRE and KP-PRE that typically rely on bilinear maps under ad hoc assumptions, security of our construction is based on the hardness of the standard Learning-With-Errors (LWE) problem, itself reducible from worst-case lattice hard problems that are conjectured immune to quantum cryptanalysis, or “post-quantum”. Of independent interest, we further examine the practical hardness of the LWE assumption, using Kannan’s exhaustive search algorithm coupling with pruning techniques. This leads to state-of-the-art parameters not only for our scheme, but also for a number of other primitives based on LWE published the literature.

HPAKE : Password authentication secure against cross-site user impersonation

We propose a new kind of asymmetric mutual authentication from passwords with stronger privacy against malicious servers, lest they be tempted to engage in “cross-site user impersonation” to each other. It enables a person to authenticate (with) arbitrarily many independent servers, over adversarial channels, using a memorable and reusable single short password. Beside the usual PAKE security guarantees, our framework goes to lengths to secure the password against brute-force cracking from privileged server information.

Reflexive Dwelling: The body as representation of wall

In a play-within-a-play, the Mechanicals' production within William Shakespeare's A Midsummer Night's Dream, the character Snout announces his transformation to play the character of Wall. Snout's portrayal of Wall is both comical and menacing as he represents the forces that separate the lovers Pyramus and Thisbe. Wall becomes a subject in a manner no different from the lovers that he separates; his influence on their situation is brought to life. The unbecoming nature of walls to demarcate, separate, intimidate, influence and control is a relationship most can relate to in their experiences with architecture. It is in these moments that architecture leaps from the sphere of object into the realm of subject; where we might be involved in some intense struggle with the placement of a wall, the wall that might separate us from a lover, justice, freedom, power or privacy. This study investigates how this struggle is portrayed through the human body as representation of walls in performance.

New paradigms for password security

For the past several decades, cryptographers have consistently provided us with stronger and more capable primitives and protocols that have found many applications in security systems in everyday life. One of the central tenets of cryptographic design is that, whereas a system’s architecture ought to be public and open to scrutiny, the keys on which it depends — long, utterly random, unique strings of bits — will be perfectly preserved by their owner, and yet nominally inaccessible to foes.

Producing while consuming: Social interaction around photos shared within private group

User-generated content plays a pivotal role in the current social media. The main focus, however, has been on the explicitly generated user content such as photos, videos and status updates on different social networking sites. In this paper, we explore the potential of implicitly generated user content, based on users’ online consumption behaviors. It is technically feasible to record users’ consumption behaviors on mobile devices and share that with relevant people. Mobile devices with such capabilities could enrich social interactions around the consumed content, but it may also threaten users’ privacy. To understand the potentials of this design direction we created and evaluated a low-fidelity prototype intended for photo sharing within private groups. Our prototype incorporates two design concepts, namely, FingerPrint and MoodPhotos that leverage users’ consumption history and emotional responses. In this paper, we report user values and user acceptance of this prototype from three participatory design workshops.

Cyber security of networked critical infrastructures [Guest Editorial]

A new era of cyber warfare has appeared on the horizon with the discovery and detection of Stuxnet. Allegedly planned, designed, and created by the United States and Israel, Stuxnet is considered the first known cyber weapon to attack an adversary state. Stuxnet's discovery put a lot of attention on the outdated and obsolete security of critical infrastructure. It became very apparent that electronic devices that are used to control and operate critical infrastructure like programmable logic controllers (PLCs) or supervisory control and data acquisition (SCADA) systems lack very basic security and protection measures. Part of that is due to the fact that when these devices were designed, the idea of exposing them to the Internet was not in mind. However, now with this exposure, these devices and systems are considered easy prey to adversaries.

Expressive cryptography : lattice perspectives

The invention of asymmetric encryption back in the seventies was a conceptual leap that vastly increased the expressive power of encryption of the times. For the first time, it allowed the sender of a message to designate the intended recipient in an cryptographic way, expressed as a “public key” that was related to but distinct from the “private key” that, alone, embodied the ability to decrypt. This made large-scale encryption a practical and scalable endeavour, and more than anything else—save the internet itself—led to the advent of electronic commerce as we know and practice it today.

Tracking spatio temporal movement of human in terms of space utilization using media access control address data

Using Media-Access-Control (MAC) address for data collection and tracking is a capable and cost effective approach as the traditional ways such as surveys and video surveillance have numerous drawbacks and limitations. Positioning cell-phones by Global System for Mobile communication was considered an attack on people's privacy. MAC addresses just keep a unique log of a WiFi or Bluetooth enabled device for connecting to another device that has not potential privacy infringements. This paper presents the use of MAC address data collection approach for analysis of spatio-temporal dynamics of human in terms of shared space utilization. This paper firstly discuses the critical challenges and key benefits of MAC address data as a tracking technology for monitoring human movement. Here, proximity-based MAC address tracking is postulated as an effective methodology for analysing the complex spatio-temporal dynamics of human movements at shared zones such as lounge and office areas. A case study of university staff lounge area is described in detail and results indicates a significant added value of the methodology for human movement tracking. By analysis of MAC address data in the study area, clear statistics such as staff’s utilisation frequency, utilisation peak periods, and staff time spent is obtained. The analyses also reveal staff’s socialising profiles in terms of group and solo gathering. The paper is concluded with a discussion on why MAC address tracking offers significant advantages for tracking human behaviour in terms of shared space utilisation with respect to other and more prominent technologies, and outlines some of its remaining deficiencies.

The Australian Nonprofit Sector Legal and Accounting Almanac 2013

INTRODUCTION CASES For a number of years, Professor Myles McGregor-Lowndes, Frances Hannah and Anne Overell have compiled one to two page summaries of cases involving nonprofit organisations and published them on The Australian Centre for Philanthropy and Nonprofit Studies, Developing Your Organisation (DYO) website.1 You can be alerted of new case summaries as they are posted to the DYO website by subscribing to the ACPNS RSS feed or the ACPNS twitter service.2 There were some very significant cases during 2013, such as Commissioner of Taxation v Cancer & Bowel Research Association (see case notes 2.8.2 and 2.8.11), The Hunger Project case which is under appeal, but could change the face of PBI jurisprudence (see case note 2.8.7) while Home Health Pty Ltd retained the PBI status quo but might have been different if appealed (see case note 2.8.8). For sheer interest there is nothing better in my 30 odd years of reading tax and charity judgements than case involving The Study and Prevention of Psychological Diseases Foundation Incorporated (see case note 2.1.1). It even rivals some of the more bizarre cases from the US jurisdiction of which St Joseph Abbey v Castille (case note 2.10.9) is certainly ‘dead centre’. A set of cases which stand out for attention are those involving New Zealand’s Christchurch Cathedral which anyone with responsibility for heritage-listed buildings should study carefully, for implications in relation to their own circumstances. A number of cases summarised in this Almanac are working their way through the appeals process and care should be taken with their application. In addition, some of the cases are from jurisdictions outside Australia, and readers should exercise caution when considering the implications of these cases for Australian law. LEGISLATION The Almanac includes a review of major statutory amendments during 2013, which are relevant to the nonprofit sector in all Australian jurisdictions. Special thanks must go to Nathan MacDonald and the JusticeConnect team for providing legislative updates for Victoria. SPECIAL ISSUES DURING 2013 A number of legal practitioners have contributed articles on significant legal issues facing nonprofit organisations: charitable trusts giving to government entities (Alice Macdougall); workplace bullying (Tim Longwill); and privacy (James Tan and Nina Brewer). WORLD ROUND-UP Major developments from the UK and Ireland (Kerry O’Halloran), Canada (Peter Broder), New Zealand (Michael Gousmett and Susan Barker) and Jamaica (Frances Hannah) are all summarised in a review of a significant part of the common law charity jurisdictions. WHAT DOES 2014 HOLD The final section moves from looking in the rear view mirror to peering out the front windscreen to discern the reform agenda. The view from the windscreen in 2013 was of considerable reform traffic at the Commonwealth level jostling for a place in the parliamentary agenda. This year is quite different with a smaller number of vehicles ahead, but the potential for significant impact.