71 resultados para VULNERABILITIES
Resumo:
In recent years Australia’s football codes have been rocked by allegations that star players, both past and present, have acted inappropriately off-field. In some instances these allegations have involved violence towards partners. This paper explores one such case, involving former AFL great Wayne Carey. In so doing, it explores the so-called ‘cult of celebrity’ and the impact this has both on the players and the media who cover such stories. People caught up in traumatic situations labelled as domestic violence have been vulnerable to media misunderstanding and misinterpretation. Coverage of these events and issues surrounding such violence has undergone change in line with social change. Work by community groups has produced calls for further shifts in thinking and suggestions for a name change to family violence. The so‑called ‘Wayne Carey Affair’ has demonstrated that journalists have their own vulnerabilities to the cult of celebrity, with extended interviews and coverage often centred on possible explanations/ “excuses” for the behaviour patterns of this one individual avoiding the wider social policy implications. By examining coverage surrounding Wayne Carey, this paper will explore the issues surrounding this major social problem and will question the role of journalists vis a vis the particularly vulnerable individuals caught up in family violence.
Resumo:
In order to decrease information security threats caused by human-related vulnerabilities, an increased concentration on information security awareness and training is necessary. There are numerous information security awareness training delivery methods. The purpose of this study was to determine what delivery method is most successful in providing security awareness training. We conducted security awareness training using various delivery methods such as text based, game based and a short video presentation with the aim of determining user preference delivery methods. Our study suggests that a combined delvery methods are better than individual secrity awareness delivery method.
Resumo:
Whether treatment programs are effective at rehabilitating rapists is yet to be determined empirically. From a scientist–practitioner perspective, treatment should be based on an empirical understanding of rape and rapists, and evidence-based knowledge of treatment outcome with rapists. In this paper we comprehensively review the characteristics of rapists, etiological features implicated in the commission of rape, and relevant treatment outcome research. We pay particular attention to contemporary knowledge about the core vulnerabilities and features required to understand and treat rapists effectively, and, where possible, highlight similarities and differences between rapists, child molesters and non-sexual violent offenders. We use an epistemological framework to (a) critique the various etiological accounts of rape available and (b) help guide professionals' use of such knowledge in both treatment design and evaluation. Gaps in the understanding of rapists' characteristics and etiological features are highlighted, as are discrepancies between current knowledge and treatment approaches. We conclude by highlighting areas for future research and practice innovation.
Resumo:
Each year, large amounts of money and labor are spent on patching the vulnerabilities in operating systems and various popular software to prevent exploitation by worms. Modeling the propagation process can help us to devise effective strategies against those worms' spreading. This paper presents a microcosmic analysis of worm propagation procedures. Our proposed model is different from traditional methods and examines deep inside the propagation procedure among nodes in the network by concentrating on the propagation probability and time delay described by a complex matrix. Moreover, since the analysis gives a microcosmic insight into a worm's propagation, the proposed model can avoid errors that are usually concealed in the traditional macroscopic analytical models. The objectives of this paper are to address three practical aspects of preventing worm propagation: (i) where do we patch? (ii) how many nodes do we need to patch? (iii) when do we patch? We implement a series of experiments to evaluate the effects of each major component in our microcosmic model. Based on the results drawn from the experiments, for high-risk vulnerabilities, it is critical that networks reduce the number of vulnerable nodes to below 80%. We believe our microcosmic model can benefit the security industry by allowing them to save significant money in the deployment of their security patching schemes.
Resumo:
Virtual property theft is a serious problem that exists in virtual worlds. Legitimate users of these worlds invest considerable amounts of time, effort and real-world money into obtaining virtual property, but unfortunately, are becoming victims of theft in high numbers. It is reported that there are over 1 billion registered users of virtual worlds containing virtual property items worth an estimated US$50 billion dollars. The problem of virtual property theft is complex, involving many legal, social and technological issues. The software used to access virtual worlds is of great importance as they form the primary interface to these worlds and as such the primary interface to conduct virtual property theft. The security vulnerabilities of virtual world applications have not, to date, been examined. This study aims to use the process of software inspection to discover security vulnerabilities that may exist within virtual world software – vulnerabilities that enable virtual property theft to occur. Analyzing three well know virtual world applications World of Warcraft, Guild Wars and Entropia Universe, this research utilized security analysis tools and scenario testing with focus on authentication, trading, intruder detection and virtual property recovery. It was discovered that all three examples were susceptible to keylogging, mail and direct trade methods were the most likely method for transferring stolen items, intrusion detection is of critical concern to all VWEs tested, stolen items were unable to be recovered in all cases and lastly occurrences of theft were undetectable in all cases. The results gained in this study present the key problem areas which need to be addressed to improve security and reduce the occurrence of virtual property theft.
Resumo:
Virtual property theft is a serious problem that exists in virtual worlds. Legitimate users of these worlds invest considerable amounts of time, effort and real-world money into obtaining virtual property, but unfortunately, are becoming victims of theft in high numbers. It is reported that there are over 1 billion registered users of virtual worlds containing virtual property items worth an estimated US$50 billion dollars. The problem of virtual property theft is complex, involving many legal, social and technological issues. The software used to access virtual worlds is of great importance as they form the primary interface to these worlds and as such the primary interface to conduct virtual property theft. The security vulnerabilities of virtual world applications have not, to date, been examined. This study aims to use the process of software inspection to discover security vulnerabilities that may exist within virtual world software – vulnerabilities that enable virtual property theft to occur. Analyzing three well know virtual world applications World of Warcraft, Guild Wars and Entropia Universe, this research utilized security analysis tools and scenario testing with focus on authentication, trading, intruder detection and virtual property recovery. It was discovered that all three examples were susceptible to keylogging, mail and direct trade methods were the most likely method for transferring stolen items, intrusion detection is of critical concern to all VWEs tested, stolen items were unable to be recovered in all cases and lastly occurrences of theft were undetectable in all cases. The results gained in this study present the key problem areas which need to be addressed to improve security and reduce the occurrence of virtual property theft.
Resumo:
In the last decade RFID technology has become a major contender for managing large scale logistics operations and generating and distributing the massive amount of data involved in such operations. One of the main obstacles to the widespread deployment and adoption of RFID systems is the security issues inherent in them. This is compounded by a noticeable lack of literature on how to identify the vulnerabilities of a RFID system and then effectively identify and develop counter measures to combat the threats posed by those vulnerabilities. In this chapter, the authors develop a conceptual framework for analysing the threats, attacks, and security requirements pertaining to networked RFID systems. The vulnerabilities of, and the threats to, the system are identified using the threat model. The security framework itself consists of two main concepts: (1) the attack model, which identifies and classifies the possible attacks, and (2) the system model, which identifies the security requirements. The framework gives readers a method with which to analyse the threats any given system faces. Those threats can then be used to identify the attacks possible on that system and get a better understanding of those attacks. It also allows the reader to easily identify all the security requirements of that system and identify how those requirements can be met.
Resumo:
The climate change focus in Australia has shifted from mitigation to adaptation with an emphasis on place-specific case studies. The Barwon Estuary Complex (BEC) on the Bellarine Peninsula, central Victoria, was the focus of this place-specific study in which 37 local stakeholders were consulted through a series of semi-structured interviews on the impacts of climate change on their coastal community. Overall there was uniformity in stakeholder perceptions of the climate change impacts and vulnerabilities pertaining to the BEC. In contrast, discussion on adaptation drew a diversity of responses. While 53 per cent of stakeholders indicated a need to limit the use of hard structures, and rather plan around a changing estuarine environment, opinion amongst the community group was divided. Some believed ‘retreat is the only option’ whilst others felt ‘there won’t be much leaving’. The present level of confusion around adaptation highlights the imperative of commencing discussions now to allow sufficient time to develop strategies which are both environmentally and socially responsible. This is important as ultimately it will be the community that will determine whether adaptation strategies are adopted or met with resistance.
Resumo:
SQL injection vulnerabilities poses a severe threat to web applications as an SQL Injection Attack (SQLIA) could adopt new obfuscation techniques to evade and thwart countermeasures such as Intrusion Detection Systems (IDS). SQLIA gains access to the back-end database of vulnerable websites, allowing hackers to execute SQL commands in a web application resulting in financial fraud and website defacement. The lack of existing models in providing protections against SQL injection has motivated this paper to present a new and enhanced model against web database intrusions that use SQLIA techniques. In this paper, we propose a novel concept of negative tainting along with SQL keyword analysis for preventing SQLIA and described our that we implemented. We have tested our proposed model on all types of SQLIA techniques by generating SQL queries containing legitimate SQL commands and SQL Injection Attack. Evaluations have been performed using three different applications. The results show that our model protects against 100% of tested attacks before even reaching the database layer.
Resumo:
Cybercrime has rapidly developed in recent years and malware is one of the major security threats in computer which have been in existence from the very early days. There is a lack of understanding of such malware threats and what mechanisms can be used in implementing security prevention as well as to detect the threat. The main contribution of this paper is a step towards addressing this by investigating the different techniques adopted by obfuscated malware as they are growingly widespread and increasingly sophisticated with zero-day exploits. In particular, by adopting certain effective detection methods our investigations show how cybercriminals make use of file system vulnerabilities to inject hidden malware into the system. The paper also describes the recent trends of Zeus botnets and the importance of anomaly detection to be employed in addressing the new Zeus generation of malware.
Resumo:
Multiracial youth are thought to be more vulnerable to peer-related risk factors than are single-race youth. However, there have been surprisingly few well-designed studies on this topic. This study empirically investigated the extent to which multiracial youth are at higher risk for peer influenced problem behavior. Data are from a representative and longitudinal sample of youth from Washington State (N = 1,760, mean age = 14.13, 50.9% girls). Of those in the sample, 225 youth self-identified as multiracial (12.8%), 1,259 as White (71.5%), 152 as Latino (8.6%), and 124 as Asian American (7.1%). Results show that multiracial youth have higher rates of violence and alcohol use than Whites and more marijuana use than Asian Americans. Higher levels of socioeconomic disadvantage and single-parent family status partly explained the higher rates of problem behaviors among multiracial youth. Peer risk factors of substance-using or antisocial friends were higher for multiracial youth than Whites, even after socioeconomic variables were accounted for, demonstrating a higher rate of peer risks among multiracial youth. The number of substance-using friends was the most consistently significant correlate and predictor of problems and was highest among multiracial youth. However, interaction tests did not provide consistent evidence of a stronger influence of peer risks among multiracial youth. Findings underscore the importance of a differentiated understanding of vulnerability in order to better target prevention and intervention efforts as well as the need for further research that can help identify and explain the unique experiences and vulnerabilities of multiracial youth.
Resumo:
Operating systems and programmes are more protected these days and attackers have shifted their attention to human elements to break into the organisation's information systems. As the number and frequency of cyber-attacks designed to take advantage of unsuspecting personnel are increasing, the significance of the human factor in information security management cannot be understated. In order to counter cyber-attacks designed to exploit human factors in information security chain, information security awareness with an objective to reduce information security risks that occur due to human related vulnerabilities is paramount. This paper discusses and evaluates the effects of various information security awareness delivery methods used in improving end-users’ information security awareness and behaviour. There are a wide range of information security awareness delivery methods such as web-based training materials, contextual training and embedded training. In spite of efforts to increase information security awareness, research is scant regarding effective information security awareness delivery methods. To this end, this study focuses on determining the security awareness delivery method that is most successful in providing information security awareness and which delivery method is preferred by users. We conducted information security awareness using text-based, game-based and video-based delivery methods with the aim of determining user preferences. Our study suggests that a combined delivery methods are better than individual security awareness delivery method.
Resumo:
Antidepressants are amongst the most commonly prescribed classes of drugs and their use continues to grow. The World Health Organisation estimates that depression effects approximately 121 million people worldwide, with 26 million people receiving some form of medical care for depression [1]. A large number of these people will be treated with antidepressants. Moreover, antidepressants are commonly administered to special populations, such as the elderly, children and women during reproductive life stages. Depression is also commonly associated with comorbid physical illnesses [2], being overweight [3], tobacco smoking [4], poor diet [5] and lack of physical activity [6]. Large numbers of people being treated, often with vulnerabilities, increases the likelihood of adverse drug reactions to antidepressant treatment.
Resumo:
There are two fundamental challenges in effectively performing security risk assessment in today's IT projects.The first is the project manager's need to know what IT security risks face the project before the project begins. At this stage IT security staff are unable to answer this question without first knowing the system requirements for the project which are yet to be defined. Second organisations that deal with a large project throughput each year find the current IT security risk assessment process to be tedious and expensive, especially when the same process has to be repeated for each individual project. This also makes it difficult for an organisation to prioritise which projects require more investment in IT security in order to fit within budget constraints. This paper presents a conceptual model that is based on an agile approach to alleviate these challenges. We do this by first analysing two online database resources of vulnerabilities by comparing them to each other, and then compare them to the agile criteria of the conceptual model which we define. The conceptual model is then presented and an example is given of how it can be applied to an actual project. We then briefly discuss what further work needs to be done to implement the conceptual model and validate it against an existing IT project.
Resumo:
Radio Frequency Identification (RFID) is an emerging wireless object identification technology with many potential applications such as supply chain management, personnel tracking and healthcare. However, security vulnerabilities of the RFID system have been a serious concern for its wide adoption in many applications. Although much work has been done to provide privacy and anonymity, little focus has been given to ensure RFID data confidentiality, integrity and to address the tampered data recovery problem. To this end, we propose a lightweight stenographic-based approach to ensure RFID data confidentiality and integrity as well as the recovery of tampered RFID data.
