Health vulnerabilities: the diagnosis of freshmen from a portuguese university

The start of university is presented as a crucial stage in the life of the student. If, on the one hand, it is a period of increased autonomy and freedom, on the other, it is a period that also increases the sense of responsibility and self discipline. In this study, based on a quantitative approach, we identified the main risk situations experienced by freshmen at the University of Evora, by applying a questionnaire developed for this purpose and the Beck inventory. Key findings are highlighted, such as the consumption of harmful substances (tobacco, alcohol and illicit drugs), whose values exceed the average population. The consumption of alcoholic beverages begins early and is continuous and excessive. Also, the presence of symptoms compatible with dysphoria and depression is noted in about 9% of students. Self-medication practices were found in 58.7% of the freshmen. Our findings reveal the need for preventive intervention by health professionals, due to these young people’s great exposure to health risks.

Rapid and Proactive Approach on Exploration of Database Vulnerabilities

In today's complicated computing environment, managing data has become the primary concern of all industries. Information security is the greatest challenge and it has become essential to secure the enterprise system resources like the databases and the operating systems from the attacks of the unknown outsiders. Our approach plays a major role in detecting and managing vulnerabilities in complex computing systems. It allows enterprises to assess two primary tiers through a single interface as a vulnerability scanner tool which provides a secure system which is also compatible with the security compliance of the industry. It provides an overall view of the vulnerabilities in the database, by automatically scanning them with minimum overhead. It gives a detailed view of the risks involved and their corresponding ratings. Based on these priorities, an appropriate mitigation process can be implemented to ensure a secured system. The results show that our approach could effectively optimize the time and cost involved when compared to the existing systems

Foster carer experience in Spain : Analysis of the vulnerabilities of a permanent model

Resumen tomado de la publicaci??n

Smartphone malware based on synchronisation vulnerabilities

Smartphones are mobile phones that offer processing power and features like personal computers (PC) with the aim of improving user productivity as they allow users to access and manipulate data over networks and Internet, through various mobile applications. However, with such anywhere and anytime functionality, new security threats and risks of sensitive and personal data are envisaged to evolve. With the emergence of open mobile platforms that enable mobile users to install applications on their own, it opens up new avenues for propagating malware among various mobile users very quickly. In particular, they become crossover targets of PC malware through the synchronization function between smartphones and computers. Literature lacks detailed analysis of smartphones malware and synchronization vulnerabilities. This paper addresses these gaps in literature, by first identifying the similarities and differences between smartphone malware and PC malware, and then by investigating how hackers exploit synchronization vulnerabilities to launch their attacks.

Macroeconomic trade-offs and external vulnerabilities of human development in Nicaragua

Nicaragua is making progress towards the Millennium Development Goals, but is set to miss a number of targets in 2015. This paper’s general equilibrium analysis shows that it is unfeasible for the government to step up spending in order to meet these targets by the 2015 deadline. Any boost to public spending and financing would have to be front-loaded, which would entail pernicious macroeconomic trade-offs. A more realistic scenario would be to postpone meeting the goals until 2020. In that case, the allocation of public spending would spur economic growth without causing macroeconomic hardships, although the country would nevertheless remain highly vulnerable to external shocks.

Late diagnosis and vulnerabilities of the elderly living with HIV/AIDS

Objective: To identify vulnerabilities of elderly people with HIV/AIDS and the trajectory that they follow until reaching the diagnosis of the disease. Method: Qualitative research conducted in specialized clinics in the state of Sao Paulo, from January to June 2011. Semi-structured interviews were conducted with 11 elderly people who were found to be infected with the virus at the age of 60 years or older. The interviews were analyzed using content analysis. Results: In this process four categories emerged, then analyzed with reference to the theoretical framework of vulnerability. Conclusion: Late diagnosis of HIV infection or AIDS among the elderly happens in the secondary or tertiary service. Issues related to sexual life of the elderly are only questioned by health professionals after the diagnosis, also the time that condom use becomes absolute. It is believed that the investigation of the vulnerability of the elderly to HIV/AIDS allows for carrying out appropriate interventions for this population.

Human Trafficking Victims and Their Children: Assessing Needs, Vulnerabilities, Strengths, and Survivorship

Given the increased awareness and attention to human trafficking, including the establishment of federal laws and policies, federally funded task forces that provide law enforcement responses, and specialized victim services, it is important to assess the impact of these procedures and services on survivors/victims of international human trafficking and their immigrant children. By federal definition, certified victims of international human trafficking are eligible for all services provided to refugees in this country, including reunification with their minor children. This research is based on a qualitative study conducted in Austin and Houston, Texas with human trafficking victims/survivors. The project’s goal was to gain an understanding of the needs of human trafficking survivors after their rescue, their overall integration into American life, and the subsequent needs of their immigrant children after reunification. The project objectives examined the factors that either promote or hinder self-sufficiency, the determination of social service needs, and policy and practice recommendations to strengthen survivors, their children and their families living both locally and abroad. For this project, nine (n = 9) in-depth interviews were conducted with adult foreign-born victims of human trafficking. Researchers gathered data using a semi-structured questionnaire that queried about factors that promote or hinder victims’ services and needs. Interviews were conducted in participants’ homes using bilingual research staff and/or trained interpreters, were digitally-recorded, and subsequently transcribed. Participation in this study was completely voluntary. Specific steps were taken to ensure that the participants’ identities were protected. Open coding of data was utilized and the data were subsequently organized or grouped into properties and later developed into contextual themes around the research questions. The findings are grounded with the use of direct quotes from participants. As a result of progressive U.S. policy, many victims of human trafficking are being reunited with their minor children. Immigrant children are one of the largest and fastest growing populations in the U.S. and for a variety of reasons are vulnerable to exploitation. Research also indicates that victims of trafficking are identified by traffickers because of their perceived “vulnerabilities” or lack of opportunities (Clark, 2003). Therefore, it is important that practices and policies are developed to address the unique needs of these families with an eye toward positive outcomes for parent and child safety and well-being. Social service providers are provided a toolkit that may be utilized before and during the reunification period.

Commentary: “Human Trafficking Victims and Their Children: Assessing Needs, Vulnerabilities, Strengths, and Survivorship"

A commentary on Busch-Armendariz, Nsonwu, and Heffron’s article, “Human Trafficking Victims and Their Children: Assessing Needs, Vulnerabilities, Strengths, and Survivorship,” noting key findings and calling for further research.

Defending against cybercrime: advances in the detection of malicious servers and the analysis of client-side vulnerabilities

Esta tesis se centra en el análisis de dos aspectos complementarios de la ciberdelincuencia (es decir, el crimen perpetrado a través de la red para ganar dinero). Estos dos aspectos son las máquinas infectadas utilizadas para obtener beneficios económicos de la delincuencia a través de diferentes acciones (como por ejemplo, clickfraud, DDoS, correo no deseado) y la infraestructura de servidores utilizados para gestionar estas máquinas (por ejemplo, C & C, servidores explotadores, servidores de monetización, redirectores). En la primera parte se investiga la exposición a las amenazas de los ordenadores victimas. Para realizar este análisis hemos utilizado los metadatos contenidos en WINE-BR conjunto de datos de Symantec. Este conjunto de datos contiene metadatos de instalación de ficheros ejecutables (por ejemplo, hash del fichero, su editor, fecha de instalación, nombre del fichero, la versión del fichero) proveniente de 8,4 millones de usuarios de Windows. Hemos asociado estos metadatos con las vulnerabilidades en el National Vulnerability Database (NVD) y en el Opens Sourced Vulnerability Database (OSVDB) con el fin de realizar un seguimiento de la decadencia de la vulnerabilidad en el tiempo y observar la rapidez de los usuarios a remiendar sus sistemas y, por tanto, su exposición a posibles ataques. Hemos identificado 3 factores que pueden influir en la actividad de parches de ordenadores victimas: código compartido, el tipo de usuario, exploits. Presentamos 2 nuevos ataques contra el código compartido y un análisis de cómo el conocimiento usuarios y la disponibilidad de exploit influyen en la actividad de aplicación de parches. Para las 80 vulnerabilidades en nuestra base de datos que afectan código compartido entre dos aplicaciones, el tiempo entre el parche libera en las diferentes aplicaciones es hasta 118 das (con una mediana de 11 das) En la segunda parte se proponen nuevas técnicas de sondeo activos para detectar y analizar las infraestructuras de servidores maliciosos. Aprovechamos técnicas de sondaje activo, para detectar servidores maliciosos en el internet. Empezamos con el análisis y la detección de operaciones de servidores explotadores. Como una operación identificamos los servidores que son controlados por las mismas personas y, posiblemente, participan en la misma campaña de infección. Hemos analizado un total de 500 servidores explotadores durante un período de 1 año, donde 2/3 de las operaciones tenían un único servidor y 1/2 por varios servidores. Hemos desarrollado la técnica para detectar servidores explotadores a diferentes tipologías de servidores, (por ejemplo, C & C, servidores de monetización, redirectores) y hemos logrado escala de Internet de sondeo para las distintas categorías de servidores maliciosos. Estas nuevas técnicas se han incorporado en una nueva herramienta llamada CyberProbe. Para detectar estos servidores hemos desarrollado una novedosa técnica llamada Adversarial Fingerprint Generation, que es una metodología para generar un modelo único de solicitud-respuesta para identificar la familia de servidores (es decir, el tipo y la operación que el servidor apartenece). A partir de una fichero de malware y un servidor activo de una determinada familia, CyberProbe puede generar un fingerprint válido para detectar todos los servidores vivos de esa familia. Hemos realizado 11 exploraciones en todo el Internet detectando 151 servidores maliciosos, de estos 151 servidores 75% son desconocidos a bases de datos publicas de servidores maliciosos. Otra cuestión que se plantea mientras se hace la detección de servidores maliciosos es que algunos de estos servidores podrán estar ocultos detrás de un proxy inverso silente. Para identificar la prevalencia de esta configuración de red y mejorar el capacidades de CyberProbe hemos desarrollado RevProbe una nueva herramienta a través del aprovechamiento de leakages en la configuración de la Web proxies inversa puede detectar proxies inversos. RevProbe identifica que el 16% de direcciones IP maliciosas activas analizadas corresponden a proxies inversos, que el 92% de ellos son silenciosos en comparación con 55% para los proxies inversos benignos, y que son utilizado principalmente para equilibrio de carga a través de múltiples servidores. ABSTRACT In this dissertation we investigate two fundamental aspects of cybercrime: the infection of machines used to monetize the crime and the malicious server infrastructures that are used to manage the infected machines. In the first part of this dissertation, we analyze how fast software vendors apply patches to secure client applications, identifying shared code as an important factor in patch deployment. Shared code is code present in multiple programs. When a vulnerability affects shared code the usual linear vulnerability life cycle is not anymore effective to describe how the patch deployment takes place. In this work we show which are the consequences of shared code vulnerabilities and we demonstrate two novel attacks that can be used to exploit this condition. In the second part of this dissertation we analyze malicious server infrastructures, our contributions are: a technique to cluster exploit server operations, a tool named CyberProbe to perform large scale detection of different malicious servers categories, and RevProbe a tool that detects silent reverse proxies. We start by identifying exploit server operations, that are, exploit servers managed by the same people. We investigate a total of 500 exploit servers over a period of more 13 months. We have collected malware from these servers and all the metadata related to the communication with the servers. Thanks to this metadata we have extracted different features to group together servers managed by the same entity (i.e., exploit server operation), we have discovered that 2/3 of the operations have a single server while 1/3 have multiple servers. Next, we present CyberProbe a tool that detects different malicious server types through a novel technique called adversarial fingerprint generation (AFG). The idea behind CyberProbe’s AFG is to run some piece of malware and observe its network communication towards malicious servers. Then it replays this communication to the malicious server and outputs a fingerprint (i.e. a port selection function, a probe generation function and a signature generation function). Once the fingerprint is generated CyberProbe scans the Internet with the fingerprint and finds all the servers of a given family. We have performed a total of 11 Internet wide scans finding 151 new servers starting with 15 seed servers. This gives to CyberProbe a 10 times amplification factor. Moreover we have compared CyberProbe with existing blacklists on the internet finding that only 40% of the server detected by CyberProbe were listed. To enhance the capabilities of CyberProbe we have developed RevProbe, a reverse proxy detection tool that can be integrated with CyberProbe to allow precise detection of silent reverse proxies used to hide malicious servers. RevProbe leverages leakage based detection techniques to detect if a malicious server is hidden behind a silent reverse proxy and the infrastructure of servers behind it. At the core of RevProbe is the analysis of differences in the traffic by interacting with a remote server.