Who is more susceptible to phishing emails? : a Saudi Arabian study

Phishing emails cause enormous losses to both users and organisations. The goal of this study is to determine which individuals are more vulnerable to phishing emails. To gain this information an experiment has been developed which involves sending phishing email to users and collecting information about users. The detection deception model has been applied to identify users’ detection behaviour. We find that users who have less email experience and high levels of submissiveness have increased susceptibility. Among those, users who have high susceptibility levels and high openness and extraversion are more likely to carry on the harmful action embedded in phishing emails.

Genome-wide association study identifies new multiple sclerosis susceptibility loci on chromosomes 12 and 20

To identify multiple sclerosis (MS) susceptibility loci, we conducted a genome-wide association study (GWAS) in 1,618 cases and used shared data for 3,413 controls. We performed replication in an independent set of 2,256 cases and 2,310 controls, for a total of 3,874 cases and 5,723 controls. We identified risk-associated SNPs on chromosome 12q13-14 (rs703842, P = 5.4 x 10(-11); rs10876994, P = 2.7 x 10(-10); rs12368653, P = 1.0 x 10(-7)) and upstream of CD40 on chromosome 20q13 (rs6074022, P = 1.3 x 10(-7); rs1569723, P = 2.9 x 10(-7)). Both loci are also associated with other autoimmune diseases. We also replicated several known MS associations (HLA-DR15, P = 7.0 x 10(-184); CD58, P = 9.6 x 10(-8); EVI5-RPL5, P = 2.5 x 10(-6); IL2RA, P = 7.4 x 10(-6); CLEC16A, P = 1.1 x 10(-4); IL7R, P = 1.3 x 10(-3); TYK2, P = 3.5 x 10(-3)) and observed a statistical interaction between SNPs in EVI5-RPL5 and HLA-DR15 (P = 0.001).

Phase III study of matrix metalloproteinase inhibitor prinomastat in non-small-cell lung cancer

Purpose: Matrix metalloproteinases (MMPs) degrade extracellular proteins and facilitate tumor growth, invasion, metastasis, and angiogenesis. This trial was undertaken to determine the effect of prinomastat, an inhibitor of selected MMPs, on the survival of patients with advanced non-small-cell lung cancer (NSCLC), when given in combination with gemcitabine-cisplatin chemotherapy. Patients and Methods: Chemotherapy-naive patients were randomly assigned to receive prinomastat 15 mg or placebo twice daily orally continuously, in combination with gemcitabine 1,250 mg/m2 days 1 and 8 plus cisplatin 75 mg/m2 day 1, every 21 days for up to six cycles. The planned sample size was 420 patients. Results: Study results at an interim analysis and lack of efficacy in another phase III trial prompted early closure of this study. There were 362 patients randomized (181 on prinomastat and 181 on placebo). One hundred thirty-four patients had stage IIIB disease with T4 primary tumor, 193 had stage IV disease, and 34 had recurrent disease (one enrolled patient was ineligible with stage IIIA disease). Overall response rates for the two treatment arms were similar (27% for prinomastat v 26% for placebo; P = .81). There was no difference in overall survival or time to progression; for prinomastat versus placebo patients, the median overall survival times were 11.5 versus 10.8 months (P = .82), 1-year survival rates were 43% v 38% (P = .45), and progression-free survival times were 6.1 v 5.5 months (P = .11), respectively. The toxicities of prinomastat were arthralgia, stiffness, and joint swelling. Treatment interruption was required in 38% of prinomastat patients and 12% of placebo patients. Conclusion: Prinomastat does not improve the outcome of chemotherapy in advanced NSCLC. © 2005 by American Society of Clinical Oncology.

Poisoned GOOSE : exploiting the GOOSE protocol

This paper presents a vulnerability within the generic object oriented substation event (GOOSE) communication protocol. It describes an exploit of the vulnerability and proposes a number of attack variants. The attacks sends GOOSE frames containing higher status numbers to the receiving intelligent electronic device (IED). This prevents legitimate GOOSE frames from being processed and effectively causes a hijacking of the communication channel, which can be used to implement a denial–of–service (DoS) or manipulate the subscriber (unless a status number roll-over occurs). The authors refer to this attack as a poisoning of the subscriber. A number of GOOSE poisoning attacks are evaluated experimentally on a test bed and demonstrated to be successful.

Practical Modbus flooding attack and detection

The Modicon Communication Bus (Modbus) protocol is one of the most commonly used protocols in industrial control systems. Modbus was not designed to provide security. This paper confirms that the Modbus protocol is vulnerable to flooding attacks. These attacks involve injection of commands that result in disrupting the normal operation of the control system. This paper describes a set of experiments that shows that an anomaly-based change detection algorithm and signature-based Snort threshold module are capable of detecting Modbus flooding attacks. In comparing these intrusion detection techniques, we find that the signature-based detection requires a carefully selected threshold value, and that the anomaly-based change detection algorithm may have a short delay before detecting the attacks depending on the parameters used. In addition, we also generate a network traffic dataset of flooding attacks on the Modbus control system protocol.

The power of hands-on exercises in SCADA cyber security education

For decades Supervisory Control and Data Acquisition (SCADA) and Industrial Control Systems (ICS) have used computers to monitor and control physical processes in many critical industries, including electricity generation, gas pipelines, water distribution, waste treatment, communications and transportation. Increasingly these systems are interconnected with corporate networks via the Internet, making them vulnerable and exposed to the same risks as those experiencing cyber-attacks on a conventional network. Very often SCADA networks services are viewed as a specialty subject, more relevant to engineers than standard IT personnel. Educators from two Australian universities have recognised these cultural issues and highlighted the gap between specialists with SCADA systems engineering skills and the specialists in network security with IT background. This paper describes a learning approach designed to help students to bridge this gap, gain theoretical knowledge of SCADA systems' vulnerabilities to cyber-attacks via experiential learning and acquire practical skills through actively participating in hands-on exercises.

Consumer perceptions of medication warnings about driving : a comparison of French and Australian labels

OBJECTIVE Little research has examined user perceptions of medication warnings about driving. Consumer perceptions of the Australian national approach to medication warnings about driving are examined. The Australian approach to warning presentation is compared with an alternative approach used in France. Visual characteristics of the warnings and overall warning readability are investigated. Risk perceptions and behavioral intentions associated with the warnings are also examined. METHOD Surveys were conducted with 358 public hospital outpatients in Queensland, Australia. Extending this investigation is a supplementary comparison study of French hospital outpatients (n = 75). RESULTS The results suggest that the Australian warning approach of using a combination of visual characteristics is important for consumers but that the use of a pictogram could enhance effects. Significantly higher levels of risk perception were found among the sample for the French highest severity label compared to the analogous mandatory Australian warning, with a similar trend evident in the French study results. The results also indicated that the French label was associated with more cautious behavioral intentions. CONCLUSION The results are potentially important for the Australian approach to medication warnings about driving impairment. The research contributes practical findings that can be used to enhance the effectiveness of warnings and develop countermeasures in this area. Hospital pharmacy patients should include persons with the highest level of likelihood of knowledge and awareness of medication warning labeling. Even in this context it appears that a review of the Australian warning system would be useful particularly in the context of increasing evidence relating to associated driving risks. Reviewing text size and readability of messages including the addition of pictograms, as well as clarifying the importance of potential risk in a general community context, is recommended for consideration and further research.

Typology of phishing email victims based on their behavioural response

A victim of phishing emails could be subjected to money loss and identity theft. This paper investigates the different types of phishing email victims, with the goal of increasing such victims' defences. To obtain this kind of information, an experiment which involves sending a phishing email to participants is conducted. Quantitative and qualitative methods are also used to collect users' information. A model for detecting deception has been employed to understand victims' behaviour. This paper reports the qualitative results. The findings suggest that victims of phishing emails do not always exhibit the same vulnerability. The cause of being a victim is a result of three weaknesses in the detection process: (1) lack of knowledge; (2) weak confirmation channel, and; (3) victims' high propensity towards risk-taking. Therefore, it is suggested that users be provided with suitable confirmation channels and be more risk averse in their behaviour so that they would not fall victim to phishing emails.

Cyber security of networked critical infrastructures [Guest Editorial]

A new era of cyber warfare has appeared on the horizon with the discovery and detection of Stuxnet. Allegedly planned, designed, and created by the United States and Israel, Stuxnet is considered the first known cyber weapon to attack an adversary state. Stuxnet's discovery put a lot of attention on the outdated and obsolete security of critical infrastructure. It became very apparent that electronic devices that are used to control and operate critical infrastructure like programmable logic controllers (PLCs) or supervisory control and data acquisition (SCADA) systems lack very basic security and protection measures. Part of that is due to the fact that when these devices were designed, the idea of exposing them to the Internet was not in mind. However, now with this exposure, these devices and systems are considered easy prey to adversaries.

Security analysis of the non-aggressive challenge response of the DNP3 Protocol using a CPN Model

Distributed Network Protocol Version 3 (DNP3) is the de-facto communication protocol for power grids. Standard-based interoperability among devices has made the protocol useful to other infrastructures such as water, sewage, oil and gas. DNP3 is designed to facilitate interaction between master stations and outstations. In this paper, we apply a formal modelling methodology called Coloured Petri Nets (CPN) to create an executable model representation of DNP3 protocol. The model facilitates the analysis of the protocol to ensure that the protocol will behave as expected. Also, we illustrate how to verify and validate the behaviour of the protocol, using the CPN model and the corresponding state space tool to determine if there are insecure states. With this approach, we were able to identify a Denial of Service (DoS) attack against the DNP3 protocol.

Analysis of two authorization protocols using Colored Petri Nets

To prevent unauthorized access to protected trusted platform module (TPM) objects, authorization protocols, such as the object-specific authorization protocol (OSAP), have been introduced by the trusted computing group (TCG). By using OSAP, processes trying to gain access to the protected TPM objects need to prove their knowledge of relevant authorization data before access to the objects can be granted. Chen and Ryan’s 2009 analysis has demonstrated OSAP’s authentication vulnerability in sessions with shared authorization data. They also proposed the Session Key Authorization Protocol (SKAP) with fewer stages as an alternative to OSAP. Chen and Ryan’s analysis of SKAP using ProVerif proves the authentication property. The purpose of this paper was to examine the usefulness of Colored Petri Nets (CPN) and CPN Tools for security analysis. Using OSAP and SKAP as case studies, we construct intruder and authentication property models in CPN. CPN Tools is used to verify the authentication property using a Dolev–Yao-based model. Verification of the authentication property in both models using the state space tool produces results consistent with those of Chen and Ryan.

Your Loss is Our Gain

2 x 2.5 metre text based wall painting with a hidden automatic air freshener timed to spray every 60 seconds. The work formed part of a group exhibition that dealt with Humour,Politics and Art. It was part of a series of ongoing works made under the pseudonym Eve Roleston. Roleston is part of a trio of pseudonyms I use, the others being Ernesto Love, and Ernest Olove, to explore the research potential of the fictocritical in a visual arts practice.This forms part of an ongoing body of practice-led research undertaken in my PhD dealing with reconfiguring the relationship between art and politics.

World peace for video art

A single channel video projection with image, text and sound components. It was projected so as entirely fill a 3 x 3.5 wall in a 6 x 3.5 metre gallery space. The work deals with the role of humour and the fictocritical in exploring the relationship between politics and art.