WEIS 2011 :: Session 2 :: Identity :: Negative Information Looms Longer Than Positive Information

Laura Brandimarte Alessandro Acquisti Joachin Vosgerau Twitter transcript #weis2011 How does information related to past events and retrieved today get discounted? Why does neg valence receive more weight? #weis2011 how do we improve trustworthyness? #weis2011 “designers of modern tech do not understand human fallibility and design systems w/o taking them into account” < true #weis2011... Continue reading

WEIS 2011 :: Session 2 :: Identity :: Economic Tussles in Federated Identity Management

Susan Landau Tyler Moore Presentation [PDF] Tyler presented really well and it’s a great data set and problem to investigate. He & Susan shed a ton of light on an area most folks never think about. Well done. Twitter transcript #weis2011 this looks to be a “must read” resource for anyone embarking on a federated… Continue reading

WEIS 2011 :: Session 2 :: Identity :: Social Networks, Personalized Advertising & Privacy Controls

Catherine Tucker Presentation [PDF] Catherine’s talk was really good. She handled questions well and is a very dynamic speaker. I’m looking forward to the paper. Twitter transcript #weis2011 Premise of the study was to see what impact privacy controls enablement/usage have on advertising. It’s an empirical study #data! #weis2011 click through rates DOUBLED for personalized… Continue reading

WEIS 2011 :: Session 2 :: Identity :: The Inconvenient Truth About Web Certificates

Nevena Vratonjic Julien Freudiger Vincent Bindschaedler Jeane-Pierre Hubaux Presentation [PDF] Twitter transcript #weis2011 Overview of basic ssl/tls/https concepts. Asking: how prevalent is https, what are problems with https? #weis2011 Out of their large sample, only 1/3 (34.7%) have support for https, login is worse! only 22.6% < #data! #weis2011 (me) just like Microsoft for patches/vulns,… Continue reading

WEIS 2011 :: Session 1 :: Attacks :: The Underground Economy of Fake Antivirus Software

Brett Stone-Gross Ryan Abman Richard A. Kemmerer Christopher Kruegel Douglas G Steigerwald Presentation [PDF] Twitter transcript #weis2011 presenting analysis of *actual* data from 21 servers from 3 multi-million $ fake a/v ops!!! < #spiffy #weis2011 showing example of fake a/v exploit that was embedded in HTML. good walkthrough. useful slides for an orgs tech ed/brown... Continue reading

WEIS 2011 :: Session 1 :: Attacks :: Where Do All The Attacks Go?

Dinei Florncio Cormac Herley Presentation [PDF] Twitter transcript #weis2011 New threat model (that may scale). Rather than use individual users & attackers, use population of users, pop of attackers #weis2011 assumption/proposition: attacker attacks when Expected{gain} > Expected{loss} #weis2011 (me) more good math on the slides. using the populations, they made a probability model to predict… Continue reading

WEIS 2011 :: Session 1 :: Attacks :: The Impact of Immediate Disclosure on Attack Diffusion & Volume

Sam Ransbotham Sabayasachi Mitra Presentation [PDF] Twitter transcript #weis2011 Does immediate disclosure of vulns affect exploitation attempts? Looking at impact on risk/diffusion/volume #weis2011 speaker is presenting standard attack process & security processes timelines (slides will be in the blog post) #weis2011 the fundamental question is when from the vulnerability discovery to patch development is disclosure… Continue reading