Domain: cranor.org
Stories and comments across the archive that link to cranor.org.
Comments · 7
-
Scientific Studies on Protecting People from Phish
I wrote up an article in Communications of the ACM about a year ago summarizing the state of phishing attacks.
My colleagues and I have also studied phishing extensively and have the most comprehensive peer-reviewed body of work in this area. Our studies include understanding why people fall for phishing attacks (PDF), evaluating how well simulated phishing attacks work (PDF) (the short answer is quite well, based on a study of 500 people), designing and evaluating a micro game teaching people about URLs works (PDF) (empirically tested with several thousand people), and more.
We've also commercialized our work, in terms of a service for simulated phishing attacks, the micro game for anti-phishing, and more.
Also, to anyone saying "people are stupid" or "they deserve to get malware", you really are part of the problem. It's our job to protect people, to reduce complexity, and to ensure the safety of our systems and networks. Arrogantly dismissing others as being inferior or stupid is one reason why computer security, user interfaces, and software in general is in the state it is.
-
UVM ?(Quoted from "Zero-Copy Data Movement Mechanisms for UVM" (Postscript, severely Googlarbled HTML rendition)
4.2.2 Disposing of Transfered Data
Processes receiving data via page transfer need to release these pages when they are no longer needed in order to avoid accumulating too much memory. This can be done in three ways. First, a process may unmap transferred data using the standard munmap system call. A problem with this is that munmap will free both the transfered anons andthe amap containing them. This forces UVM to allocate a new amap the next time pages are transfered to to the same virtual space. A second way to dispose of transfered data is to use the new anflush system call. This system call removes anons from a specified virtual address range without freeing the amap allocated to it. This allows the amap to be reused for future transfers. The final way to dispose of transfered data is to push the anon pages down into the object mapping layer. This can be done either by donating the ownership of the anons' pages to an object (establishinga loanout relationship between the anon and the object), or by freeing the anons and inserting the pages into an object.
(end quote)
Isn't this what BSD folks are looking for to counter the threat of the Menacing Penguin? All your COWs are belong to UVM!
Seriously, I could find very little information on the elusive anflush() system call, and I've got no access to a NetBSD source tree to grep through. Does it even actually exist? -
Re:Hey! Shortsighted people!Well, that's where things get really weird. Robert J. Hall, the man whose name is listed on the patent, has written papers on filtering spam, by a method he called "channels" which looks like a variation of the Tagged Message Delivery Agent. And he's not the only AT&T employee that's written about spam filtering, either. There's another article by Lorrie F. Cranor.
It seems odd that someone who wrote a paper on an anti-spam technique in March 1998, would go on to patent an anti-anti-spam technique that wouldn't defeat the technique he discussed months ago. It's entirely possible that AT&T intends to use this to put spam software makers out of business, or at least make spams easier to detect.
-
URL for report
You can read the full report at http://lorrie.cranor.org/pubs/drm03.html
-
paper is here:
the nytimes article doesn't seem to link to the paper, which is here
-
Re:DVDsDid you read today's NY Times piece slamming Hollywood for their "it's not us, it's them" [nytimes.com] attitude on movie downloads really being an 'inside job'?
In their new study, AT&T Labs researchers found the following:
"We developed a data set of 312 popular movies and located one or more samples of 183 of these movies on file sharing networks, for a total of 285 movie samples. 77% of these samples appear to have been leaked by industry insiders."
Gee, big surprise.
-
Re:Solution
Anonymising the data makes it hard to ensure that everyone casts only one vote. Consider Slashdot polls an example.
There are possible ways around this, based on cryptographical methods. Take a look at this, for example.