CERIAS Weekly Security Seminar - Purdue University
1,161 episodes - English - Latest episode: about 1 month ago - ★★★★ - 6 ratingsCERIAS -- the Nation's top-ranked interdisciplinary academic education and research institute -- hosts a weekly cyber security, privacy, resiliency or autonomy speaker, highlighting technical discovery, a case studies or exploring cyber operational approaches; they are not product demonstrations, service sales pitches, or company recruitment presentations. Join us weekly...or explore 25 years of archives for the who's-who in cybersecurity.
Homepage Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Episodes
Ninghui Li, Membership Privacy: A Unifying Framework For Privacy Definitions
October 30, 2013 20:30 - 50 minutes - 146 MB VideoData collected by organizations and agencies are a key resourcein today's information age. The use of sophisticated data mining techniquesmakes it possible to extract relevant knowledge that can then be used for avariety of purposes, such as research, developing innovative technologiesand services, intelligence and counter-terrorism operations, and providinginputs to public policy making. However the disclosure of those data posesserious threats to individual privacy. In this talk, we presen...
Daniel DeLaurentis, Systems of Systems: Opportunities and Challenges
October 23, 2013 20:30 - 51 minutes - 143 MB VideoWhat are Systems of Systems? Why are we interested in them? What about them vex us? These topics will be addressed in this overview talk along with emphasis on the analysis of vulnerabilities in SoS Architectures. Our particular work targets advancements in the modeling and analysis of System of Systems (SoS), in particular to support systems engineering activities associated with architecture design, evolution, and operational assessment. We analyze dynamic impacts of interdependencies and u...
Daniel DeLaurentis, "Systems of Systems: Opportunities and Challenges"
October 23, 2013 20:30 - 143 MB VideoWhat are Systems of Systems? Why are we interested in them? What about them vex us? These topics will be addressed in this overview talk along with emphasis on the analysis of vulnerabilities in SoS Architectures. Our particular work targets advancements in the modeling and analysis of System of Systems (SoS), in particular to support systems engineering activities associated with architecture design, evolution, and operational assessment. We analyze dynamic impacts of interdependenci...
Paul Thompson, "The Durkheim Project: Privacy Considerations in Predicting Military and Veteran Suicide Risk"
September 25, 2013 20:30 - 123 MB VideoThe DARPA Detection and Computational Analysis of Psychological Signals (DCAPS) program provided initial funding for the Durkheim Project. While DCAPS as a whole addressed PTSD, the Durkheim Project sought to predict military and veteran suicide risk. We developed a clinician's dashboard, which presents suicide risk predictions for the clinician's patients based on analysis of: a) free text portions of VA medical records and, b) opt-in social media postings. Dartmouth's Committee for ...
Paul Thompson, The Durkheim Project: Privacy Considerations in Predicting Military and Veteran Suicide Risk
September 25, 2013 20:30 - 45 minutes - 123 MB VideoThe DARPA Detection and Computational Analysis of Psychological Signals (DCAPS) program provided initial funding for the Durkheim Project. While DCAPS as a whole addressed PTSD, the Durkheim Project sought to predict military and veteran suicide risk. We developed a clinician's dashboard, which presents suicide risk predictions for the clinician's patients based on analysis of: a) free text portions of VA medical records and, b) opt-in social media postings. Dartmouth's Committee for the P...
Mark Crosbie, Tim Tickel, Four Flynn, "Protecting a billion identities without losing (much) sleep"
September 18, 2013 20:30 - 174 MB VideoThe Facebook security team will share how we approach the security challenges involved in protecting the identities of over a billion users on our site. This talk is partly about our culture, and partly on how we take a practical, risk-based approach to security. In the first part of the talk Mark Crosbie will give an overview of our culture, how we think about security and what makes Facebook unique in the industry in this regard. Then Tim Tickel and Four Flynn will give an in-...
Mark Crosbie, Tim Tickel, Four Flynn, Protecting a billion identities without losing (much) sleep
September 18, 2013 20:30 - 47 minutes - 174 MB VideoThe Facebook security team will share how we approach the securitychallenges involved in protecting the identities of over a billion userson our site. This talk is partly about our culture, and partly on how wetake a practical, risk-based approach to security. In the first part ofthe talk Mark Crosbie will give an overview of our culture, how we thinkabout security and what makes Facebook unique in the industry in thisregard. Then Tim Tickel and Four Flynn will give an in-depth look atFaceboo...
Mark Crosbie, Tim Tickel, Four Flynn, " Protecting a billion identities without losing (much) sleep"
September 18, 2013 19:30 - 174 MB VideoThe Facebook security team will share how we approach the security challenges involved in protecting the identities of over a billion users on our site. This talk is partly about our culture, and partly on how we take a practical, risk-based approach to security. In the first part of the talk Mark Crosbie will give an overview of our culture, how we think about security and what makes Facebook unique in the industry in this regard. Then Tim Tickel and Four Flynn will give a...
John Butterworth, "BIOS Chronomancy: Using Timing-Based Attestation to Detect Firmware Rootkits"
September 04, 2013 20:30 - 133 MB VideoIn 2011 the National Institute of Standard and Technology (NIST) released a draft of special publication 800-155. This document provides a more detailed description than the Trusted Platform Module (TPM) PC client specification for content that should be measured in the BIOS to provide an adequate Static Root of Trust for Measurement (SRTM). In this talk we look at the implementation of the SRTM from a Dell Latitude E6400 laptop. I'll discuss a couple ways that an attacker can g...
John Butterworth, BIOS Chronomancy: Using Timing-Based Attestation to Detect Firmware Rootkits
September 04, 2013 20:30 - 51 minutes - 133 MB VideoIn 2011 the National Institute of Standard and Technology (NIST) released a draft of special publication 800-155. This document provides a more detailed description than the Trusted Platform Module (TPM) PC client specification for content that should be measured in the BIOS to provide an adequate Static Root of Trust for Measurement (SRTM). In this talk we look at the implementation of the SRTM from a Dell Latitude E6400 laptop.I'll discuss a couple ways that an attacker can gain access to t...
Keith Watson, "Information Security Challenges in an Academic Environment"
August 28, 2013 20:30 - 129 MB VideoThe university environment has unique challenges for information security. Just as corporate networks have exploded in size, services, users, and devices, university networks also have a continually changing and diverse user population, an open network that encourages collaboration, intellectual property that has requirements to be shared as well as protected, and budgetary constraints that reduce services or move data outside of the university. This talk will explore some of these is...
Keith Watson, Information Security Challenges in an Academic Environment
August 28, 2013 20:30 - 39 minutes - 129 MB VideoThe university environment has unique challenges for information security. Just as corporate networks have exploded in size, services, users, and devices, university networks also have a continually changing and diverse user population, an open network that encourages collaboration, intellectual property that has requirements to be shared as well as protected, and budgetary constraints that reduce services or move data outside of the university. This talk will explore some of these issues. Ab...
Jarek Duda, "New possibilities of steganography based on Kuznetsov-Tsybakov problem"
August 21, 2013 20:30 - 126 MB VideoTo hide information within a picture we usually replace the least significant bits. This approach is no longer available if there is only 1 bit/pixel like for Quick Response Codes we meet everyday now. I will talk about theoretical limitation and practical aspects of hiding information in such situations: by generating encoding sequences fulfilling given constraints, for example to enforce resemblance to given picture (grayness of pixel defines probability of using "1" there). If the ...
Jarek Duda, New possibilities of steganography based on Kuznetsov-Tsybakov problem
August 21, 2013 20:30 - 43 minutes - 126 MB VideoTo hide information within a picture we usually replace the least significant bits. This approach is no longer available if there is only 1 bit/pixel like for Quick Response Codes we meet everyday now. I will talk about theoretical limitation and practical aspects of hiding information in such situations: by generating encoding sequences fulfilling given constraints, for example to enforce resemblance to given picture (grayness of pixel defines probability of using "1" there). If the receiver...
David Pisano, Identity-Based Internet Protocol Network
April 24, 2013 20:30 - 29 minutes - 81 MB VideoThe Identity-Based Internet Protocol (IBIP) Network project is experimenting with a new enterprise oriented network architecture using standard Internet Protocol to encode identity (ID) information into the IP packet by a new edge security device referred to as the IBIP policy enforcement point (PEP). This is a variant of a network admission control process that establishes user and host identities as well as provides optional information on host visibility, organizational affiliation, curren...
David Pisano, "Identity-Based Internet Protocol Network"
April 24, 2013 20:30 - 81 MB VideoThe Identity-Based Internet Protocol (IBIP) Network project is experimenting with a new enterprise oriented network architecture using standard Internet Protocol to encode identity (ID) information into the IP packet by a new edge security device referred to as the IBIP policy enforcement point (PEP). This is a variant of a network admission control process that establishes user and host identities as well as provides optional information on host visibility, organizational affiliation...
Rahul Potharaju, "Towards Automated Problem Inference from Trouble Tickets"
April 17, 2013 20:30 - 165 MB VideoThe growing demand for cloud services is driving the need to deliver an always-on and safe user experience in accessing their data and applications. Examples include web search, social networking, email, ecommerce, video streaming, data analytics and even mission-critical services such as power grid control. Such environments are required to be highly available and secure. This is often satisfied by having experts monitoring the system 24x7 to ensure that problems, if any, are resolve...
Rahul Potharaju, Towards Automated Problem Inference from Trouble Tickets
April 17, 2013 20:30 - 49 minutes - 165 MB VideoThe growing demand for cloud services is driving the need to deliver an always-on and safe user experience in accessing their data and applications. Examples include web search, social networking, email, ecommerce, video streaming, data analytics and even mission-critical services such as power grid control. Such environments are required to be highly available and secure. This is often satisfied by having experts monitoring the system 24x7 to ensure that problems, if any, are resolved within...
Aaron Massey, Regulatory Compliance Software Engineering
March 27, 2013 20:30 - 49 minutes - 125 MB VideoLaws and regulations safeguard citizens' security and privacy. For example, the Health Insurance Portability and Accountability Act of 1996 (HIPAA) governs the security and privacy of electronic health records (EHR) systems. HIPAA violations can result in millions of dollars in penalties for non-compliance. Ensuring EHR systems are legally compliant is challenging for software engineers because the laws and regulations governing EHR systems are written by policymakers with little to no unders...
Aaron Massey, "Regulatory Compliance Software Engineering"
March 27, 2013 20:30 - 125 MB VideoLaws and regulations safeguard citizens’ security and privacy. For example, the Health Insurance Portability and Accountability Act of 1996 (HIPAA) governs the security and privacy of electronic health records (EHR) systems. HIPAA violations can result in millions of dollars in penalties for non-compliance. Ensuring EHR systems are legally compliant is challenging for software engineers because the laws and regulations governing EHR systems are written by policymakers with little to n...
Kristin Heckman, Active Cyber Network Defense with Denial and Deception
March 20, 2013 20:30 - 55 minutes - 170 MB VideoIn January 2012, MITRE performed a real-time, red team/blue team cyber-wargame experiment. This presented the opportunity to blend cyber-warfare with traditional mission planning and execution, including denial and deception tradecraft. The cyber-wargame was designed to test a dynamic network defense cyber-security platform being researched in The MITRE Corporation's Innovation Program called Blackjack, and to investigate the utility of using denial and deception to enhance the defense of inf...
Kristin Heckman, "Active Cyber Network Defense with Denial and Deception"
March 20, 2013 20:30 - 170 MB VideoIn January 2012, MITRE performed a real-time, red team/blue team cyber-wargame experiment. This presented the opportunity to blend cyber-warfare with traditional mission planning and execution, including denial and deception tradecraft. The cyber-wargame was designed to test a dynamic network defense cyber-security platform being researched in The MITRE Corporation’s Innovation Program called Blackjack, and to investigate the utility of using denial and deception to enhance the defens...
Emiliano DeCristofaro, "Whole Genome Sequencing: Innovation Dream or Privacy Nightmare?"
March 06, 2013 21:30 - 148 MB VideoRecent advances in DNA sequencing technologies have put ubiquitous availability of whole human genomes within reach. It is no longer hard to imagine the day when everyone will have the means to obtain and store one's own DNA sequence. Widespread and affordable availability of whole genomes immediately opens up important opportunities in a number of health-related fields. In particular, common genomic applications and tests performed in vitro today will soon be conducted computationall...
Emiliano DeCristofaro, Whole Genome Sequencing: Innovation Dream or Privacy Nightmare?
March 06, 2013 21:30 - 1 hour - 148 MB VideoRecent advances in DNA sequencing technologies have put ubiquitous availability of whole human genomes within reach. It is no longer hard to imagine the day when everyone will have the means to obtain and store one's own DNA sequence. Widespread and affordable availability of whole genomes immediately opens up important opportunities in a number of health-related fields. In particular, common genomic applications and tests performed in vitro today will soon be conducted computationally, using...
Weining Yang, Minimizing Private Data Disclosures in the Smart Grid
February 20, 2013 21:30 - 48 minutes - 104 MB VideoSmart electric meters are meters that can measure electric usage with a pretty high frequency. Smart electric meters pose a substantial threat to the privacy of individuals in their own homes. Combined with a method called non-intrusive load monitors, smart meter data can reveal precise home appliance usage information. An emerging solution to behavior leakage in smart meter measurement data is the use of battery-based load hiding. In this approach, a battery is used to store and supply power...
Weining Yang, "Minimizing Private Data Disclosures in the Smart Grid"
February 20, 2013 21:30 - 104 MB VideoSmart electric meters are meters that can measure electric usage with a pretty high frequency. Smart electric meters pose a substantial threat to the privacy of individuals in their own homes. Combined with a method called non-intrusive load monitors, smart meter data can reveal precise home appliance usage information. An emerging solution to behavior leakage in smart meter measurement data is the use of battery-based load hiding. In this approach, a battery is used to store and supp...
Rahul Potharaju, "I'm not stealing, I'm merely borrowing - Plagiarism in Smartphone App Markets"
February 13, 2013 21:30 - 161 MB VideoPlagiarism is the copying of another party's ideas and passing them off as your own. In the world of smartphone app-markets, this is usually followed by confusion for the buyers (users) and lost sales for the original developer. In some cases, these plagiarized applications act as carriers for malware that can steal your bank details or leak your private information to third-parties. While closed markets such as Apple's AppStore and Windows Marketplace mitigate this problem to some ex...
Rahul Potharaju, I'm not stealing, I'm merely borrowing - Plagiarism in Smartphone App Markets
February 13, 2013 21:30 - 57 minutes - 161 MB VideoPlagiarism is the copying of another party's ideas and passing them off as your own. In the world of smartphone app-markets, this is usually followed by confusion for the buyers (users) and lost sales for the original developer. In some cases, these plagiarized applications act as carriers for malware that can steal your bank details or leak your private information to third-parties. While closed markets such as Apple's AppStore and Windows Marketplace mitigate this problem to some extent thr...
Chris Gates, "Using Probabilistic Generative Models for Ranking Risks of Android Apps"
February 06, 2013 21:30 - 161 MB VideoOne of Android's main defense mechanisms against malicious apps is a risk communication mechanism which, before a user installs an app, warns the user about the permissions the app requires, trusting that the user will make the right decision. This approach has been shown to be ineffective as it presents the risk information of each app in a “stand-alone” fashion and in a way that requires too much technical knowledge and time to distill useful information. We introduce the notion of...
Chris Gates, Using Probabilistic Generative Models for Ranking Risks of Android Apps
February 06, 2013 21:30 - 47 minutes - 161 MB VideoOne of Android's main defense mechanisms against malicious apps is a risk communication mechanism which, before a user installs an app, warns the user about the permissions the app requires, trusting that the user will make the right decision. This approach has been shown to be ineffective as it presents the risk information of each app in a "stand-alone" fashion and in a way that requires too much technical knowledge and time to distill useful information.We introduce the notion of risk scor...
Christian F. Hempelmann, A Semantic Baseline for Spam Filtering
January 30, 2013 21:30 - 56 minutes - 264 MB VideoThis paper presents a meaning-based method to spam filtering by distinguishing text without content from text with little content from text with normal content, based on the amount of meaning that can be automatically processed in the way humans do. The basic method assumes that a semantic analyzer will be able to produce less output from semantically less grammatical input text than from semantically well-formed text. The method was pilot-tested on a corpus of blog spam. Future improvements,...
Christian F. Hempelmann, "A Semantic Baseline for Spam Filtering"
January 30, 2013 21:30 - 264 MB VideoThis paper presents a meaning-based method to spam filtering by distinguishing text without content from text with little content from text with normal content, based on the amount of meaning that can be automatically processed in the way humans do. The basic method assumes that a semantic analyzer will be able to produce less output from semantically less grammatical input text than from semantically well-formed text. The method was pilot-tested on a corpus of blog spam. Future impro...
Wahbeh Qardaji, Differentially Private Publishing of Geospatial Data
January 23, 2013 21:30 - 59 minutes - 168 MB VideoWe interact with location-aware devices on a daily basis. Such devices range from GPS-enabled cell-phones and tablets, to navigation systems. Each device can report a multitude of location data to centralized servers. Such location information, commonly referred to as geospatial data, can have tremendous benefits if properly processed and analyzed. If shared, such geo-spatial data can have significant impact for research and other uses. Sharing such information, however, can have significant ...
Wahbeh Qardaji, "Differentially Private Publishing of Geospatial Data"
January 23, 2013 21:30 - 168 MB VideoWe interact with location-aware devices on a daily basis. Such devices range from GPS-enabled cell-phones and tablets, to navigation systems. Each device can report a multitude of location data to centralized servers. Such location information, commonly referred to as geospatial data, can have tremendous benefits if properly processed and analyzed. If shared, such geo-spatial data can have significant impact for research and other uses. Sharing such information, however, can have sign...
Bilal Shebaro, You are Anonymous!!! Then you must be Lucky
December 05, 2012 21:30 - 56 minutes - 220 MB VideoServices like online banking require high confidentiality due to the sensitivity of the data being transfered. As a result, online users have turned to anonymity services which offer identity protection and secure communication in their web transactions. While these services are secure and trustworthy, their popularity has attracted many attacks which result in the identification of the users. In addition, online applications are not developed with the users' anonymity in mind, which opens do...
Bilal Shebaro, "You are Anonymous!!! Then you must be Lucky"
December 05, 2012 21:30 - 220 MB VideoServices like online banking require high confidentiality due to the sensitivity of the data being transfered. As a result, online users have turned to anonymity services which offer identity protection and secure communication in their web transactions. While these services are secure and trustworthy, their popularity has attracted many attacks which result in the identification of the users. In addition, online applications are not developed with the users' anonymity in mind, which ...
Ashish Kundu, A New Class of Buffer Overflow Attacks
November 28, 2012 21:30 - 55 minutes - 316 MB VideoIn this talk, we focus on a class of buffer overflow vulnerabilities that occur due to the "placement new" expression in C++. "Placement new" facilitates placement of an object/array at a specific memory location. When appropriate bounds checking is not in place, object overflows may occur. Such overflows can lead to stack as well as heap/data/bss overflows, which can be exploited by attackers in order to carry out the entire range of attacks associated with buffer overflow. Unfortunately, bu...
Ashish Kundu, "A New Class of Buffer Overflow Attacks"
November 28, 2012 21:30 - 316 MB VideoIn this talk, we focus on a class of buffer overflow vulnerabilities that occur due to the "placement new" expression in C++. "Placement new" facilitates placement of an object/array at a specific memory location. When appropriate bounds checking is not in place, object overflows may occur. Such overflows can lead to stack as well as heap/data/bss overflows, which can be exploited by attackers in order to carry out the entire range of attacks associated with buffer overflow. Unfortuna...
Hal Aldridge, Not the Who but the What -- New applications of Hardware Identity
November 14, 2012 21:30 - 42 minutes - 147 MB VideoAn essential part of security is controlling access. Traditional access control depends on the a person's ability to prove their identity and the access control system's ability to verify their identity. For computer access, a person usually carries some combination of methods to prove their identity (password, token, and/or biometric). What if a thing needs access instead of a person? It is easy enough to embed a secret into software or hardware so a device can identify itself, but how ...
Hal Aldridge, "Not the Who but the What -- New applications of Hardware Identity"
November 14, 2012 21:30 - 147 MB VideoAn essential part of security is controlling access. Traditional access control depends on the a person's ability to prove their identity and the access control system's ability to verify their identity. For computer access, a person usually carries some combination of methods to prove their identity (password, token, and/or biometric). What if a thing needs access instead of a person? It is easy enough to embed a secret into software or hardware so a device can identify itself, but h...
Jianneng Cao, Publishing Microdata with a Robust Privacy Guarantee
November 07, 2012 21:30 - 54 minutes - 444 MB VideoToday, the publication of microdata poses a privacy threat. Vast research has striven to define the privacy condition that microdata should satisfy before it is released, and devise algorithms to anonymize the data so as to achieve this condition. Yet, no method proposed to date explicitly bounds the percentage of information an adversary gains after seeing the published data for each sensitive value therein. This paper introduces \beta-likeness, an appropriately robust privacy model for micr...
Jianneng Cao, "Publishing Microdata with a Robust Privacy Guarantee"
November 07, 2012 21:30 - 444 MB VideoToday, the publication of microdata poses a privacy threat. Vast research has striven to define the privacy condition that microdata should satisfy before it is released, and devise algorithms to anonymize the data so as to achieve this condition. Yet, no method proposed to date explicitly bounds the percentage of information an adversary gains after seeing the published data for each sensitive value therein. This paper introduces \beta-likeness, an appropriately robust privacy model ...
Vaibhav Garg, Risk perception of information security risks online
October 31, 2012 20:30 - 1 hour - 446 MB VideoPerceived risk is informed by a myriad of affectiveassessments, nine of which have been examined rigorously for offlinerisk decisions. Is the risk voluntarily taken? Is the impact of therisk immediate or delayed? Does the individual understand theimplications of the risk? What is the perceived effectiveness ofexpert systems/judgments? Does the risk appear controllable? Is therisk new or old? Is it commonly encountered or rarely available? Doesit impact individuals or communities? How severe a...
Vaibhav Garg, "Risk perception of information security risks online"
October 31, 2012 20:30 - 446 MB VideoPerceived risk is informed by a myriad of affective assessments, nine of which have been examined rigorously for offline risk decisions. Is the risk voluntarily taken? Is the impact of the risk immediate or delayed? Does the individual understand the implications of the risk? What is the perceived effectiveness of expert systems/judgments? Does the risk appear controllable? Is the risk new or old? Is it commonly encountered or rarely available? Does it impact individuals or com...
Mark Guido, Detecting Maliciousness Using Periodic Mobile Forensics
October 24, 2012 20:30 - 53 minutes - 446 MB VideoAndroid Phones are becoming more pervasive at MITRE's customers without any means of measuring malicious user or application behavior. More sensitive information is becoming accessible on these phones, while users have access to this data even in the most insecure of places. Without an enterprise monitoring strategy for these mobile devices, sponsors do not have the necessary data to determine when a compromise has occurred. This exposure to a user's or a malicious application's actions could...
Mark Guido, "Detecting Maliciousness Using Periodic Mobile Forensics"
October 24, 2012 20:30 - 446 MB VideoAndroid Phones are becoming more pervasive at MITRE's customers without any means of measuring malicious user or application behavior. More sensitive information is becoming accessible on these phones, while users have access to this data even in the most insecure of places. Without an enterprise monitoring strategy for these mobile devices, sponsors do not have the necessary data to determine when a compromise has occurred. This exposure to a user's or a malicious application's actio...
Edmund Jones, "The Boeing Company"
October 17, 2012 20:30 - 443 MB VideoIn this talk EJ will be speaking about a security development lifecycle necessary to address vulnerabilities in complex systems. The need for software security is clear in today's cyber world. He will be talking about the steps necessary to ensure a high level of assurance in systems to identify, mitigate, and control threats and vulnerabilities. He will be going beyond the traditional software security development lifecycle and bring real world examples. EJ is an engaging speaker so ...
Edmund Jones, The Boeing Company
October 17, 2012 20:30 - 56 minutes - 443 MB VideoIn this talk EJ will be speaking about a security development lifecycle necessary to address vulnerabilities in complex systems. The need for software security is clear in today's cyber world. He will be talking about the steps necessary to ensure a high level of assurance in systems to identify, mitigate, and control threats and vulnerabilities. He will be going beyond the traditional software security development lifecycle and bring real world examples. EJ is an engaging speaker so bring y...
Chris Kanich, "Understanding Spam Economics"
October 10, 2012 20:30 - 445 MB VideoOver the past two decades, the Internet has become an essential tool in the lives of millions of people. Unfortunately, this success has also attracted cybercriminals who exploit the Internet as a platform for illicit gain. Perhaps the most familiar scam is sending unsolicited advertisements (spam), clogging inboxes and putting people's computers at risk of dangerous malware infections. Understanding the mechanisms and effectiveness of these scams is essential to building effective co...
Chris Kanich, Understanding Spam Economics
October 10, 2012 20:30 - 57 minutes - 445 MB VideoOver the past two decades, the Internet has become an essential tool in the lives of millions of people. Unfortunately, this success has also attracted cybercriminals who exploit the Internet as a platform for illicit gain. Perhaps the most familiar scam is sending unsolicited advertisements (spam), clogging inboxes and putting people's computers at risk of dangerous malware infections. Understanding the mechanisms and effectiveness of these scams is essential to building effective counterme...