users really do plug in usb drives they find
play

Users Really Do Plug in USB Drives They Find Matthew Tischer, Zakir - PowerPoint PPT Presentation

Aug 29, 2022 •203 likes •351 views

Users Really Do Plug in USB Drives They Find Matthew Tischer, Zakir Durumeric, Sam Foster, Sunny Duan, Alec Mori, Elie Bursztein, Michael Bailey Presented by: Tianyuan Liu Aug 30, 2016 Do NOT plug any USB drive you find on campus into your

  1. Users Really Do Plug in USB Drives They Find Matthew Tischer, Zakir Durumeric, Sam Foster, Sunny Duan, Alec Mori, Elie Bursztein, Michael Bailey Presented by: Tianyuan Liu Aug 30, 2016

  2. “Do NOT plug any USB drive you find on campus into your workstation.” -- Google Security Training 2

  3. Experimental Setup ● Dropping 297 USB drives on UIUC campus 30 locations ○ ○ 5 types ○ 2 times a day Appearances ● 3

  4. Experimental Setup ● .html files track when a file is opened 4

  5. Results 290/297 drives were picked up ● Files on 135/297(45%) drives ● were opened ● 58/135 took the survey Drives with return label showed ● less likely to be plugged in 5

  6. Data Interpretation -- Fisher’s Exact Test A diet example [1] P-value indicates how likely two datasets comes from the same distribution. E.g. Are male and female equally likely to be on a diet? 6 [1] Fisher's exact test, https://en.wikipedia.org/wiki/Fisher%27s_exact_test

  7. Data Interpretation -- Participants Assessment ● How vulnerable are the participants compared to general people? UIUC students and staffs ○ ● Baselines: DOSPERT [2] ○ ■ Risk taking and risk perception of 359 participants SeBIS [3] ○ ■ Security compliance of 3,619 participants ● Method ○ Reuse the same questions in the survey Compare results ○ [2] Blais, Ann-Renée, and Elke U. Weber. "A domain-specific risk-taking (DOSPERT) scale for adult populations." Judgment and Decision Making 1.1 (2006). 7 [3] Egelman, Serge, and Eyal Peer. "Scaling the security wall: Developing a security behavior intentions scale (sebis)." Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems . ACM, 2015.

  8. Example questions ● DOSPERT ○ Admitting that your tastes are different from those of a friend. ○ Betting a day's income at the horse races. ○ Drinking heavily at a social function. 8

  9. Example questions ● SeBIS ○ I frequently backup my computer. ○ I am careful to never share confidential documents stored on my home or work computers. ○ I never give out passwords over the phone. 9

  10. Data Interpretation -- Take Aways ● Participants are more risk averse than general population. (v.s. DOSPERT) ● The security behavior of participants is not significantly different from peer students. (v.s. SeBIS) 10

  11. Discussion 11

  12. Conclusion ● What are the key contributions? What is the limitation of this paper? ● ● Do you agree with the claims made in this paper? E.g. ○ Participants picking up the drives are altruistic and curious. ○ College students are more risk averse than general population. Social engineering attack will work on general people. ○ ● What would you do if you spot a USB drive somewhere? 12

  13. “If you do find a USB drive, turn it to security desk.” -- Google Security Training 13

  14. Thanks. 14

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Introducing OSGi Eclipse Plug-ins 1 Plug-in State Information Plug-in Structure

Introducing OSGi Eclipse Plug-ins 1 Plug-in State Information Plug-in Structure

Contents Eclipse Plug-ins Introducing OSGi Eclipse Plug-ins 1 Plug-in State Information Plug-in Structure Plug-in Deployment Eclipse Plug-ins Eclipse Plug-ins Eclipse isn't a single monolithic program, The behavior of

334 views • 4 slides
WALL PLUG PLUG-IN SWITCH & POWER METERING MANY FEATURES IN A SINGLE DEVICE The FIBARO Wall

WALL PLUG PLUG-IN SWITCH & POWER METERING MANY FEATURES IN A SINGLE DEVICE The FIBARO Wall

WALL PLUG PLUG-IN SWITCH & POWER METERING MANY FEATURES IN A SINGLE DEVICE The FIBARO Wall Plug is a remotely controlled plug-in switch with the built-in ability to measure power and energy consumption. FIBARO smart plug makes it possible

673 views • 21 slides
Plug-In Folly Part 5 by Pat Murphy, Plan Curtail Part 5A: Conclusion Plug-In Vehicles the

Plug-In Folly Part 5 by Pat Murphy, Plan Curtail Part 5A: Conclusion Plug-In Vehicles the

Plug-In Folly Part 5 by Pat Murphy, Plan Curtail Part 5A: Conclusion Plug-In Vehicles the Score C1 A 2012 Congressional Budget Office report on plug-ins says that the lifetime costs to consumers of an electric vehicle are generally

405 views • 9 slides
Plug into simplicity Bring people, content and The easiest way to share big ideas and watch them

Plug into simplicity Bring people, content and The easiest way to share big ideas and watch them

Plug into simplicity Bring people, content and The easiest way to share big ideas and watch them grow. When you plug into simplicity, you make it easier than ever to bring people, 94% content and ideas together. of users agree With

590 views • 20 slides
Knowtator A plug-in for creating training and evaluation data sets for Biomedical Natural

Knowtator A plug-in for creating training and evaluation data sets for Biomedical Natural

Knowtator A plug-in for creating training and evaluation data sets for Biomedical Natural Language Processing systems Philip V. Ogren Mayo Clinic College of Medicine Entity Recognition Find mentions of concepts in text Biological

533 views • 26 slides
Plug-In Folly Part 4 by Pat Murphy, Plan Curtail PART 4A: The Plug-In Hybrid Car Inventing the

Plug-In Folly Part 4 by Pat Murphy, Plan Curtail PART 4A: The Plug-In Hybrid Car Inventing the

Plug-In Folly Part 4 by Pat Murphy, Plan Curtail PART 4A: The Plug-In Hybrid Car Inventing the Plug-in Hybrid P1 The first plug-in hybrid car in the US was shipped in December 2010. Because this new type of car used both gas and

449 views • 19 slides
PLUG PLUG Presentation Layer Universal Generator Presentation Layer Universal Generator

PLUG PLUG Presentation Layer Universal Generator Presentation Layer Universal Generator

PLUG PLUG Presentation Layer Universal Generator Presentation Layer Universal Generator P&D/CSD/DCE- -TFP/AST TFP/AST P&D/CSD/DCE A joint company of Thomson-CSF Airsys and Siemens OVERVIEW Compiler & Parser PLUG

666 views • 28 slides
AutoPowerOff plug banks - or Standby killers The background How it works for PCs

AutoPowerOff plug banks - or Standby killers The background How it works for PCs

AutoPowerOff plug banks - or Standby killers The background How it works for PCs Monitor PC Printer Scanner Speakers The two types Plug bank for TV Plug bank for PC How it works for TVs TV DVD player Digital Receiver Game

498 views • 21 slides
MESAM : A Prot eg e Plug-in for the Specialization of Models Nadjet Zemirline, Yolaine

MESAM : A Prot eg e Plug-in for the Specialization of Models Nadjet Zemirline, Yolaine

MESAM Plug-in MESAM Plug-in Implementation Conclusion MESAM : A Prot eg e Plug-in for the Specialization of Models Nadjet Zemirline, Yolaine Bourda, Chantal Reynaud and Fabrice Popineau Supelec Gif-sur-Yvette, LRI Paris-Sud university

563 views • 20 slides
Secure file transmission of PHI, RHI and sensitive information My work processes require use of

Secure file transmission of PHI, RHI and sensitive information My work processes require use of

Secure file transmission of PHI, RHI and sensitive information My work processes require use of the FTA plug in for Outlook. How do I obtain this? Use of the FTA Plug In requires installation on the users workstation and will

231 views • 9 slides
Using EVPN to minimize ARP traffic in an IXP environment Stefan Plug < stefan.plug@os3.nl >

Using EVPN to minimize ARP traffic in an IXP environment Stefan Plug < stefan.plug@os3.nl >

Using EVPN to minimize ARP traffic in an IXP environment Stefan Plug < stefan.plug@os3.nl > Lutz Engels < lutz.engels@os3.nl > University of Amsterdam Faculty of Science (FNWI) MSc System and Network Engineering July 3rd, 2014

714 views • 53 slides
WHAT DRIVES YOU NUTS? Duncan E. Campbell Retired Director General, Montreal, Quebec, Canada

WHAT DRIVES YOU NUTS? Duncan E. Campbell Retired Director General, Montreal, Quebec, Canada

WHAT DRIVES YOU NUTS? Duncan E. Campbell Retired Director General, Montreal, Quebec, Canada October 21, 2019 What Drives You Nuts? What Drives You Nuts? What Drives You Nuts? What Drives You Nuts? What Drives You Nuts? What Drives You Nuts?

607 views • 22 slides
For System Integrators The Connect2id mantra Your users Your UIs / UX Your rules Your premise

For System Integrators The Connect2id mantra Your users Your UIs / UX Your rules Your premise

For System Integrators The Connect2id mantra Your users Your UIs / UX Your rules Your premise / cloud You are in control Top integration concerns of enterprises authz logic user authentication + shape explicit / implicit consent + plug-in

714 views • 28 slides
Search and Fake News Everything you need to know about how Google helps users find quality

Search and Fake News Everything you need to know about how Google helps users find quality

Search and Fake News Everything you need to know about how Google helps users find quality information 1 Our Mission: Organize the worlds information and make it universally accessible and useful. 2 Contents 1. How Search Works 2.

600 views • 19 slides
FIBARO Wall Plug The smallest in the world Home intelligence Most sophisticated device FIBARO

FIBARO Wall Plug The smallest in the world Home intelligence Most sophisticated device FIBARO

FIBARO Wall Plug The smallest in the world Home intelligence Most sophisticated device FIBARO Wall Plug with power metering feature is an intelligent, ultimate plug & play, extremely compact, most sophisticated, remotely controlled outlet

199 views • 18 slides
macOS Sierra What's new About this Mac - Storage tab, besides the available connected drives

macOS Sierra What's new About this Mac - Storage tab, besides the available connected drives

macOS Sierra What's new About this Mac - Storage tab, besides the available connected drives (including optical drives), and you can hover over each colored segment to get a MB size, there is the Manage... button which brings up new options

378 views • 4 slides
When its better to ask forgiveness than get permission Chris Thompson, Maritza Johnson, Serge

When its better to ask forgiveness than get permission Chris Thompson, Maritza Johnson, Serge

When its better to ask forgiveness than get permission Chris Thompson, Maritza Johnson, Serge Egelman, David Wagner, Jennifer King UC Berkeley Designing attribution mechanisms for smartphone resources Asking for permission: To avoid

586 views • 46 slides
The intersection axiom of conditional independence : some new results Richard D. Gill

The intersection axiom of conditional independence : some new results Richard D. Gill

The intersection axiom of conditional independence : some new results Richard D. Gill Mathematical Institute, University Leiden This version: 3 October, 2019 ( X Y Z ) & ( X Z Y ) X ( Y , Z )

346 views • 24 slides
Estimating CIs on proportions How confident can I be in my estimate? (e.g., 0 of 10 vs. 0

Estimating CIs on proportions How confident can I be in my estimate? (e.g., 0 of 10 vs. 0

Is this population free of infection? Estimating CIs on proportions How confident can I be in my estimate? (e.g., 0 of 10 vs. 0 of 30) How different is the estimate of prevalence in two species, populations, times, (quick and

264 views • 7 slides
Cluster approach for EEG analysis: predicting upcoming sensorimotor event. Maria Luiza Rangel

Cluster approach for EEG analysis: predicting upcoming sensorimotor event. Maria Luiza Rangel

Ncleo de Pesquisa em Neurocincia e Reabilitao Cluster approach for EEG analysis: predicting upcoming sensorimotor event. Maria Luiza Rangel Prediction investigation The ability to predict an upcoming action is an intrinsic property of

976 views • 18 slides
Sta$s$cal Significance Tes$ng In Theory and In Prac$ce Ben

Sta$s$cal Significance Tes$ng In Theory and In Prac$ce Ben

Sta$s$cal Significance Tes$ng In Theory and In Prac$ce Ben Cartere8e University of Delaware h8p://ir.cis.udel.edu/ICTIR13tutorial Hypotheses and Experiments

853 views • 59 slides
Data Mining and Machine Learning: Fundamental Concepts and Algorithms dataminingbook.info

Data Mining and Machine Learning: Fundamental Concepts and Algorithms dataminingbook.info

Data Mining and Machine Learning: Fundamental Concepts and Algorithms dataminingbook.info Mohammed J. Zaki 1 Wagner Meira Jr. 2 1 Department of Computer Science Rensselaer Polytechnic Institute, Troy, NY, USA 2 Department of Computer Science

410 views • 40 slides
Hypothesis Testing Part I James J. Heckman University of Chicago Econ 312, Spring 2019 Heckman

Hypothesis Testing Part I James J. Heckman University of Chicago Econ 312, Spring 2019 Heckman

Hypothesis Testing Part I James J. Heckman University of Chicago Econ 312, Spring 2019 Heckman Hypothesis Testing Part I 1. A Brief Review of Hypothesis Testing and Its Uses Common Phrase: Chicago Economics test Models What are Valid

1.46k views • 97 slides
Interesting Patterns Jilles Vreeken 15 May 2015 Questions of the Day What is interestingness?

Interesting Patterns Jilles Vreeken 15 May 2015 Questions of the Day What is interestingness?

Interesting Patterns Jilles Vreeken 15 May 2015 Questions of the Day What is interestingness? what is a pattern? and how can we mine interest esting patterns? What is a pattern? Data ata Pattern ern y = x - 1 What is a pattern?

545 views • 42 slides

More recommend