Updates_LiteratureReviews (05)

Title:  Safeguard against Unicode Attacks: Generation and Applications of UC-SimList

Authors:    Anthony Y. FuCity University of Hong Kong, Hong Kong

Wan ZhangCity University of Hong Kong, Hong Kong

Xiaotie DengCity University of Hong Kong, Hong Kong

Liu WenyinCity University of Hong Kong, Hong Kong

Reference: Click to Open Journal

Introduction

In my previous updates, I talked about a video I created on the project. Well, this week, I returned my focus on reviewing literally works. The work of interest I decided to read talks about Unicode Attacks. Unicode Attack is basically trying to encode characters in URL to escape application filtering.  The journal created ways in which this kind of attack is prevented by developing an application to handle to job. Below I will explain the strategy these researchers used to implement their ideas.

Designs/Evaluations

I liked the ideas that went into the project. Their goal was to try to prevent Unicode attacks by creating an API package that supports their work. Unfortunately, Accessing the API is difficult. The Link to the download the API is: http://antiphishing.cs.cityu.edu.hk/. The Server seems to be down or simply I cannot access it.

The design of the project is to compare the string of text entered with Universal code Characters Set (UCS). What the team did was create two sets of Unicode Similarity List (UC-SimList). The two sets of UC-SimList were 1) UC-SimList_s: this list has the characters from the original UCS, and 2) UC-SimList_v: this list, according to the researchers, is created manually.  Each pair of characters given is multiplying by their visual similarity and their semantic similarity. They also measure the characters in 2D  kernel densities using the sample points on its contour.

Improvements

Due to the fact that I wasn’t able to see the API package, I cannot tell which aspects of their project needs improving. The only question that I needed answer was How this package is used. A semi-Improvement is to provide more information about the project. I felt the information provided was limited. Some of the key concepts introduced were not clear or never defined. Ideas like Universal code Characters Set (UCS) was not clearly defined.

Updates_Demo Video of Game Conclusion

My previous reflection was on the work I did about creating a Demo video for the game. I mentioned the problem I had which was the resolution of the game. I know, after countless hours of trying and getting frustrated with myself and the software (VSDC Video Editor) I used for Video editing, I was able to find a solution to the problems. The problem seems like a software error at first, but it was user (my) error. By default, the VSDC Video Editor reduces the output resolution insanely. Below is an image I introduced in my previous reflection. This image had all the information about my exported file which I supposed to take seriously.

demo 5

During the middle of by the previous blog, I was testing varieties of ways for the resolution. The above image shows the video file I was messing with. Due to the length of time of conversion, I decided not to convert the video once I did the changes. Anyways, the problem was with the resolution. Under the Output file, the width and height were lower in the hundreds. I remembered seeing a resolution 192 x 80.

At the end of my struggle, I realized the smallest things seem to be the most difficult, annoying and time wasting.  Glad This Was Resolved!!

Updates_Demo Video of Game

Introduction

I have spent a lot of hours making the demo of the game. I was in charge to make a preview of the game. This happens to introduce the entire game from start to finish. I had to show every feature that the game had in the game while trying to limit the time used. It was a bit difficult.

Difficulties and Future Improvements

Firstly. the entire process was new. I have made some videos but editing them is another different learning point. I used a video editing software called VSDE Video Editor to edit my work. The edition was fine, but the problems came when I try to export the video. For some reason, the quality of the video goes how to the point where reading the text is difficult. I spent countless hours looking for ways to enhance the quality. I exported the video to MP3/MP4 format. First, I imported it in PC format, but it had problems opening up.

Previews in Editor

Previews After Conversion

Knowing the quality of the videos is low, I’m still looking for ways to improve the quality/resolutions. Since the game was recorded using an Android device and a resolution of 1920 by 720 might have affected the result of the edition. I will also try to change the input and output resolution of the video before conversion.

demo 5

The second goal is to record it using a PC and then edit to see if the resolution will be reduced.

Likes

VSDE is an easy video editing software. I was about to do most of the simple editing without any demo. Important features are not hidden. I was able to import and export videos with ease.

Updates_LiteratureReviews (04)

Title: Why Phishing Works

Authors:    Rachna DhamijaHarvard University, Cambridge, MA

J. D. TygarUniversity of California, Berkeley, Berkeley, CA

Marti HearstUniversity of California, Berkeley, Berkeley, CA

Reference: Click to Open Journal (You have to log in to access article)

Introduction

The article concentrates on the reasons phishing works. They compiled some incredible information to give us a bit insight into the way phishers work.  I picked this topic because it is worth noting that to fully understand something, you must first educate yourself of its origin. By understanding how these phishers develop Softwares that are equivalent in comparison to the original is remarkable.Below I will explain the different ways phishers phish computer users around the world.

Designs/Evaluations

The scholars complied their research into a pre-test and post-test format. To get better understanding of the users understand of the subject of phishing or internet security for that matter, each user was asked to recognize what a secured site is like. After that, each user was told to go to some sites. According to the research, about 22 users where tested to determine if 20 websites shown to them is safe. The researchers determine that 23% of the 22 users incorrectly determine the safety of a site without looking at the address bar, status bar and the security indicators.

Improvements

The goal of the research was clear. To be able to understand what makes phishing so successful, it is wise to understand how the victims get caught in drama. Firstly, users do not care about the security aspects of internet using. Secondly and lastly, by not taken phishing seriously it encourages phishing. One improvement I would like the researchers to incorporate an interactive learning activity. What thing is for sure, users want to automately be protected from anti-phishing softwares, but these applications can do much and little.

TO BE CONTINUED ….

Updates_LiteratureReviews (03)

Title: Behavioral response to phishing risk

Authors: Julie S. Downs Carnegie Mellon University, Pittsburgh, PA
Mandy Holbrook Carnegie Mellon University, Pittsburgh, PA
Lorrie Faith Cranor Carnegie Mellon University, Pittsburgh, PA

Reference: Click to Open (You must have an account to access article)

Introduction

After reviewing the article above, there were many things mentioned that focus on helping internet users to avoid phishing scams. This article has many things to explain to the reader. The research done by the scholar was to create a create an environment where the player can learn as much information about phishing as possible. Fortunately, that they used to achieve their goal worked like charm. They used an embedded training system that teaches users about phishing called PhishingGuru and an Anti-Phishing Phil game that teaches users the danger of phishing scams.

Game Design/Evaluations

In the above paragraph, I introduced the fundamental of the Scholars’ Research. I talked about the two main concentration of the research 1) PhishingGuru, and 2) Anti-Phishing Phil Game. This section of my review, I planned on going in depth on the process taken by these scholars to produce this beautiful work of art to help users avoid scams.

Firstly, let’s talk about the PhishingGuru. This part of the research is meant to simulate a phishing email. The PhishingGuru is basically an email that is sent to users to determine if they will be able to recognize phishing scams. How does this work? First, fake phishing email is sent to users using their normal personal or work email address provided. Second, the email recipients must click the fake phishing emails. And lastly, when the recipients clicked the links in the email, they’d get a prompt explaining to them the danger of the email and the reason why clicking it was harmful to the user’s PC and/or personal information. This kind of training gives the users a real-world look at phishing. One thing that must be said about phishing is the users are the ones who give out their information to the phishers. Phishers will not get information from a user without the indirect consent of the users.

Ultimately, the final technique to the scholars’ research: the use of a Game called Anti-Phishing Phil. This game is basically like many games I have reviewed previously. The main idea of the game is for the player to recognize harmful links from good links. The game introduces Phil. Phil is a fish that wants to grow up. To do that, he must eat as many worms as he can to grow up. The catch is that each worm represents an equivalent of a good worm (Link) or a bad worm (phishing link); therefore, the fish must choose wisely. The game is constructed in a fun and interactive manner. The game doesn’t only revolve around Phil. There are tutorials that teach the planning the player anti-phishing tips before diving into Phil’s story.

Improvements

The concepts of the research are great. The route they took to produce two exquisite works: PhishingGuru (lol the name cracks me up every time. A Guru phisher lol) and Anti-Phishing Phil. Both pieces of work strike a great deal to help enhance the users’ experience on the topic of phishing. Learning the same concepts from a different point of view really helps widen one’s understanding of the subject at hand.

The research is great, but what I think would’ve improved the research is the used of information that phishers would use to trick computer’s users. What is asked in the links when clicked is what makes phishing dangerous. If the game encourages users to identify phishing phrases in emails or websites it’d really help. What does it mean to be a phish? Not just links in email, but what phrases should be avoided when phishing links have been opened.

Updates_LiteratureReviews (02)

Title: What.Hack: Learn Phishing Email Defence the Fun Way

Authors: Zikai Alex Wen
Yiming Li
Reid Wade
Jeffrey Huang
Amy Wang

Reference: Click to Open Journal

Introduction

The journal published by Wen and his colleagues show some insightful thoughts toward the topic of phishing. The scholars developed a 2D based game to teach people the awareness of phishing. I have played the game. I found it very educational. It has good information for the player.  for instance, fruitful emails that the player has to reviewed and decisions that have to be made of the information being provided.

Game Designs

The game designs and planning process was intriguing. They used information taken from varieties of literally works to compile a meaningful and thoughtful game to educate people about the importance of phishing. The concepts of the game were inspired by games such as Control-At-Hack, Anti-Phishing Phil, and  Paper, Please. Control-At-Hack is a board game that teaches the player about varieties of security concepts ranging from social engineering, phishing and etc. Anti-Phishing Phil, another game reviewed by the team, is a game where the player has to consume (by clicking on the worm) the worm with the safe URL. And final but not least, the Paper, Please! This game gives much inspiration to the team (Authors) into creating a beautiful learning game. The concept of Paper, Please is to verify the legitimacy of passports.

Anyways, the game is called “What.Hack.” The name fits the concepts of the game perfectly, I think. After playing the game for sometimes, you can acknowledge the work the developers put into the game development process. The game simulates emails which the player has to decide on the legitimacy of the emails. What makes the game likable to me is the simplistic User Interface. The email looks legit like a real live mail application. The player can get help and requests from Cherise who basically is the boss of the player.  The game incorporates ideas from all three games reviewed by them. “What.Hack” has the concept of Social Engineering which is similar to the game called “Control-At-Hack.”  The Author also incorporated the concept of interaction where the player has to click the right decisions. And last but not least, the game included the concept of verifying the trustworthy of files which are seen in the game “Paper, Please.”

Improvements

I like the game. It provides useful information to the player. The information is at real as it gets relating to phishing. It easy to get used to the controls and the User interface.

Since the legitimacy of the email is determined using the email addresses and the information it provides, the player should have a fit number of emails instead of infinite questions, I think. Also, I think it’d improve the player’s experience if the player can move around. But the design of the player seems to be a stationary one.

Overall, I like the designs of the game.

Updates_LiteratureReviews (01)

Title: Take a close look at Phishing

Authors: Dipti Patel, Xin Luo

Reference: Click to Open Journal

 

Introduction

This week, I am reading journals on the topic of Phishing. “Phishing is the practice where criminals send out unsolicited commercial e-mails, masquerading as valid authorities by using logos and other formatting to resemble authentic e-mails sent by the company that they are attempting to impersonate (Dipti Patel, Xin Luo).”

 

Patel and Luo made some important argument on the issue of phishing. What’s intriguing about their arguments is the many solutions they introduced to help stop the spread of phishing. These scholars talk about ways in which hackers take information from harmless internet users around the globe.

Evaluation

There are many things we do not want to happen to us, identity thief and worst. Discovering that your information has been compromised by someone unknown is frustrating, knowing that there are many things that can happen with your information. After reading the information presented by Patel and Luo, I got to understand a different viewpoint on the global issue of phishing.  According to the scholars, Spanners-hackers- has grown year-by-year and are educating themselves on new possibilities to evade Softwares and techniques used to stop them. It is worth to mention that 10% of financial services companies, according to the authors, have been attacked since the publication of this journal in the year 2007. Knowing that hackers try to adapt to any obstacles that may try to stop them, it is ensuring enough to lead to the belief that hacking has been something that companies take seriously. Companies are not the only internet users who need to take the seriousness of phishing (hacking). According to Patel and Luo, about 86% of home computers users are the many groups of users hackers hit because of how unaware these users are towards the seriousness of hacking.

Improvements

The journal is pretty clear about the danger of phishing. Patel and Luo introduced some great solutions internet users have to take to prevent phishing. Some of these include ensuring received emails are legit, being cautious when giving out personal information online, Biometric, and much more.

Biometric seem to be the ideal way of protection online. A biometric is the use of an individual’s physical and behavioral characteristics for identifications. This seems to be the perfect self-protection, but even though this work, people are the ones that give out their information to hackers on the topic of phishing.

The only concluding way to prevent phishing is to give awareness of the issues; and also, create counter-attack Softwares such as Biometrics to help in aiding the prevention of hacking.