Technolgy Research

Impact of Interface Characteristics on Digital Libraries Usage

The fundamental reason for building digital libraries is belief that it will provide better delivery of  information than was not possible in the past. The major advantages of digital libraries over traditional libraries include:

  1. Digital libraries bring the libraries closer to the users: Information are brought to the users, either at home or work, making it more accessible, and increases its usage. This is very much different that traditional libraries where the users have to physically go to the library.
  2. Computer technology is used for searching and browsing: Computer systems are better than manual methods for finding information. It is useful for reference work that involves repeated leaps from one source of information to another.
  3. Information can be shared: Placing digital information on a network makes it available to everyone. Many digital libraries are maintained at a single central site.This is a vast improvement over expensive physical duplication of little used material, or the inconvenience of unique material that is inaccessible without traveling to the location where it is stored.
  4. Information is always available: The digital library’s doors will never close; usage of digital libraries’ collections can be done at hours when the library buildings are closed. Materials are never checked-out, missed-shelve, or stolen. In traditional libraries, information is much more likely to be available when and where the user wants it.
  5. New forms of information become possible: A database may be the best way to record and disseminate information. Whereas conventional libraries are printed on paper, yet print is not always the best way to record and disseminate information.

Digital libraries would definitely facilitate research work and this should be accepted mainly by those involved in the field of research. However, recent studies showed that people still prefer to read from paper despite the progress in technology. Today with many people searching for new knowledge and information, the Internet is expected to take on board the role of the human intermediary. There is also an expectation that people are digitally literate. On the other hand, some end-users do not always have the literacy to search the Internet effectively for information. The problem is compounded by the fact the Internet as a whole is not well organized and information retrieval is inevitably a difficult and time consuming process.

Tags : , , , ,

What are the projected risks of Quantum Computing?

Although there are many proposed benefits anticipated from quantum computing, there are also potential risks. Among these are the following:

  1. While advancements in security will be welcome within the IT community, there is a possibility of an uneven distribution of adoption of the new technology. If some firms adopt quantum computing and others do not, those without these systems will be vulnerable to the security threats.
  2. Conceptually, it is believed that with quantum technology we will be able to build microscopic machines such as a nanoassembler, a virtually universal constructor that will not just take materials apart and rebuild them atom by atom but also replicate itself. The good news of this self-replication machines means that these nanomachines will cost nothing to build and eventually make any products we might desire at zero cost. The bad news is that these HAL-like computing brains with capabilities exceeding those of humans, could redesign and replicate themselves at no cost, other than the loss of human dominance.
  3. Quantum computing will instigate rapid changes in computing and corresponding modifications to human life, at a time known as the point of Singularity. When that day arrives, some futurists fear that quantum computing will cause things to change so fast that it will be impossible to predict what will happen next. Or, there will be “a developmental discontinuity, an ultimate event horizon beyond which predictability breaks down totally.” It sounds as terrifying as those scenarios in a science fiction film; theoretically, nevertheless, it is the risk that quantum computing might eventually lead us to.

Tags : , , , ,

Approaches to minimizing user-related faults in IS security

Recent research to minimizing user-related faults in information systems (IS) security can be roughly summarized as follows. First, since ancient times, punishment has been used to discourage ’wrongdoing’. It has been debated whether punishment as deterrence is relevant in the context of contemporary IS security or not. Results that support the economic theories of punishment have been published. However, scholars of the behavioural community have presented much evidence of the negative long-run consequences related to the use of punishment, for instance loss of productivity,increased dissatisfaction, and aggression.

Second, the importance of ease of safe use and the related transparency principle have been presented. Similarly, asocial approach, named User Centered Security (UCS), has been put forward. However, some argue that ’ ease of safe use’ has not been properly defined. Moreover, some elements of the mentioned approaches are argued to teach users to take security as granted, which may lead to neglecting or misusing forthcoming security mechanisms. Furthermore,the aforementioned approaches are criticized for not presenting guidelines to modeling let alone resolving conflicting requirements.

Third, the Organizational psychology and incident analysis (OPIA) approach has argued that human errors can only be overcome by understanding human behaviour. However,According to Siponen, the six theses that constitute OPIA do not stand up to closer psychological scrutiny. For instance, the effects of weakness of will and lack of commitment are not taken into account.

Fourth, the importance of awareness has been underlined since it has been perceived instrumental to the effort of reducing ’human error’. The topic has been approached systematically, and program frameworks have been developed. Extending the analysis, Siponen has presented a conceptual foundation for organizational information security awareness that differentiates between the framework (‘hard’, structural) and content (informal, interdisciplinary) aspects.

Tags : , , , , , ,

Web Spoofing: Threat Models, Attacks and Current Defenses

The initial design of  Web protocols and Internet assumed benign environment, where servers, clients and routers cooperate and follow the standard protocols, except for unintentional errors. However, as the amount and sensitivity of usage increased, concerns about security, fraud and attacks became important. In particular, since currently Internet access is widely (and often freely) available, it is very easy for attackers to obtain many client and even host connections and addresses, and use them to launch different attacks on the network itself (routers and network services such as DNS) and on other hosts and clients. In particular, with the proliferation of commercial domain name registrars allowing automated, low-cost registration in most top level domains, it is currently very easy for attackers to acquire essentially any unallocated domain name, and place there malicious hosts and clients. We call this the unallocated domain adversary: an adversary who is able to issue and receive messages using many addresses in any domain name, excluding the finite list of already allocated domain names. This is probably the most basic and common type of adversary.

Unfortunately, we believe, as explained below, that currently, most web users are vulnerable even against unallocated domain adversaries. This claim may be surprising, as sensitive web sites are usually protected using the SSL or TLS protocols, which, as we explain in the following subsection, securely authenticate webpages even in the presence of intercepting adversaries (often referred to as Man In The Middle (MITM) attackers).Intercepting adversaries are able to send and intercept (receive, eavesdrop) messages to and from all domains.Indeed, even without SSL/TLS, the HTTP protocol securely authenticates web pages against spoofing adversaries, which are able to send messages from all domains, but receive only messages sent to unallocated (adversary-controlled) domains. However, the security by SSL/TLS (against intercepting adversary; or by HTTP against spoofing adversary) is only with respect to the address (URL) and security mechanism (HTTPS, using SSL/TLS, or ‘plain’ HTTP) requested by the application (usually browser). In a phishing attack (and most other spoofing attacks), the application specifies, in its request, the URL of the spoofed site. Namely, web spoofing attacks focus on the gap between the intentions and expectations of the user, and the address and security mechanism specified by the browser to the transport layer.

 

Tags : , , , , , , , , , , , , , , ,

Process for avoiding SPAM

While the SPAM-blocking capabilities of Web mail providers are good, they will never be perfect, and SPAMers can be expected to evolve their tactics in an attempt to circumvent SPAM filters. And to conduct our research, we tried to do everything wrong in an attempt to attract SPAM. What follows are some guidelines on what users can do to minimize the amount of SPAM they receive:

Recognize suspicious sites

In our experience, it’s an invitation for SPAM (or identity theft) to submit your email address and other information to sites that:

  1. Request your email address on their home page.
  2. Claim to be free but request your credit card information “for verification purposes.”
  3. Make any claims that seem too good to be true.
  4. Make it hard to leave by popping up “are you sure” types of notifications.
  5. Open popup windows as soon as you visit them.
  6. Promise something valuable for very little work (“get a free iPad just for filling out a survey”).
  7. Claim you are a randomly selected winner.
  8. Claim there’s limited time to act on an offer.

If you are interested in what a site offers but it appears suspicious, you can often find out by doing a search for the Web site to see if it’s a scam. For example, search for “theremovelist scam.”

Recognize SPAM

Spam is often identifiable in your inbox, based on certain characteristics:

What to do with SPAM

Do:

  1. Delete the email.
  2. Use your Web mail provider’s ability to mark it as junk. However, do not mark an email as SPAM if you have intentionally subscribed to it and no longer wish to receive it.

Don’t

  1. Display the images in the email. This sends a signal to the SPAMer and they know they have a working email address.
  2. Unsubscribe. If it’s a legitimate email, you can unsubscribe, but it it’s truly unsolicited, unsubscribing only tells the spammer they have a real email address.
  3. Click on links. This also sends a signal to the spammer.

Tags : , , , , ,

Honeypots or decoy email addresses

Honeypots (decoy email addresses) are used for collecting large amounts of spam. These decoy email addresses do not belong to actual end users, but are made public to attract spammers who will think the address is legitimate. Once the spam is collected, identification techniques, such as hashing systems or fingerprinting, are used to process the spam and create a database of known spam. Let’s take a closer look at hashing systems and fingerprinting.

HASHING SYSTEMS: With hashing systems, each spam email receives an identification number,or “hash,” that corresponds to the contents of the spam. A list of known spam emails and their corresponding hash is then created. All incoming email is compared to this list of known spam. If the hashing system determines that an incoming email matches an email in the spam list, then the email is rejected. This technique works as long as spammers send the same or nearly the same email repeatedly. One of the original implementations of this technique was called Razor.

FINGERPRINTING: Fingerprinting techniques examine the characteristics, or fingerprint, of emails previously identified as spam and use this information to identify the same or similar email each time one is intercepted. These real time fingerprint checks are continuously updated and provide a method of identifying spam with nearly zero false positives. Fingerprinting techniques can also look specifically at the URLs contained in a message and compare them against URLs of previously identified as spam propagators.

Honeypots with hashing or fingerprinting can be effective provided similar spam emails are widely sent. If each spam is made unique, these techniques can run into difficulties and fail.

Tags : , , , , , ,

Domain Name System

The DNS (Domain Name System) is used to translate hostnames and service names (e. g. www.simplexu.com) to numeric IP addresses (e.g. 69.65.42.236), which is a more suitable format for computers. In short this is done by a lookup in the DNS server’s database, and if not found the server will contact other DNS servers to get the correct IP address for the requested lookup (Figure 1).

IP addresses to other DNS servers and hosts will be cached in the local DNS server performing a lookup. How long an address is valid in the cache is decided by the TTL value of the IP address. TTL is set when the address is added in its authoritative DNS server’s database. This cache function results in that commonly used addresses and domains are often found in the cache. With cached information the time of the lookup decreases and less data traffic is produced.

In a full DNS lookup without any cached information, the local DNS server will request a root name server for an IP address to the correct top level domain DNS server (e.g..se, .com). The top level server, which knows what lower level DNS servers’ IP addresses are, redirects the local DNS server further down the hierarchy of DNS servers. This proceeds between the local DNS server and other DNS servers until the IP of the requested host name is known or results in an error. The local DNS server also sends the correct address or an error to the client that requested the DNS lookup.

The DNS server contacted last in a lookup which is responsible for a portion of the name space delegated to its organisation, which is called the DNS zone. This authoritative DNS server has the address saved in its database along with the TTL value. An example of a DNS lookup where the top level domain server is known by the local DNS server is illustrated in Figure 1.

Figure 1: Standard DNS lookup

  1. Client asks for an IP address to a certain name of for example a web server.
  2. Local DNS server asks a top level domain server for an address to a lower level DNS server.
  3. The top level domain server answers with an IP-address to an authoritative DNS server.
  4. Local DNS server asks the new DNS server for the address of the web server.
  5. The server was an authoritative DNS server thus it answers with the correct IP address.
  6. The IP address is forwarded to the client.
  7. Now the client can ask for the web page from the web server since it got the exact address.
  8. Data exchange between client and web server starts.

 

 

Tags : , , , , , ,

UML for Modeling Complex Real-Time Systems

The embedded real-time software systems encountered in applications such as telecommunications, aerospace, and defense typically tend to be large and extremely complex. It is crucial in such systems that the software is designed with a sound architecture. A good architecture not only simplifies construction of the initial system, but even more importantly, readily accommodates changes forced by a steady stream of new requirements. In this paper, we describe a set of constructs that facilitate the design of software architectures in this domain. The constructs, derived from field-proven concepts originally defined in the ROOM modeling language, are specified using the Unified Modeling Language (UML) standard.

Modelling Structure

The structure of a system identifies the entities that are to be modeled and the relationships between them (e.g., communication relationships, containment relationships). UML provides two fundamental complementary diagram types for capturing the logical structure of systems: class diagrams and collaboration diagrams. Class diagrams capture universal relationships among classes— those relationships that exist among instances of the classes in all contexts. Collaboration diagrams capture relationships that exist only within a particular context— a pattern of usage for a particular purpose that is not inherent in the class itself. Collaboration diagrams therefore include a distinction between the usage of different instances of the same class, a distinction captured in the concept of role. In the modeling approach described here, there is a strong emphasis on using UML collaboration diagrams to explicitly represent the interconnections between architectural entities. Typically, the complete specification of the structure of a complex real-time system is obtained through a combination of class and collaboration diagrams.

Specifically three principal constructs for modeling structure:

Tags : , , , , , ,

Common Problems Associated with Spam Traps and its Preventation

Spam traps are email addresses activated for the sole purpose of catching illegitimate email and identifying senders with poor data quality practices. Internet Service Providers (ISPs) and anti-spam organizations create and manage spam trap networks and use spam traps,

Common Problems Associated with Spam Traps

  1. Return Path studies have shown that one spam trap can reduce your Sender Score more than 20 points and can decrease your inbox placement rates to 81% and lower.
  2. ISPs will lower your sending reputation for too many spam trap hits.
  3. Mailing IPs and/or domains may become blacklisted.
  4. Membership in the Return Path Certification Program may be suspended for exceeding the acceptable thresholds defined within the compliance standards.

Preventing Spam Traps

  1. Reject requests for malformed addresses (i.e. me@hotmai.lcom).
  2. Reject abuse@ and postmaster@ addresses.
  3. Reject role accounts (i.e. sales@company.com, customerservice@company.com).
  4. Send Welcome/Confirmation email messages and use a confirmed or double option process to validate newly acquired email addresses before adding them to your file. It is best practice to use a separate IP space and monitor spam trap rates.
  5. Having multiple pages or CAPTCHA during the subscription process aids in preventing list poisoning.
  6. Provide a change of email address option in all emails, in a preference center and at the point of unsubscribe.
  7. Do not purchase, rent or lease email addresses from third parties or perform email appends on your files.
  8. Isolate and monitor “Import Address Book” and “Forward to a Friend” mail streams on separate IPs and sub-domains to identify spam traps and protect your other email programs. These types of features commonly collect old email addresses that have likely been converted into spam traps.

Tags : , , , , , , ,

Phishing Email

Phishing emails are crafted to look as if they’ve been sent from a legitimate organization. These emails attempt to fool you into visiting a bogus web site to either download malware (viruses and other software intended to compromise your computer) or reveal sensitive personal information. The perpetrators of phishing scams carefully craft the bogus web site to look like the real thing.

For instance, an email can be crafted to look like it is from a major bank. It might have an alarming subject line, such as “Problem with Your Account.” The body of the message will claim there is a problem with your bank account and that, in order to validate your account, you must click a link included in the email and complete an online form.

The email is sent as spam to tens of thousands of recipients. Some, perhaps many, recipients are customers of the institution. Believing the email to be real, some of these recipients will click the link in the email without noticing that it takes them to a web address that only resembles the address of the real institution. If the email is sent and viewed as HTML, the visible link may be the URL of the institution, but the actual link information coded in the HTML will take the user to the bogus site. For example

visible link: http://www.yourbank.com/accounts/

actual link to bogus site: http://itcare.co.kr/data/yourbank/index.html

The bogus site will look astonishingly like the real thing, and will present an online form asking for information like your account number, your address, your online banking username and password—all the information an attacker needs to steal your identity and raid your bank account.

What to Look For

Bogus communications purporting to be from banks, credit card companies, and other financial institutions have been widely employed in phishing scams, as have emails from online auction and retail services. Carefully examine any email from your banks and other financial institutions. Most have instituted policies against asking for personal or account information in emails, so you should regard any email making such a request with extreme skepticism.

Phishing emails have also been disguised in a number of other ways. Some of the most common phishing emails include the following:

  1. fake communications from online payment and auction services, or from internet service providers – These emails claim there is a “problem” with your account and request that you access a (bogus) web page to provide personal and account information.
  2. fake accusation of violating Patriot Act – This email purports to be from the Federal Deposit Insurance Corporation (FDIC). It says that the FDIC is refusing to ensure your account because of “suspected violations of the USA Patriot Act.” It requests you provide information through an online form to “verify your identity.” It’s really an attempt to steal your identity.
  3. fake communications from an IT Department – These emails will attempt to ferret passwords and other information phishers can use to penetrate your organization’s networks and computers.
  4. low-tech versions of any of the above asking you to fax back information on a printed form you can download from a (bogus) web site.

Tags : , , , , , , , ,