August 31, 2005 – As the Federal Emergency Management Agency (FEMA) swings into high gear to provide disaster relief to victims of Hurricane Katrina, ACCESS has learned that the Social Security Administration has no procedures to help many of these same victims get back on their feet. The problem that many victims face is that they escaped with only the clothes on their backs; meaning that they have too little iformation for the Social Security Administration to reissue them Social Security Cards. This means that storm victims face a variety of problems that neither they, nor the Federal Government have ever even considered.

RSS is growing at a lightening speed. What was once only known as a techie tool, RSS is becoming a tool that is continuously being used by the general population. Along with the good comes, the not so good. And while some have mentioned the emergence of RSS spam, where content publishers dynamically generate nonsensical feeds stuffed with keywords, the real concern relates to security. While an annoyance to the search engines, spam in RSS feeds pales in comparison to the possible security concerns that could be in RSS future.

RSS Feed Security

Security Implications Related to RSS.

As RSS gains momentum security fears loom large. As publishers are quickly finding innovative uses for RSS feeds, hackers are taking notice. The power and extendibility of RSS in its simplest form is also its achilles heel.

RSS Feed Security

Security Implications Related to RSS.
As RSS gains momentum security fears loom large. As publishers are quickly finding innovative uses for RSS feeds, hackers are taking notice. The power and extendibility of RSS in its simplest form is also its achilles heel.

RSS Security

RSS is growing at a lightening speed. What was once only known as a techie tool, RSS is becoming a tool that is continuously being used by the general population. Along with the good comes, the not so good. And while some have mentioned the emergence of RSS spam, where content publishers dynamically generate nonsensical feeds stuffed with keywords, the real concern relates to security. While an annoyance to the search engines, spam in RSS feeds pales in comparison to the possible security concerns that could be in RSS future.

RSS Security

RSS is growing at a lightening speed. What was once only known as a "techie tool", RSS is becoming a tool that is continuously being used by the general population. Along with the good comes, the not so good. And while some have mentioned the emergence of RSS spam, where content publishers dynamically generate nonsensical feeds stuffed with keywords, the real concern relates to security.

RSS Feed Security

As RSS gains momentum security fears loom large. As publishers are quickly finding innovative uses for RSS feeds, hackers are taking notice. The power and extendibility of RSS in its simplest form is also its achilles heel. The expansion capabilities of the RSS specification, specifically the enclosure field which has launched the podcasting phenomenon, is where the vulnerabilities lie. The enclosure field in itself is not the problem, in fact the majority of RSS feeds do not even use the enclosure tag. The enclosure tag is essentially used to link to file types, things like images, word documents, mp3 files, power point presentations, and executables and can be thought of in similar terms to email attachments.

RSS Security

Along with the good comes, the not so good. And while some have mentioned the emergence of RSS spam, where content publishers dynamically generate nonsensical feeds stuffed with keywords, the real concern relates to security. While an annoyance to the search engines, spam in RSS feeds pales in comparison to the possible security concerns that could be in RSS' future.

RSS Security

A federal judge in Washington yesterday ordered the Interior Department to shut down most of its employees' Internet access and some of its public Web sites after concluding that the agency has failed to fix computer security problems that threaten...

Despite increasing awareness of online threats, the Cyber Security Breaches Report 2022 shows that the number of cyber-attacks against UK businesses is growing. With the potential to damage your operations, finances, and reputation, a cyber-attack can cause catastrophic damage to your organization, which is why it’s essential to take steps to mitigate the threat. With …

4 Ways to Increase Your Company’s Online Security Now Read More »

As more businesses move to the cloud, they are becoming increasingly vulnerable to cloud network security threats. Here are the top three threats and how to avoid them: Data breaches One of the most common and devastating cloud security threats is data breaches. These can occur when hackers gain access to a company’s cloud-based data, …

The Top 3 Cloud Network Security Threats (And How to Avoid Them) Read More »

The Debian project has announced its latest point release for Debian Linux 12, codenamed “bookworm,” marking the eighth update to this stable distribution. This 12.8 update primarily addresses security issues and fixes various critical bugs, enhancing the reliability and security of the system. Importantly, this release is not a new version but an update to existing packages within Debian 12. Users who routinely update via security.debian.org will notice only minimal changes, as most updates are rolled into this point release. There is no need to replace existing installation media for bookworm; a simple upgrade through an up-to-date Debian mirror suffices… [Continue Reading]

A new report finds 61 percent of organizations have suffered a security breach in the past year because their policies, governance, and controls failed or were not working effectively. This is costing US businesses $30bn and UK businesses £10bn per year. The study from security posture management firm Panaseer surveyed 400 security decision makers across the US and UK and found 72 percent have taken out indemnity insurance in response to growing personal liability, whilst 15 percent have considered leaving the industry. In addition, 85 percent of decision makers are facing greater scrutiny from the board. 57 percent say they… [Continue Reading]

If you need to add encryption or digital signing to the Thunderbird email app (or other supporting apps) on Android, there's one clear and easy route to success.

This paper systematically discusses the security and privacy concerns for e-learning systems. A five-layer architecture of e-learning system is proposed. The security and privacy concerns are addressed respectively for five layers. This paper further examines the relationship among the security and privacy policy, the available security and privacy technology, and the degree of e-learning privacy and security. The digital identity attributes are introduced to e-learning portable devices to enhance the security and privacy of e-learning systems. This will provide significant contributions to the knowledge of e-learning security and privacy research communities and will generate more research interests.

Recently, IEEE 802.16 Worldwide Interoperability for Microwave Access (WiMAX for short) has provided us with low-cost, high efficiency and high bandwidth network services. However, as with the WiFi, the radio wave transmission also makes the WiMAX face the wireless transmission security problem. To solve this problem, the IEEE802.16Std during its development stage defines the Privacy Key Management (PKM for short) authentication process which offers a one-way authentication. However, using a one-way authentication, an SS may connect to a fake BS. Mutual authentication, like that developed for PKMv2, can avoid this problem. Therefore, in this paper, we propose an authentication key management approach, called Diffie-Hellman-PKDS-based authentication method (DiHam for short), which employs a secret door asymmetric one-way function, Public Key Distribution System (PKDS for short), to improve current security level of facility authentication between WiMAX's BS and SS. We further integrate the PKMv1 and the DiHam into a system, called PKM-DiHam (P-DiHam for short), in which the PKMv1 acts as the authentication process, and the DiHam is responsible for key management and delivery. By transmitting securely protected and well-defined parameters for SS and BS, the two stations can mutually authenticate each other. Messages including those conveying user data and authentication parameters can be then more securely delivered.

The emergence of digital technology and the increasing prevalence of smartphones have promoted innovations in payment options available in finance and consumption markets. Banks providing mobile payment must ensure the information security. Inadequate security control leads to information leakage, which severely affects user rights and service providers' reputations. This study uses control objectives for Information and Related Technologies 4.1 as the mobile payment security control framework to examine the emergent field of mobile payment. A literature review is performed to compile studies on the safety risk, regulations, and operations of mobile payments. In addition, the Delphi questionnaire is distributed among experts to determine the practical perspectives, supplement research gaps in the literature, and revise the prototype framework. According to the experts' opinions, 59 control objectives from the four domains of COBIT 4.1 are selected. The plan and organise, acquire and implement, deliver and support, and monitor and evaluate four domains comprised 2, 5, 10, and 2 control objectives that had mean importance scores of > 4.50. Thus, these are considered the most important objectives by the experts, respectively. The results of this study can serve as a reference for banks to construct secure frameworks in mobile payment services.

Physical Layer Security (PLS) and relay technology have emerged as viable methods for enhancing the security of wireless networks. Relay technology adoption enhances the extent of coverage and enhances dependability. Moreover, it can improve the PLS. Choosing relay and jammer nodes from the group of intermediate nodes effectively mitigates the presence of powerful eavesdroppers. Current methods for Joint Relay and Jammer Selection (JRJS) address the optimisation problem of achieving near-optimal secrecy. However, most of these techniques are not scalable for large networks due to their computational cost. Secrecy will decrease if eavesdroppers are aware of the relay and jammer intermediary nodes because beamforming can be used to counter the jammer. Consequently, this study introduces a multi-agent Q-learning-based PLS-enhanced secured joint relay and jammer in dual-hop wireless cooperative networks, considering the existence of several eavesdroppers. The performance of the suggested algorithm is evaluated in comparison to the current algorithms for secure node selection. The simulation results verified the superiority of the proposed algorithm.

In order to further improve the public health assurance system and the infectious diseases early warning system to give play to their positive roles and enhance their collaborative capacity, this paper, based on the big and thick data analytics technology, designs a 'rolling-type' data synergy model. This model covers districts and counties, municipalities, provinces, and the country. It forms a data blockchain for the public health assurance system and enables high sharing of data from existing system platforms such as the infectious diseases early warning system, the hospital medical record management system, the public health data management system, and the health big and thick data management system. Additionally, it realises prevention, control and early warning by utilising data mining and synergy technologies, and ideally solves problems of traditional public health assurance system platforms such as excessive pressure on the 'central node', poor data tamper-proofing capacity, low transmission efficiency of big and thick data, bad timeliness of emergency response, and so on. The realisation of this technology can greatly improve the application and analytics of big and thick data and further enhance the public health assurance capacity.

Aim/Purpose: In this study, the researchers investigated whether the out-of-class learning approach could help the students to attain any valuable learning outcomes for cybersecurity learning and could enhance the perceived value of cybersecurity education among the students. Background: Cybersecurity learning poses challenges for its students to learn a complicated subject matter and the students may be intimidated by the challenging courses in cybersecurity programs. Therefore, it is essential for the faculty members to devise some mechanisms to promote cybersecurity learning to increase its student retention. The mechanism suggested by this study was the out-of-class learning approach. Methodology: The researchers in this study employed a content analysis and adopted a semiotic method to analyze qualitative data. The researchers also conducted crosstabulation analyses using chi-square tests to detect the significant differences in the emerging learning outcomes from the two different out-of-class learning activities investigated in this study. Contribution: This study addressed the difficulty of cybersecurity education and proposed a viable mechanism to promote the student learning in such a complicated subject matter. Findings: For cybersecurity education, the out-of-class learning approach is a viable pedagogical mechanism that could lead the students to several learning outcomes, including connecting them to the real-life scenarios related to the cybersecurity profession, guiding them to their career choices and development, stimulating their intellectual growth, creating their justification of learning, and raising their cybersecurity awareness. Recommendations for Practitioners: The instructors of any cybersecurity programs should incorporate some out-of-class learning activities into the courses in their programs, especially the introductory-level courses. Additionally, it is important to coordinate the out-of-class learning activities with the in-class lessons to enable the students to justify what they have learned in their classrooms and motivate them to learn more. Recommendation for Researchers: Researchers could look beyond in-class learning and laboratory learning to investigate the impacts of out-of-class learning activities on cybersecurity education to help the students to attain better learning outcomes. Impact on Society: By promoting cybersecurity education, universities and colleges could attain a higher retention rate of the students in their cybersecurity programs. The higher retention rate of the students in cybersecurity programs would help to ease the critical shortage of cybersecurity talent. Future Research: Future research could explore the impacts of other out-of-class learning activities on cybersecurity learning; for example: job shadowing, attending cybersecurity conferences, internship, developing cybersecurity systems or tools for actual customers, working on cybersecurity research with faculty members. Additionally, future studies could investigate the effects of the out-of-class learning approach on promoting other academic programs that are characterized by intensely complex and technical nature, similar to cybersecurity programs.

This research introduces a hybrid honeypot architecture to bolster security within software-defined networks (SDNs). By combining low-interaction and high-interaction honeypots, the proposed solution effectively identifies and mitigates cyber threats, including port scanning and man-in-the-middle attacks. The architecture is structured into multiple modules that focus on detecting open ports using Vilhala honeypots and simulating targeted and random attack scenarios. This hybrid approach enables comprehensive monitoring and detailed packet-level analysis, providing enhanced protection against advanced online threats. The study also conducts a comparative analysis of different attack detection methods using tools like KFSensor and networking shell commands. The results highlight the hybrid honeypot system's efficacy in filtering malicious traffic and detecting security breaches, making it a robust solution for safeguarding SDNs.

This paper will shed light on the lack of the development of appropriate monitoring systems in the field of education. Test banks can be easily purchased. Smart phones can take and share pictures of exams. A video of an exam given through Blackboard can easily be made. A survey to determine the extent of cheating using technology was given to several university students. Evidence is provided that shows security is lacking as evidenced by the number of students who have made use of technological advances to cheat on exams. The findings and conclusion may serve as evidence for administrators and policy makers to re-assess efforts being made to increase security in online testing.

CAPTCHA - Completely Automated Public Turing test to tell Computers and Humans Apart - is a test with the aim to distinguish between malicious automatic software and real users in the era of Cyber security threats. Various types of CAPTCHA tests were developed, in order to address accessibility while implementing security. This research focuses on the users’ attitudes and experiences related to use of the different kinds of tests. A questionnaire accompanied by experiencing five different CAPTCHA tests was performed among 212 users. Response times for each test and rate of success were collected automatically. The findings demonstrate that none of the existing tests are ideal. Although the participants were familiar with the Text-based test, they found it the most frustrating and non-enjoyable. Half of the participants failed in the Arithmetic-based test. While most of the participants found the picture and game based test enjoyable, their response time for those tests was the largest. The age factor was encountered as influencing both the attitude of the user and the performance, while younger users are more tolerant, have a better success rate, and are faster, the elder users found the tests annoying and time-consuming.

Aim/Purpose: Medical images are very sensitive data that can be transferred to medical laboratories, professionals, and specialist for referral cases or consultation. Strict security measures must be utilized to keep these data secured in computer networks when transferred to another party. On a daily basis, unauthorized users derive ways to gain access to sensitive patient medical information. Background: One of the best ways to which medical image could be kept secured is through the use of quantum cryptography Methodology : Applying the principles of quantum mechanics to cryptography has led to a remarkable new dimension in secured network communication infrastructure. This enables two legitimate users to produce a shared secret random bit string, which can be used as a key in cryptographic applications, such as message encryption and authentication. Contribution: This paper can make it possible for the healthcare and medical professions to construct cryptographic communication systems to keep patients’ transferred data safe and secured. Findings: This work has been able to provide a way for two authorized users who are in different locations to securely establish a secret network key and to detect if eavesdropping (a fraudulent or disruption in the network) has occurred Recommendations for Practitioners: This security mechanism is recommended for healthcare providers and practitioners to ensure the privacy of patients’ medical information. Recommendation for Researchers: This paper opens a new chapter in secured medical records Impact on Society Quantum key distribution promises network security based on the fundamental laws of quantum mechanics by solving the problems of secret-key cryptography . Future Research: The use of post-quantum cryptography can be further researched.

Aim/Purpose: Board of Directors seek to use their big data as a competitive advantage. Still, scholars note the complexities of corporate governance in practice related to information security risk management (ISRM) effectiveness. Background: While the interest in ISRM and its relationship to organizational success has grown, the scholarly literature is unclear about the effects of Chief Technology Officers (CTOs) leadership styles, the alignment of the governance of big data, and ISRM effectiveness in organizations in the West-ern United States. Methodology: The research method selected for this study was a quantitative, correlational research design. Data from 139 participant survey responses from Chief Technology Officers (CTOs) in the Western United States were analyzed using 3 regression models to test for mediation following Baron and Kenny’s methodology. Contribution: Previous scholarship has established the importance of leadership styles, big data governance, and ISRM effectiveness, but not in a combined understanding of the relationship between all three variables. The researchers’ primary objective was to contribute valuable knowledge to the practical field of computer science by empirically validating the relationships between the CTOs leadership styles, the alignment of the governance of big data, and ISRM effectiveness. Findings: The results of the first regression model between CTOs leadership styles and ISRM effectiveness were statistically significant. The second regression model results between CTOs leadership styles and the alignment of the governance of big data were not statistically significant. The results of the third regression model between CTOs leadership styles, the alignment of the governance of big data, and ISRM effectiveness were statistically significant. The alignment of the governance of big data was a significant predictor in the model. At the same time, the predictive strength of all 3 CTOs leadership styles was diminished between the first regression model and the third regression model. The regression models indicated that the alignment of the governance of big data was a partial mediator of the relationship between CTOs leadership styles and ISRM effectiveness. Recommendations for Practitioners: With big data growing at an exponential rate, this research may be useful in helping other practitioners think about how to test mediation with other interconnected variables related to the alignment of the governance of big data. Overall, the alignment of governance of big data being a partial mediator of the relationship between CTOs leadership styles and ISRM effectiveness suggests the significant role that the alignment of the governance of big data plays within an organization. Recommendations for Researchers: While this exact study has not been previously conducted with these three variables with CTOs in the Western United States, overall, these results are in agreement with the literature that information security governance does not significantly mediate the relationship between IT leadership styles and ISRM. However, some of the overall findings did vary from the literature, including the predictive relationship between transactional leadership and ISRM effectiveness. With the finding of partial mediation indicated in this study, this also suggests that the alignment of the governance of big data provides a partial intervention between CTOs leadership styles and ISRM effectiveness. Impact on Society: Big data breaches are increasing year after year, exposing sensitive information that can lead to harm to citizens. This study supports the broader scholarly consensus that to achieve ISRM effectiveness, better alignment of governance policies is essential. This research highlights the importance of higher-level governance as it relates to ISRM effectiveness, implying that ineffective governance could negatively impact both leadership and ISRM effectiveness, which could potentially cause reputational harm. Future Research: This study raised questions about CTO leadership styles, the specific governance structures involved related to the alignment of big data and ISRM effectiveness. While the research around these variables independently is mature, there is an overall lack of mediation studies as it relates to the impact of the alignment of the governance of big data. With the lack of alignment around a universal framework, evolving frameworks could be tested in future research to see if similar results are obtained.

Aim/Purpose. The problem statement in the proposed study focuses on that, despite the growing recognition that teenagers need to undergo security awareness training, little is known about the impacts security training experts believe implementing a mandatory gamified security awareness training curriculum in public middle schools will have on the long-term security behavior of students in Texas. Background. This study was guided by the research question: What are the impacts security training experts believe implementing a mandatory gamified security aware-ness training curriculum in public middle schools will have on the long-term security behaviors of students in Texas? The study gathers opinions from experts on the impacts of security awareness training on students. Methodology. Our research used semi-structured interviews with twelve experts chosen through the use of purposive sampling. The population for the study consisted of experts in the fields of security awareness training for and teaching middle school-aged children. Candidates were recruited through the Cyber-Texas Foundation and snowball sampling techniques. Contribution. The research contributed to the body of knowledge by using interviews to explore the impacts of security awareness training on middle school students based on the opinions and views of the teachers and instructors who work with middle school students. Findings. The findings of this study demonstrate that middle school is an ideal time to provide cybersecurity training and will impact student behaviors by making them more conscious of cyber threats and preparing them to be more tech-savvy professionals. The research also showed that well-designed cybersecurity games with real-world application combined with traditional teaching techniques can help students develop positive habits. The research also suggests that teachers possess the skills to teach cybersecurity classes and the classes can be integrated into the current school day without the need for any significant changes to existing daily schedules. Recommendations for Practitioners. A well-design gamification-based curriculum implemented in Texas Middle Schools, combined with traditional teaching techniques and repeated over an extended time period, will impact students’ behaviors by making them more able to recognize and respond to cyber risks and will transform them into more secure and tech-savvy members of society. Recommendations for Researchers. The research shows middle school instructors and technology experts believe the implementation of a security awareness training program in middle schools is both possible and practical, while also beneficial to the students. The recommendation is to encourage researchers to explore ways to build curricula and games capable of appealing to students and implementing the instruction into school programs. Impact on Society. Demonstrating that training provided in middle school will make lasting impacts and improvements to student behaviors benefits children and their families in the short-term and workplaces in the long-term. The development of a more security-conscious workforce can reduce the significant number of data breaches and cyber attacks resulting from the poor security habits of companies’ users. Future Research. Future research that will add significant value to the body of knowledge includes testing the effectiveness of habit-shaping games to determine whether existing long-term games maintain student interest. Qualitative studies could interview parents of teenagers using habit-shaping games to determine the effectiveness of the applications. Another qualitative study could interview teachers to determine how teachers’ ages affect their comfort level teaching technology classes. Both studies could provide valuable insights into how to implement security awareness training in schools.

Aim/Purpose. Capture the Flag (CTF) challenges are a popular form of cybersecurity education where students solve hands-on tasks in a game-like setting. These exercises provide learning experiences with various specific technologies and subjects, as well as a broader understanding of cybersecurity topics. Competitions reinforce and teach problem-solving skills that are applicable in various technical and non-technical environments outside of the competitions. Background. The Information Search Process (ISP) is a framework developed to under-stand the process by which an individual goes about studying a topic, identifying emotional ties connected to each step an individual takes. As the individual goes through the problem-solving process, there is a clear flow from uncertainty to clarity; the individual’s feelings, thoughts, and actions are all interconnected. This study aims to investigate the learning of cybersecurity concepts within the framework of the ISP, specifically in the context of CTF competitions. Methodology. A comprehensive research methodology designed to incorporate quantitative and qualitative analyses to draw the parallels between the participants’ emotional experiences and the affective dimensions of learning will be implemented to measure the three primary goals. Contribution. This study contributes significantly to the broader landscape of cybersecurity education and cognitive-emotional experiences in problem-solving. Findings. The study has three primary goals. First, we seek to enhance our under-standing of the emotional and intellectual aspects involved in problem-solving, as demonstrated by the ISP approach. Second, we aim to gain in-sights into how the presentation of CTF challenges influences the learning experience of participants. Lastly, we strive to contribute to the improvement of cybersecurity education by identifying actionable steps for more effective teaching of technical skills and approaches. Recommendations for Practitioners. Competitions reinforce and teach problem-solving skills applicable in various technical and non-technical environments outside of the competitions. Recommendations for Researchers. The Information Search Process (ISP) framework may enhance our understanding of the emotional and intellectual aspects involved in problem-solving as we study the emotional ties connected to each step an individual takes as the individual goes through the problem-solving process. Impact on Society. Our pursuit of advancing our understanding of cybersecurity education will better equip future generations with the skills and knowledge needed to ad-dress the evolving challenges of the digital landscape. This will better pre-pare them for real-world challenges. Future Research. Future studies would include the development of a cybersecurity curriculum on vulnerability exploitation and defense. It would include practice exploiting practical web and binary vulnerabilities, reverse engineering, system hardening, security operations, and understanding how they can be chained together.