Tracking Users across the Web via TLS Session Resumption

User tracking on the Internet can come in various forms, e.g., via cookies or by fingerprinting web browsers. A technique that got less attention so far is user tracking based on TLS and specifically based on the TLS session resumption mechanism. To the best of our knowledge, we are the first that investigate the applicability of TLS session resumption for user tracking. For that, we evaluated the configuration of 48 popular browsers and one million of the most popular websites. Moreover, we present a so-called prolongation attack, which allows extending the tracking period beyond the lifetime of the session resumption mechanism. To show that under the observed browser configurations tracking via TLS session resumptions is feasible, we also looked into DNS data to understand the longest consecutive tracking period for a user by a particular website. Our results indicate that with the standard setting of the session resumption lifetime in many current browsers, the average user can be tracked for up to eight days. With a session resumption lifetime of seven days, as recommended upper limit in the draft for TLS version 1.3, 65% of all users in our dataset can be tracked permanently.Comment: 11 page

I Know What You Did Last Summer: Your Smart Home Internet of Things and Your iPhone Forensically Ratting You Out

The adoption of smart home Internet of Things (IoT) devices continues to grow. What if your devices can snitch on you and let us know where you are at any given point in time? In this work we examined the forensic artifacts produced by Nest devices, and in specific, we examined the logical backup structure of an iPhone used to control a Nest thermostat, Nest Indoor Camera and a Nest Outdoor Camera. We also integrated the Google Home Mini as another method of controlling the studied Smart Home devices. Our work is the primary account for the examination of Nest artifacts produced by an iPhone, and is also the first open source research to produce a usable forensics tool we name the Forensic Evidence Acquisition and Analysis System (FEAAS). FEAAS consolidates evidentiary data into a readable report that can infer user events (like entering or leaving a home) and what triggered an event (whether it was the Google Assistant through a voice command, or the use of an iPhone application). Our results are important for the advancement of digital forensics, as there are cases starting to emerge in which smart home IoT devices have already been used as culpatory evidence

Understanding the Use of Crisis Informatics Technology among Older Adults

Mass emergencies increasingly pose significant threats to human life, with a disproportionate burden being incurred by older adults. Research has explored how mobile technology can mitigate the effects of mass emergencies. However, less work has examined how mobile technologies support older adults during emergencies, considering their unique needs. To address this research gap, we interviewed 16 older adults who had recent experience with an emergency evacuation to understand the perceived value of using mobile technology during emergencies. We found that there was a lack of awareness and engagement with existing crisis apps. Our findings characterize the ways in which our participants did and did not feel crisis informatics tools address human values, including basic needs and esteem needs. We contribute an understanding of how older adults used mobile technology during emergencies and their perspectives on how well such tools address human values.Comment: 10 page

Image use in field guides and identification keys: review and recommendations

We review image use in field guides and keys, and formulate a set of best practices for image use. The review covers the full range of guides, from those that consist only of species descriptions, to lavishly illustrated technical guides

Detecting semantic social engineering attacks with the weakest link: Implementation and empirical evaluation of a human-as-a-security-sensor framework

The notion that the human user is the weakest link in information security has been strongly, and, we argue, rightly contested in recent years. Here, we take a step further showing that the human user can in fact be the strongest link for detecting attacks that involve deception, such as application masquerading, spearphishing, WiFi evil twin and other types of semantic social engineering. Towards this direction, we have developed a human-as-a-security-sensor framework and a practical implementation in the form of Cogni-Sense, a Microsoft Windows prototype application, designed to allow and encourage users to actively detect and report semantic social engineering attacks against them. Experimental evaluation with 26 users of different profiles running Cogni-Sense on their personal computers for a period of 45 days has shown that human sensors can consistently outperform technical security systems. Making use of a machine learning based approach, we also show that the reliability of each report, and consequently the performance of each human sensor, can be predicted in a meaningful and practical manner. In an organisation that employs a human-as-a-security-sensor implementation, such as Cogni-Sense, an attack is considered to have been detected if at least one user has reported it. In our evaluation, a small organisation consisting only of the 26 participants of the experiment would have exhibited a missed detection rate below 10%, down from 81% if only technical security systems had been used. The results strongly point towards the need to actively involve the user not only in prevention through cyber hygiene and user-centric security design, but also in active cyber threat detection and reporting

Systematic assessment of HER2/neu in gynecologic neoplasms, an institutional experience

BACKGROUND: HER2/neu overexpression and/or amplification has been widely studied in a number of solid tumors, primarily in the breast. In gynecologic neoplasms, determination of HER2/neu status has not been well studied as a predictive biomarker in anti-HER2/neu treatment. METHODS: We systematically evaluated the HER2/neu reactions by immunohistochemistry and fluorescent in situ hybridization in malignant gynecologic neoplasms as experienced in our institution. RESULTS: The HER2/neu overexpression or amplification occurred in 8 % of the cancers of the gynecological organs in our series. Majority of the HER2/neu overexpression and/or amplification occurred in clear cell (27 %) and serous (11 %) carcinomas. HER2/neu positivity was also seen in undifferentiated as well as in mixed clear cell and serous carcinomas. Discordant IHC and FISH results (positive by FISH but not IHC) was seen in 2 cases. Majority of the HER2/neu overexpression and/or amplification occurs in the endometrium rather than the ovary. Heterogeneity of the HER2/neu by IHC staining was in < 2 % of the tumors in our series. CONCLUSIONS: We recommend the HER2/neu studies on Müllerian carcinomas of clear cell, serous, and undifferentiated types, particularly when they arise in the endometrium. Since there are some discordant IHC/FISH results, we also propose performing the HER2/neu testing by FISH when the IHC score is less than 3 +