Threat Intelligence

6/19/2017
12:00 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

How Safe Is Your Online Behavior?

Carnegie Mellon researchers say the safety of your online behavior depends on where you're from.

PITTSBURGH – Selecting a password or deciding whether an email is a phishing email or not are among countless security decisions you make on a regular basis. Are you making the right decisions? Do you consider your online behavior safe? According to the latest research out of Carnegie Mellon University’s CyLab, it actually depends on where you’re from.

"By and large, users are working primarily with security tools that are designed by and for western users,” says Nicolas Christin, a professor in the departments of Engineering and Public Policy and the Institute for Software Research. “What we wanted to find out was: does that matter? How does your country of origin affect your online security behavior?"

The study was presented at last month’s ACM CHI 2017 conference in Denver, CO.

"We found that people from different countries exhibit significantly different security behaviors," Christin said. "For example, participants from some Asian countries – especially Japan – tend to exhibit less secure behavior."

The researchers are unsure why Japanese users are particularly more relaxed when it comes to security, but hypothesize that it may have to do with overall security in Japan. 

"Japan has had for many, many years one of the lowest crime rates in the world," Christin says. "We speculate that this may cause them to be a lot less concerned in security than some of their counterparts like France or the USA."

Participants from the USA and France exhibited the highest security scores in the study.

These findings help pave the way towards designing more personalized security tools. Information about users’ location, for example, could help set more effective default system security settings. Christin offers an analogy.

"When you go to a doctor, they can give you pretty good advice on fighting a cold," Christin says. "… but their advice is a lot better if they know what kind of diet you follow or what kind of exercise you routinely do."

In the study, Christin and his team created an online survey to collect information about security behavior of participants in seven different countries: China, France, Japan, Korea, Russia, the United Arab Emirates (UAE), and the United States (US). These countries were chosen, the authors say because they represent five different geographical regions and consist of nearly one-third of the total world population.

After overcoming various challenges in translating the survey into six other languages (e.g. the use of double-negatives does not translate well into Japanese), the survey was sent to and taken by 3,500 participants – 500 from each of the seven countries under focus.

Other authors on the study included Electrical and Computer Engineering Ph.D. student Mahmood Sharif and KDDI Research, Inc. researchers Yukiko Sawaya, Ayumu Kubota, Akihiro Nakari and Akira Yamada.

 

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Want Your Daughter to Succeed in Cyber? Call Her John
John De Santis, CEO, HyTrust,  5/16/2018
New Mexico Man Sentenced on DDoS, Gun Charges
Dark Reading Staff 5/18/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-11354
PUBLISHED: 2018-05-22
In Wireshark 2.6.0, the IEEE 1905.1a dissector could crash. This was addressed in epan/dissectors/packet-ieee1905.c by making a certain correction to string handling.
CVE-2018-11355
PUBLISHED: 2018-05-22
In Wireshark 2.6.0, the RTCP dissector could crash. This was addressed in epan/dissectors/packet-rtcp.c by avoiding a buffer overflow for packet status chunks.
CVE-2018-11356
PUBLISHED: 2018-05-22
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the DNS dissector could crash. This was addressed in epan/dissectors/packet-dns.c by avoiding a NULL pointer dereference for an empty name in an SRV record.
CVE-2018-11357
PUBLISHED: 2018-05-22
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LTP dissector and other dissectors could consume excessive memory. This was addressed in epan/tvbuff.c by rejecting negative lengths.
CVE-2018-11358
PUBLISHED: 2018-05-22
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the Q.931 dissector could crash. This was addressed in epan/dissectors/packet-q931.c by avoiding a use-after-free after a malformed packet prevented certain cleanup.