Welcome to the APWG eCrime Blog
Spear phishing proves to be a continuing and growing problem in cyber security for individuals and businesses.
Past experiences with case study papers submitted to the APWG Symposium on Electronic Crime Research (APWG eCrime) and research venues with common topical research foci have provided insight into common mistakes made by industry researchers trying to publish in more formalized forums. The content presented here is aimed at sharing some of these observed common missteps and provide guidance to potential submitters on ways to strengthen their research and increase the chances of the paper’s acceptance.
The APWG’s URL Block List (UBL) began life as a redundant secure FTP service (the ancient and venerable APWG PhishFeed), inspired by industry demand in late 2003 for a clearance mechanism for phishing report exchange and routing. As the user base matured, demand increased for more flexible interface schemes, spurring APWG Engineering to develop a number of interactive services for the UBL under HTTPS on the APWG eCrime Exchange.
We investigate opportunities and limitations of anti-money laundering (AML) in Bitcoin, a decentralized cryptographic currency proliferating on the Internet. We analyze several services offering increased transaction anonymization that have emerged in the Bitcoin ecosystem -- Bitcoin Fog, BitLaundry, and the Send Shared functionality of Blockchain.info. In a series of experiments, we use reverse-engineering methods to understand the mode of operation and try to trace anonymized transactions back to our probe accounts. While Bitcoin Fog and Blockchain.info successfully anonymize our transactions, we can link the input and output transactions of BitLaundry.
The Wikipedia entry for ‘error message’ includes a number of infamous (and confusing) error messages, though it doesn’t include my all-time favorite: Keyboard not found! Press any key to continue And no, that’s not an urban legend. While I’m not sure that was the exact wording, I did see more or less that same error message two or three times back in the days when user support was part of my job.
Life hasn’t been easy for security professionals since the first quarter of 2013. We’re now in phase three of a series of concerted attacks against banks and other financial institutions. In fact, the annual DDoS Threat and Impact Survey published by DDoS mitigation vendor Neustar, 44 percent of the companies in the financial sector participating in the survey were attacked in 2012. And as 2013 continues, we unfortunately continue to see that traditional forms of security protection are proving ineffective.
I’m not a regular denizen of the ivory halls of academia, but I’ve recently become aware of a journal paper submission scam for which even a quasi-academic is apparently a suitable target. At any rate, I recently received a minor blizzard of emails offering me the opportunity to submit a paper to one of several dozen open access, peer-reviewed online journals, and to join them as an editorial board member or reviewer.
Self-efficacy is the belief that we can achieve a certain goal. It’s an important topic in several areas of psychology, especially in health psychology, because of its role in addiction. Generally, the higher a person’s perceived self-efficacy regarding breaking an addiction (be it smoking, alcohol, drugs, or anything else), the more likely they are to be successful.