Re: Assessing the security awareness of web users at a national level
- From: J-P <jphml@xxxxxxxxxxxx>
- Date: Tue, 22 Sep 2009 12:19:51 -0400
Hi Demetris,
Not sure about the ethic side of your project (even if I'd be curious to see
the results), but to answer your question, the only similar project I saw
was done by Didier Stevens back in 2007. See his blog post here
http://blog.didierstevens.com/2007/05/07/is-your-pc-virus-free-get-it-infect
ed-here/
I hope you'll find useful information there.
J-P
On 09-09-18 6:29 AM, "Demetris Papapetrou"
<dpapapetrou@xxxxxxxxxxxxxxxxxxxx> wrote:
Dear list members,
I am currently setting up a project, in which I will assess the security
awareness level of my fellow citizens concerning social engineering attacks
that are launched through the web. The scope of the project is to gather
statistical data and possibly draw some useful conclusions as to the level
of awareness of lets say, male vs female users in my country, young vs old
people, linux vs windows users or even firefox vs internet explorer users.
The attack methods will simulate real life scenarios such as fake virus
detection messages, missing codec messages or even "click me" buttons that
are often utilized by attackers to infect computers with
viruses/backdoors/malware/etc. I should note here that no harmful programs
will be sent to users during the assessment. Instead the "malicious website"
will record whether the users clicked on the download button/malicious link
or not.
I was wondering whether any of you know of similar projects performed and if
you are kind enough to point me to any relevant links.
Any suggestions regarding the method of distribution (e.g. emails, forums,
IRC, facebook, myspace, etc) or the different attack vectors (e.g. virus
message, codec missing messages, etc) or anything else that comes to your
mind will be much appreciated.
Thank you in advance,
Demetris
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually
do a proper penetration test. IACRB CPT and CEPT certs require a full
practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------
- References:
- Assessing the security awareness of web users at a national level
- From: Demetris Papapetrou
- Assessing the security awareness of web users at a national level
- Prev by Date: Re: Mapping a network
- Next by Date: Social Engineering – It’s Nothing New
- Previous by thread: Re: Assessing the security awareness of web users at a national level
- Next by thread: USB Drive over network audit monitor
- Index(es):
Relevant Pages
|
