SECUSO Research

Anne Hennig, #SECUSO, supports the Poster Jury of the Twenty-First #Symposium on Usable #Privacy and #Security (#SOUPS 2025). SOUPS seeks posters and poster abstracts of recent or ongoing #research related to usable privacy and security. Submissions of preliminary findings from ongoing work, undergraduate/master research projects, or posters about work on usable privacy and security that were recently published at other venues (2024 to 2025) are welcomed. Submission deadline for posters is Thursday, May 22, 2025. SOUPS 2025 will take place August 10-12 and will be co-located with the 34th USENIX Security Symposium in Seattle, WA, USA.
The #CfP: https://www.usenix.org/conference/soups2025/call-for-posters
@usenixassociation

@mozilla.social #Firefox and #Thunderbird have fixed #security issues after report by #SECUSO: After disclosing security issues related to user deception through IDN homographic domains to Mozilla, these issues have been addressed in the latest versions of Mozilla Firefox and Thunderbird. We recommend keeping your email clients and browsers up to date to ensure the best possible protection. The full article by Maxime Veit et al. about the user deceptions that can be used by attackers was recently published in Computers & Security.
Read the paper: https://publikationen.bibliothek.kit.edu/1000177225

Haben Sie genug von den ständigen Sicherheitswarnungen, die jeden Tag auftauchen, und ertappen Sie sich dabei, wie Sie sie durchklicken, ohne sie wirklich zu lesen? Da sind Sie nicht allein. Wir erforschen, wie wir diese Unterbrechungen reduzieren können, indem wir Sicherheitswarnungen nur dann anzeigen, wenn sie wirklich benötigt werden, und zwar auf der Grundlage des Nutzerverhaltens und auf eine datenschutzfreundliche Weise. Treffen Sie Maxime Veit am „Tag der offenen Tür“ des @KIT_Karlsruhe im KD²Lab (Fritz-Erler-Straße 1-3), um unsere Forschung aus erster Hand zu erfahren und mitzudiskutieren. Sie können auch STAR, unseren Security Teaching & Awareness Roboter, im KIT Ehrenhof (Kaiserstraße 10) besuchen, wo er unsere Arbeit zum Thema E-Mail-Phishing auf interaktive und ansprechende Weise präsentiert.
Zum gesamten Programm: https://www.kit.edu/kit/tag-der-offenen-tuer.php

In a recent article published in Computers & Security, Maxime Veit, Oliver Wiese, Fabian Lucas Ballreich, Melanie Volkamer, Douglas Engels, and Peter Mayer investigate how email clients fare against user #deception techniques that have evolved over the past decade. Despite advances in email #security their systematic review and empirical analysis reveal that many clients—including #thunderbird, #outlook and Apple Mail—remain vulnerable to deceptive practices, especially those involving misleading links. Their evaluation of seven widely used email clients across desktop, mobile, and web platforms shows that most are still susceptible to several high-impact techniques. They also provide concrete recommendations, some of which have already prompted improvements, particularly in the handling of links in mobile mail apps.
You can read the article here: https://doi.org/10.1016/j.cose.2024.104197

The call for papers for this year’s European Symposium on Usable Security (#EuroUSEC2025) is published. Current contributions from the area of usable security have to be registered until Monday May 05, 2024. Submission deadline is Firday May, 09, 2025. As in previous years, EuroUSEC will be an independent event without affiliation to any conference. Accepted contributions will be published as part of the International Conference Proceeding Series (ICPS) by ACM. EuroUSEC 2025 will take place September 10 & 11, 2025 in Manchester, UK. Again, Anne Hennig supports the conference as member of the program commitee.

Submit to EuroUSEC: https://eurousec2025.cis.strath.ac.uk

The technical project report "Project Report HSF Research Area 4 -Graphical Authentication on Augmented Reality" by Melanie Volkamer, Reyhan Duzgun, Tobias Hilt, Philipp Matheis and Peter Mayer has been published. In a between-subjects lab study with 126 participants, three different combinations of grid size and secret length for the “Things” authentication scheme were examined. While a two-row layout with a total of 10 images showed slight advantages over the other variants, the qualitative feedback indicates that the optimal user experience can be achieved by allowing users to adjust the grid size individually. This technical project report was written as part of the subtopic ‘Methods for Engineering Secure Systems’ of the Helmholtz Topic ‘Engineering Secure Systems (ESS)’.

You can read the report here: https://publikationen.bibliothek.kit.edu/1000179759

#SECUSO unterstützt den #Awareness Day an der TU Freiberg am Mittwoch, 2. April, mit Materialien zu #Phishing. Unsere NoPhish-Materialien wurden entwickelt, damit Nutzerinnen und Nutzer Angriffe in Form von betrügerischen Nachrichten besser verstehen und lernen, wie sie sich schützen können. NoPhish führt in das Thema Phishing ein und zeigt, wie man unplausible, betrügerische Nachrichten, Nachrichten mit gefährlichen Links und Nachrichten mit gefährlichen Anhängen erkennen kann.
Zu den Materialien und mehr Informationen zu NoPhish: https://secuso.aifb.kit.edu/betruegerische_nachrichten_erkennen.php
@tu_freiberg