More Like this

1. I'm SPARTACUS, No, I'm SPARTACUS: Proactively Protecting Users from Phishing by Intentionally Triggering Cloaking Behavior

   https://doi.org/10.1145/3548606.3559334  

   Zhang, Penghui; Sun, Zhibo; Kyung, Sukwha; Behrens, Hans Walter; Basque, Zion Leonahenahe; Cho, Haehyun; Oest, Adam; Wang, Ruoyu; Bao, Tiffany; Shoshitaishvili, Yan; et al (November 2022, CCS '22: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security)

   Phishing is a ubiquitous and increasingly sophisticated online threat. To evade mitigations, phishers try to ""cloak"" malicious content from defenders to delay their appearance on blacklists, while still presenting the phishing payload to victims. This cat-and-mouse game is variable and fast-moving, with many distinct cloaking methods---we construct a dataset identifying 2,933 real-world phishing kits that implement cloaking mechanisms. These kits use information from the host, browser, and HTTP request to classify traffic as either anti-phishing entity or potential victim and change their behavior accordingly. In this work we present SPARTACUS, a technique that subverts the phishing status quo by disguising user traffic as anti-phishing entities. These intentional false positives trigger cloaking behavior in phishing kits, thus hiding the malicious payload and protecting the user without disrupting benign sites. To evaluate the effectiveness of this approach, we deployed SPARTACUS as a browser extension from November 2020 to July 2021. During that time, SPARTACUS browsers visited 160,728 reported phishing URLs in the wild. Of these, SPARTACUS protected against 132,274 sites (82.3%). The phishing kits which showed malicious content to SPARTACUS typically did so due to ineffective cloaking---the majority (98.4%) of the remainder were detected by conventional anti-phishing systems such as Google Safe Browsing or VirusTotal, and would be blacklisted regardless. We further evaluate SPARTACUS against benign websites sampled from the Alexa Top One Million List for impacts on latency, accessibility, layout, and CPU overhead, finding minimal performance penalties and no loss in functionality. 

   more » « less
2. I'm leaving you, Travis: a continuous integration breakup story

   https://doi.org/10.1145/3196398.3196422  

   Widder, David Gray; Hilton, Michael; Kästner, Christian; Vasilescu, Bogdan (January 2018, Proceedings of the 15th International Conference on Mining Software Repositories)

   Continuous Integration (CI) services, which can automatically build, test, and deploy software projects, are an invaluable asset in distributed teams, increasing productivity and helping to maintain code quality. Prior work has shown that CI pipelines can be sophisticated, and choosing and configuring a CI system involves tradeoffs. As CI technology matures, new CI tool offerings arise to meet the distinct wants and needs of software teams, as they negotiate a path through these tradeoffs, depending on their context. In this paper, we begin to uncover these nuances, and tell the story of open-source projects falling out of love with Travis, the earliest and most popular cloud-based CI system. Using logistic regression, we quantify the effects that open-source community factors and project technical factors have on the rate of Travis abandonment. We find that increased build complexity reduces the chances of abandonment, that larger projects abandon at higher rates, and that a project's dominant language has significant but varying effects. Finally, we find the surprising result that metrics of configuration attempts and knowledge dispersion in the project do not affect the rate of abandonment. 

   more » « less
3. 'It's Problematic but I'm not Concerned': University Perspectives on Account Sharing

   https://doi.org/10.1145/3512915  

   Wang, Serena; Faklaris, Cori; Lin, Junchao; Dabbish, Laura; Hong, Jason I. (March 2022, Proceedings of the ACM on Human-Computer Interaction)

   Account sharing is a common, if officially unsanctioned, practice among workgroups, but so far understudied in higher education. We interview 23 workgroup members about their account sharing practices at a U.S. university. Our study is the first to explicitly compare IT and non-IT observations of account sharing as a "normal and easy" workgroup practice, as well as to compare student practices with those of full-time employees. We contrast our results with those in prior works and offer recommendations for security design and for IT messaging. Our findings that account sharing is perceived as low risk by our participants and that security is seen as secondary to other priorities offer insights into the gap between technical affordances and social needs in an academic workplace such as this.? 

   more » « less
4. Tell Me A Story Like I'm Five: Story Generation via Question Answering

   Castricato, Louis; Frazier, Spencer; Balloch, Jonathan; Riedl, Mark (January 2021, Proceedings of the 3rd Workshop on Narrative Understanding)

   null (Ed.)
5. "I'm Not Teaching Them Per Se": Designing and Delivering Asynchronous Undergraduate Online STEM Courses

   https://doi.org/10.1007/s10755-023-09670-9  

   Garza Mitchell, Regina L.; DeCamp, Whitney; Horvitz, Brian S.; Kowalske, Megan Grunert; Singleton, Cherrelle (February 2024, Innovative Higher Education)

   Although online courses have been a part of academia for nearly 30 years, they are still perceived as "different" than face-to-face instruction. Through in-depth interviews with four instructors, we explored how STEM faculty approach teaching asynchronous online undergraduate STEM courses. The faculty interviewed for this study viewed online courses as "not regular class[es]" and teaching those classes as "not teaching per se." Each of the instructors had assumptions about what a classroom was and about good instruction, but even for instructors who taught online for multiple years, those assumptions remained grounded in the face-to-face environment. There is a need for greater discussion about what it means to teach in an online environment. 

   more » « less