A computer security researcher,Ross Anderson, learns adverse selection, moral hazard and game theory.
Security Engineering- a free book by the presenter
See also the blog Light Blue Touchpaper, and their posts on Security Economics
See also the following interesting paper;
Adverse Selection in Online "Trust" Authorities, an empirical look at the best-known certification authority, TRUSTe. I cross-reference TRUSTe's ratings with the findings of SiteAdvisor -- where robots check web site downloads for spyware, and submit single-use addresses into email forms to check for spam, among other automated and manual tests. Of course SiteAdvisor data isn't perfect either, but if SiteAdvisor says a site is bad news, while TRUSTe gives it a seal, most users are likely to side with SiteAdvisor.
key finding: Sites certified by TRUSTe are more than twice as likely to be untrustworthy as a random sampling of popular sites. The relative hazards of TRUSTe-certified sites hold even when analysis controls for site attributes and for site complexity.
Related: Video - Rock Phish in Action
No comments:
Post a Comment