CRCS Privacy and Security Lunch Seminar

Date: Wednesday, April 8, 2009
Time: 12:00pm-1:30 pm
Place: Maxwell Dworkin 2nd Floor Lounge Area

Speakers : Stuart Schechter (Microsoft)  and Serge Egelman (CMU)

Title:   Paying people to buy vibrators and lie to their spouse’s friends. Two short talks on the latest social science results in online security and privacy

Abstract:   Many commerce websites post privacy policies to address Internet shoppers’ privacy concerns, but few users read or understand them.

Serge Egelman will present the results of a laboratory study in which researchers asked users to purchase items — some highly privacy-sensitive – to determine whether the timing and placement of online privacy indicators impacted browsing and purchasing decisions.

We’ll then change topics from privacy to authentication.  When a user forgets the password to an online account, she can use a backup authentication mechanism to regain access—or at least try.  The most popular backup authentication mechanisms in use today – alternate email addresses and ‘secret’ questions – are too likely to reject legitimate account holders or are susceptible to guessing by imposters.  Stuart Schechter will introduce a new backup authentication mechanism, describe the methodology used to test its reliability and security against social engineering attacks, and present results.

Bios:

Serge Egelman is a PhD student within Carnegie Mellon’s School of Computer Science and a member of the CyLab Usable Privacy and Security Laboratory.  Serge is primarily interested in improving user interactions with security software.  To give some examples, he has worked on designing intuitive online security warnings, accessible privacy policies, and safer authentication systems.  Serge’s hobbiesinclude graduating and applying for jobs.

Stuart Schechter is a man of few accomplishments and so, the reluctant reader should be pleased to hear, his biography is correspondingly short.  Stuart has worked on systems security, security economics, and has spent the last few years developing and applying new methodologies for measuring users’ security behavior.  Since joining Microsoft Research, Stuart has focused on building and measuring the efficacy of new mechanisms for backup authentication and on projects that simplify and streamline permissioning.  Stuart received his B.S. from Ohio State, Ph.D. from Harvard’s School of Engineering and Applied Sciences, and previously worked at MIT Lincoln Laboratory.  While in Cambridge, Stuart spent nine years as a Resident Tutor in Leverett House.