The username/password combination is still the most widely used method albeit various user authentication techniques have been introduced. Numerous studies have been conducted to investigate the scheme and it could be summarized that despite it weaknesses, it is the most favourable scheme. Thus, to reduce the weakness, authenticating users with image or pictures (i.e. graphical password) is proposed as one possible alternative as it was claimed that pictures were easy to remember, easy to use and has considerable security. This paper presents a study carried out to investigate initial user's performance and feedback towards the use of hybrid graphical methods (i.e. combining two graphical methods) as a method of authentication. Initially, a survey was conducted to identify participants' drawing patterns as their secret using paper-based method, and then the graphical software prototype was developed and pilot tested by selected participants. Overall, the pilot test on the prototype showed positive results as participants enjoyed using it and able to register within tolerable time.

Nowadays mobile devices such as smartphones had widely been used. People use smartphones not limited for phone calling or sending messages but also for web browsing, social networking and online banking transaction. To certain extend, all confidential information are kept in their smartphone. As a result, smartphones became as one of the cyber-criminal main target especially through an installation of mobile botnet. Eurograbber is an example of mobile botnet that being installed via infected mobile application without victim knowledge. It will pretense as mobile banking application software and steal financial transaction information from victim's smartphone. In 2012, Eurograbber had caused a total loss of USD 47 Million accumulatively all over the world. Based on the implications posed by this botnet, this is the urge where this research comes in. This paper presents a proof of concept on how the botnet works and the ongoing research to detect and respond to the mobile botnet efficiently. Detection of botnet malicious activity is done through an analysis of Crusewind Botnet code using reverse engineering process and static analysis technique.