Authentication plays a significant role in computer security to validate human users. CAPTCHA is one of human interaction proof test to verify whether user is a human or a computer program. It has become a very popular security mechanism used to prevent any automated abuse of online services which is intended for human user. The test usually is provided in the authentication phase where the user will be directed to the next page if they are authorized. From the login site, an attacker creates a program exploiting the username and password to get into a website. Recently, there are a lot of different types of CAPTCHA available on the internet. However, most of them have been successfully attacked by automated programs. Thus, this paper investigates existing related works on CAPTCHA which focus on login authentication and authorization by proposes a different approach using Jawi script. Based on investigations of the systematic review and preliminary findings, it shows that this is the first work that proposed using a different script and possible future directions for producing more reliable human/computer distinguishers. Future works will develop an alternative and stronger CAPTCHA to prevent breaking cyber-attack such as dictionary attack while maintaining ease of implementation on website and ease of use for human by reducing the difficulties on reading the CAPTCHA. Copyright International Association of Engineers.

Given a paucity of research and apparent lack of coherence in information system research, it seems that there is no consensus in the information system field as to how security fits into the information system acceptance, usage, success, utilization, and/or performance impact (effectiveness, efficiency, and satisfaction). This paper is part of an ongoing research project designed to extend the Technology-to-Performance Chain (TPC) model by including the Computer Security Self-Efficacy (CSSE) construct, a strategy of model extension suggested by several researchers. This project aims to examine the research conducted in the last decade in information system journals regarding security issues then based on social cognitive theory, to propose a construct to measure individuals' computer security self-efficacy. Based on the Technology-to- Performance Chain (TPC) model, this study design expected to models and tests relationship among computer security self-efficacy and secures online banking system performance impact. The study will try to answer the question "to what extent has the computer security self-efficacy affected user's perception of secure online banking system effectiveness". After this research finished, the researcher assume that this study findings will provides an initial step towards understanding of the applicability of social cognitive theory in information system security domain and helps information security professionals design information systems considering the effect of computer security self-efficacy on secure information system. � 2012 IEEE.

Nowadays, malware attack mobile phone compared to the computer due to its mobility and extensive usage. The users are being exposed with sophisticated threats that lead to loss of money and confidential information. These threats are inferred by malwares that exploit the mobile applications (apps) vulnerabilities. Five surveillance features in a mobile phone commonly used by the malwares includes Short Message Service (SMS), call log, Global Positioning System (GPS), camera and audio. This paper focuses on the SMS feature and presents a mobile apps called as Go-Detect inspired by Apoptosis to detect SMS exploitation by malwares. There are 16 new SMS Android Package Index (API) classifications that have been developed and used as the input for this app. Apoptosis or known as cell-programmed-death is a concept borrowed from human immunology that has been integrated in this app. It will uninstall and delete the infected apps that matched with the proposed classifications. A total of 5560 Drebin dataset has been used as the training dataset and reverse engineered using static analysis in a controlled lab environment. This app is built by using JAVA. Based on the testing conducted with 50 anonymous mobile apps from the Google Play store, 36% matched with the proposed classification. This new classification and apps can be used as the reference and basis for other researchers to detect malware in a mobile phone.

Nowadays, Android has become the most widely used platform for smartphones. Due to the active used of smartphones, the floodgates of mobile malware threats are open every single day. Mobile malware harms users by illegally disable a mobile device, allowing malicious user to remotely control the device and steal personal information stored on the device. One of the surveillance features that attackers could abuse to gain those benefits is by exploiting the SMS message. Therefore, this paper introduces a new system call classification for SMS exploitation using a covering algorithm. The new system call classification can be used as a guidance to defend against mobile malware attacks. 1260 malware samples related to SMS exploitation from the Android Malware Genome Project have been analysed. The experiment was conducted using the dynamic analysis and open source tools in a controlled lab environment. � Springer International Publishing Switzerland 2016.