[Zurück]


Beiträge in Tagungsbänden:

M. Balduzzi, Ch. Platzer, T. Holz, E. Kirda, D. Balzarotti, Ch. Krügel:
"Abusing Social Networks for Automated User Profiling";
in: "Recent Advances in Intrusion Detection (RAID 2010)", Springer, 2010, ISBN: 978-3-642-15511-6, 20 S.



Kurzfassung englisch:
Recently, social networks such as Facebook have experienced a huge
surge in popularity. The amount of personal information stored on these sites calls
for appropriate security precautions to protect this data.
In this paper, we describe how we are able to take advantage of a common weak-
ness, namely the fact that an attacker can query popular social networks for reg-
istered e-mail addresses on a large scale. Starting with a list of about 10.4 million
email addresses, we were able to automatically identify more than 1.2 million
user profiles associated with these addresses. By automatically crawling and cor-
relating these profiles, we collect detailed personal information about each user,
which we use for automated profiling (i.e., to enrich the information available
from each user). Having access to such information would allow an attacker to
launch sophisticated, targeted attacks, or to improve the efficiency of spam cam-
paigns. We have contacted the most popular providers, who acknowledged the
threat and are currently implementing our proposed countermeasures. Facebook
and XING, in particular, have recently fixed the problem.


Elektronische Version der Publikation:
http://publik.tuwien.ac.at/files/PubDat_190541.pdf



Zugeordnete Projekte:
Projektleitung Paolo Milani Comparetti:
Worldwide Observatory of Malicious Behaviors and Attack Threats


Erstellt aus der Publikationsdatenbank der Technischen Universität Wien.