Who On Earth Is ”Mr. Cypher“: Automated Friend Injection Attacks on Social Networking Sites

Posted: June 14th, 2010 | Author: markus | Filed under: research, security | Tags: academia, computer security, Facebook, friendinjection, preprint, research, security | No Comments »

Abstract. Within this paper we present our novel friend injection attack which exploits the fact that the great majority of social networking sites fail to protect the communication between its users and their services. In a practical evaluation, on the basis of public wireless access points, we furthermore demonstrate the feasibility of our attack. The friend injection attack enables a stealth infiltration of social networks and thus outlines the devastating consequences of active eavesdropping attacks against social networking sites.

Preprint

http://friendinjection.nysos.net

This work is licensed under a Creative Commons Attribution 4.0 International License.

Recent Tweets

@nys0s
security and privacy, based in Vienna. @runtastic @usableprivacy

@NielsProvos Article suggests that the malicious For nodes might have been identified by the Spoiled Onion paper @__phw @Fr333k
RT @NielsProvos: "Hackers have breached SyTech, a contractor for FSB, Russia's national intelligence service, from where they stole… https://t.co/4r3ukOgiIt
RT @random_walker: Facebook asks users to add their phone numbers for 2-factor authentication, then misuses that info to target ads. R… https://t.co/ImbrvPDkPV

Markus Donko-Huber

A blog on computer security and some random stuff.

Who On Earth Is ”Mr. Cypher“: Automated Friend Injection Attacks on Social Networking Sites

Preprint

http://friendinjection.nysos.net

Leave a Reply

Recent Tweets

Blogroll

Hacking

Kudos

Research