Technical Report: Friend-in-the-Middle (FITM) Attacks

Posted: July 14th, 2010 | Author: | Filed under: fitm, research, security | Tags: , , , , , , | 1 Comment »

Abstract. In the ongoing arms race between spammers and the multi-million dollar anti-spam industry, the number of unsolicited e-mail messages (better known as “spam”) and phishing has increased heavily in the last decade. In this paper, we show that our novel friend-in-the-middle attack on social networking sites (SNSs) can be used to harvest social data in an automated fashion. This social data can then be exploited for large-scale attacks such as context-aware spam and social-phishing. We prove the feasibility of our attack exemplarily on Facebook and identify possible consequences based on a mathematical model and simulations. Alarmingly, all major SNSs are vulnerable to our attack as they fail to secure the network layer appropriately.

FITM_TR0710

http://fitm.nysos.net

FITM Attacks (Image by http://www.flickr.com/photos/donsolo/)


Who On Earth Is ”Mr. Cypher“: Automated Friend Injection Attacks on Social Networking Sites

Posted: June 14th, 2010 | Author: | Filed under: research, security | Tags: , , , , , , | No Comments »

Abstract. Within this paper we present our novel friend injection attack which exploits the fact that the great majority of social networking sites fail to protect the communication between its users and their services. In a practical evaluation, on the basis of public wireless access points, we furthermore demonstrate the feasibility of our attack. The friend injection attack enables a stealth infiltration of social networks and thus outlines the devastating consequences of active eavesdropping attacks against social networking sites.

Preprint

http://friendinjection.nysos.net


Happy Birtday Spam!

Posted: May 3rd, 2010 | Author: | Filed under: research, security | Tags: , , , , , , | No Comments »

Apparently 30 years ago the first Spam message was sent. Thus happy birthday dear beloved Spam and hopefully we get rid of these messages clogging up our mailboxes soon.


Paper accepted

Posted: April 20th, 2009 | Author: | Filed under: random, security | Tags: , , , , , , , , , , , , | No Comments »

We just got a paper accepted at the WISE09. It’s on virtualization of security lab exercises based on OSS. I planning to post the paper here, once I have the print-ready version.


An end is in sight …

Posted: February 27th, 2009 | Author: | Filed under: ASE, random, security | Tags: , , , , , , , , , , , , | No Comments »

I’m writing the last pages of my master’s thesis on Automated Social Engineering and should present my work soon. Once it’s done I’m also planning to post a digitial version online on my blog.