Categories
random security

Google+ and Diaspora: Secure Connection (HTTPS) per default

I recently got invited to Google+ and had a curious first look. Google+ seems to be enforcing HTTPS on all pages. Given the current Facebook security issue with HTTPS this is good news. Also had a look at diaspora*, which has some active development. First public community supported diaspora* pods, such as diasp.org or diasp.eu […]

Categories
fitm personal random security

Enable HTTPS on Facebook!

A couple of month passed since Facebook introduced full SSL support. This optional feature lets you browse Facebook via a secure connection (https) whenever possible. Facebook via https is now available to all users and why are so few people using it? I suppose because the option is disabled per default. -> Enable this option! […]

Categories
fitm research security

Technical Report: Friend-in-the-Middle (FITM) Attacks

Abstract. In the ongoing arms race between spammers and the multi-million dollar anti-spam industry, the number of unsolicited e-mail messages (better known as “spam”) and phishing has increased heavily in the last decade. In this paper, we show that our novel friend-in-the-middle attack on social networking sites (SNSs) can be used to harvest social data […]