ACM COSN at Northeastern

Posted: October 9th, 2013 | Author: | Filed under: research, security | Tags: , , , , , , , , , | No Comments »

The last two days I attended the first conference on online social network. I was really amazed by how the well the conference was organized and the interesting crowd of researchers it attracted. Our paper on social networking apps, was among 3-4 papers related to security and privacy issues in online social networks. As of my presentation yesterday, I also made our AppInspect Project website publicly available.
Hope to post some pics from Boston soon, if I find time for some sightseeing.


Social Snapshot Pilot – Completed

Posted: May 30th, 2012 | Author: | Filed under: random, research, security | Tags: , , , , , , | No Comments »

In the past six month 97 people participated in our social snapshot pilot survey. As of now, the pilot application is not available for public testing anymore. We are currently working an updated release of our social snapshot framework, with plenty of new functionality and performance improvements. So stay tuned for the upcoming release of our social network security and forensics framework.

Thank you so very much to everyone who gave our social snapshot framework a try!


Social Snapshot Pilot survey

Posted: January 19th, 2012 | Author: | Filed under: random | Tags: , , , , , , , , | No Comments »

Securely download a copy of your Facebook account:

  • Account data (JSON + Gephi Files)
  • All tagged pictures

It only takes two clicks:
http://is.gd/snapshotsurvey


Dropbox Security: Dark Clouds on the Horizon at USENIX’11

Posted: June 22nd, 2011 | Author: | Filed under: research, security | Tags: , , , , , , , , | No Comments »

Back in March 2010 we started an investigation into online file storage services and Dropbox in particular. Sebastian and Manuel started to disassemble the Dropbox binary and in essence created an alternative client by patching its crypto libraries. In the months that followed we found a number of security flaws with Dropbox. In November 2010 we informed Dropbox about the security holes we found: unauthorized file access as well as a potential misuse of Dropbox for an unlimited online slackspace. It took Dropbox until April 2011 to respond to our findings. In the meantime a number of independent researchers found some of the security shortcomings we described (e.g. Christopher Soghoian’s blog entry).

Thus, we are more than happy to finally present our research at this year’s USENIX Security conference in San Francisco.

In addition to our findings Dropbox had a security glitch this week, whereas authentication without providing a valid password was possible for around 4h. In summary: One should be very careful which information is stored on Dropbox and Dropbox has to overhaul their service’s security.

Preprint of our paper, is available here: dropboxUSENIX2011.pdf

More information: SBA Research


Technical Report: Friend-in-the-Middle (FITM) Attacks

Posted: July 14th, 2010 | Author: | Filed under: fitm, research, security | Tags: , , , , , , | 1 Comment »

Abstract. In the ongoing arms race between spammers and the multi-million dollar anti-spam industry, the number of unsolicited e-mail messages (better known as “spam”) and phishing has increased heavily in the last decade. In this paper, we show that our novel friend-in-the-middle attack on social networking sites (SNSs) can be used to harvest social data in an automated fashion. This social data can then be exploited for large-scale attacks such as context-aware spam and social-phishing. We prove the feasibility of our attack exemplarily on Facebook and identify possible consequences based on a mathematical model and simulations. Alarmingly, all major SNSs are vulnerable to our attack as they fail to secure the network layer appropriately.

FITM_TR0710

http://fitm.nysos.net

FITM Attacks (Image by http://www.flickr.com/photos/donsolo/)