论文信息 - Who on Earth Is "Mr. Cypher": Automated Friend Injection Attacks on Social Networking Sites

Who on Earth Is "Mr. Cypher": Automated Friend Injection Attacks on Social Networking Sites

Within this paper we present our novel friend injection attack which exploits the fact that the great majority of social networking sites fail to protect the communication between its users and their services. In a practical evaluation, on the basis of public wireless access points, we furthermore demonstrate the feasibility of our attack. The friend injection attack enables a stealth infiltration of social networks and thus outlines the devastating consequences of active eavesdropping attacks against social networking sites.

[1] Starr Roxanne Hiltz,et al. Trust and Privacy Concern Within Social Networking Sites: A Comparison of Facebook and MySpace , 2007, AMCIS.

[2] Leyla Bilge,et al. All your contacts are belong to us: automated identity theft attacks on social networks , 2009, WWW '09.

[3] Alessandro Acquisti,et al. Information revelation and privacy in online social networks , 2005, WPES '05.

[4] Collin Jackson,et al. Forcehttps: protecting high-security web sites from network attacks , 2008, WWW.

[5] Frank Stajano,et al. Eight friends are enough: social graph approximation via public listings , 2009, SNS '09.

[6] Ben Adida,et al. Sessionlock: securing web sessions against eavesdropping , 2008, WWW.

[7] A. Felt. Privacy Protection for Social Networking APIs , 2008 .

[8] Stewart Kowalski,et al. Towards Automating Social Engineering Using Social Networking Sites , 2009, 2009 International Conference on Computational Science and Engineering.

[9] Kevin Borders,et al. Social networks and context-aware spam , 2008, CSCW.

[10] Darren Gergle,et al. On the "localness" of user-generated content , 2010, CSCW '10.

[11] Xubin He,et al. A Performance Analysis of Secure HTTP Protocol , 2003 .

[12] Meeyoung Cha,et al. Proceedings of the Second ACM EuroSys Workshop on Social Network Systems, SNS 2009, Nuremberg, Germany, March 31, 2009 , 2009, SNS.