01.02.2010

New Identification Attack on OSN

Scientists at isecLAB have demonstrated a new attack to disclose names of OSN users. Safebook not affected.

Scientists of the isecLAB at EURECOM, TU Vienna and UCSB have demonstrated a new attack to identify users of Online Social Networks [1]. The attack is able to identify the real name of a user that is merely visiting the web site of the attacker, with high probability.

  This attack again shows the perils of using centralized, commercial online social networks and underlines the need for privacy preserving solutions. The P2P group currently participates in design and development of Safebook, a decentralized social networking service. Safebook, which currently is in the last stages of its test phase, protects the identity and data of the users by design and is not vulnerable to the newly presented attack.
 
  The attack demonstrated by the isecLAB [2], which, together with the P2P group has previously identified and demonstrated a plethora of attacks on OSN [3], leverages on the well known "CSS history hack" [4] and the fact that member listings of groups in most online social networks are browsable by the public. The demonstration is  available online [5]. It gathers the information which groups in XING (almost any other OSN, like LinkedIN, facebook, studivz, etc. could be used interchangeably) the user has visited and building an intersection of the lists of members of these groups estimates the identity of the user. No direct access to the OSN is necessary, simply putting up a web page with the appropriate script is sufficient.

 

 

 


[1] honeyblog.org/archives/51-A-Practical-Attack-to-De-Anonymize-Social-Network-Users.html

http://www.heise.de/security/meldung/Plaudertasche-Web-Browser-erleichtert-Deanonymisierung-919076.html

http://yro.slashdot.org/story/10/02/02/0118213/De-Anonymizing-Social-Network-Users

http://www.spiegel.de/netzwelt/web/0,1518,675395,00.html#ref=top

http://www.bild.de/BILD/digital/internet/2010/02/03/sicherheits-luecke-internetsurfer/datenschutz-gau-soziale-netzwerke.html

[2] http://www.isecLAB.org

[3] All Your Contacts Are Belong to Us: Automated Identity Theft Attacks on Social Networks

[4] ha.ckers.org/weird/CSS-history-hack.html

[5] http://www.iseclab.org/people/gilbert/experiment/

 




Ähnliche Nachrichten:


Kategorie:




A A A | Drucken Print | Impressum Impressum | Sitemap Sitemap | Suche Search | Kontakt Contact
zum Seitenanfangzum Seitenanfang