Georgios Kontaxis scite author profile

Georgios Kontaxis

4Publications

98Citation Statements Received

19Citation Statements Given

How they've been cited

146

How they cite others

Affiliations

Columbia University, Foundation for Research and Technology Hellas, Institute of Computer Science

Publications

Order By: Most citations

Detecting social network profile cloning

Kontaxis

Polakis

Ioannidis

et al. 2011

View full text Add to dashboard Cite

Abstract-Social networking is one of the most popular Internet activities, with millions of users from around the world. The time spent on sites like Facebook or LinkedIn is constantly increasing at an impressive rate. At the same time, users populate their online profile with a plethora of information that aims at providing a complete and accurate representation of themselves. Attackers may duplicate a user's online presence in the same or across different social networks and, therefore, fool other users into forming trusting social relations with the fake profile. By abusing that implicit trust transferred from the concept of relations in the physical world, they can launch phishing attacks, harvest sensitive user information, or cause unfavorable repercussions to the legitimate profile's owner.In this paper we propose a methodology for detecting social network profile cloning. We present the architectural design and implementation details of a prototype system that can be employed by users to investigate whether they have fallen victims to such an attack. Our experimental results from the use of this prototype system prove its efficiency and also demonstrate its simplicity in terms of deployment by everyday users. Finally, we present the findings from a short study in terms of profile information exposed by social network users.

show abstract

Using social networks to harvest email addresses

Polakis

Kontaxis

Antonatos

et al. 2010

View full text Add to dashboard Cite

Social networking is one of the most popular Internet activities with millions of members from around the world. However, users are unaware of the privacy risks involved. Even if they protect their private information, their name is enough to be used for malicious purposes. In this paper we demonstrate and evaluate how names extracted from social networks can be used to harvest email addresses as a first step for personalized phishing campaigns. Our blind harvesting technique uses names collected from the Facebook and Twitter networks as query terms for the Google search engine, and was able to harvest almost 9 million unique email addresses. We compare our technique with other harvesting methodologies, such as crawling the World Wide Web and dictionary attacks, and show that our approach is more scalable and efficient than the other techniques. We also present three targeted harvesting techniques that aim to collect email addresses coupled with personal information for the creation of personalized phishing emails. By using information available in Twitter to narrow down the search space and, by utilizing the Facebook email search functionality, we are able to successfully map 43.4% of the user profiles to their actual email address. Furthermore, we harvest profiles from Google Buzz, 40% of whom provide a direct mapping to valid Gmail addresses.

show abstract

Minimizing information disclosure to third parties in social login platforms

Kontaxis

Polychronakis

Markatos

2012

Int. J. Inf. Secur.

View full text Add to dashboard Cite

An empirical study on the security of cross-domain policies in rich internet applications

Kontaxis

Antoniades

Polakis

et al. 2011

View full text Add to dashboard Cite

Adobe Flash and Microsoft Silverlight are two widely adopted platforms for providing Rich Internet Applications (RIA) over the World Wide Web. The need for RIAs to retrieve content hosted on different domains, in order to enrich user experience, led to the use of cross-domain policies by content providers. Cross-domain policies define the list of RIA hosting domains that are allowed to retrieve content from the content provider's domain. Misinterpretation or misconfigurations of the policies may give the opportunity to malicious RIAs to access and handle users' private data.In this paper we present an extensive study on the deployment and security issues of cross-domain policies in the web. Through the examination of a large set of popular and diverse (both geographically and content-wise) websites, we reveal that about 50% (more than 6.500 websites) of the websites that have adopted such policies are vulnerable to attacks. Furthermore, we find such policies in more than 50% of the top 500 websites, examined both globally and per-country. Additionally, we examine local sets of e-shopping websites and find that up to 83% implement weak policies. Interestingly, we observe that the less popular a website is, the higher the probability that it will have a weak policy. Compared to previous studies there is an obvious increasing trend in the adoption of RIA but, at the same time, a decreasing trend regarding secure implementations. Through a proof-of-concept attack implementation and a number of real-world examples, we highlight the security impacts of these policy misconfigurations.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.