Who on Earth Is “Mr. Cypher”: Automated Friend Injection Attacks on Social Networking Sites

Huber, Markus; Mulazzani, Martin; Weippl, Edgar

doi:10.1007/978-3-642-15257-3_8

Cited by 20 publications

(10 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In the most naive approach this means that the communication between the users and the social network uses encryption (e.g., HTTPS) to protect against eavesdropping. However, this from a technical standpoint simple, easy applicable and readily available protection instrument is not widely used by most of the SNSs [28]. XING is the exception, as it uses HTTPS for all client communication.…”

Section: Snss Protection Strategiesmentioning

confidence: 99%

“…These are important features to improve the privacy issues of SNSs usage but once a closed network is infiltrated the protection is rendered useless. [7] showed that cloning of user profiles could be misused to infiltrate private networks, while [28] outlined yet another attack to infiltrate closed networks via HTTP cookie hijacking. c) Profile-squatting and Reputation Slander through ID Theft.…”

Section: Snss Attack Scenariosmentioning

confidence: 99%

See 1 more Smart Citation

Social Networking Sites Security: Quo Vadis

Huber

Mulazzani

Weippl

2010

2010 IEEE Second International Conference on Social Computing

Self Cite

View full text Add to dashboard Cite

Social networking sites have been studied extensively within the past five years, especially in the area of information security. Within this paper we discuss these emerging web services both regarding possible attack vectors as well as defense strategies. Our results suggest that a gap between attack and defense strategies exists. Furthermore we found that research focuses mainly on Facebook, while scant attention is paid to other social networking sites.

show abstract

Section: Snss Protection Strategiesmentioning

confidence: 99%

Section: Snss Attack Scenariosmentioning

confidence: 99%

Social Networking Sites Security: Quo Vadis

Huber

Mulazzani

Weippl

2010

2010 IEEE Second International Conference on Social Computing

Self Cite

View full text Add to dashboard Cite

show abstract

“…Another method of ICA attack is hijacking an existing user account through the OSN's session cookies hijacking [14]. Having control of the victim's account, the attacker impersonate the victim and retrieve the required information from the victim's friends, deceiving the trust between both parties.…”

Section: A Harvesting Informationmentioning

confidence: 99%

A survey on deceptions in online social networks

Shariff

Zhang

2014

2014 International Conference on Computer and Information Sciences (ICCOINS)

View full text Add to dashboard Cite

Online Social Network (OSN) sites continue to grow and dominate the Internet with billions of users signing up and actively participating in these sites. The users use the sites to build relationships between old and new friends, trusting them by exchanging and sharing information. However, the OSN users are unaware of security and privacy threats instilled with their trust. Many threats exploit the trust in the users as they create their way into their targeted victims' virtual communities to gather and diffuse information. In this paper, we present a survey on the types of trust deception attacks on OSN users and the existing solutions to detect and prevent users' trust from being deceived. Finally, we will present open research issues in this area that require further significant research efforts.

show abstract

“…Yet, although they provide flexible control over users and access to resources, Identity management systems are not dynamic in their mitigation mechanisms. With regards to the growing threat of SNS-based semantic attacks, Boshmaf et al [2012] have identified a range of AAA flavoured mechanisms that can provide some protection against automated sybil attacks [Huber et al 2010] and other current threats. Portable identities, with mutual verification and authentication between open systems (e.g.…”

Section: Technicalmentioning

confidence: 99%

A Taxonomy of Attacks and a Survey of Defence Mechanisms for Semantic Social Engineering Attacks

2015

View full text Add to dashboard Cite

Social engineering is used as an umbrella term for a broad spectrum of computer exploitations that employ a variety of attack vectors and strategies to psychologically manipulate a user. Semantic attacks are the specific type of social engineering attacks that bypass technical defences by actively manipulating object characteristics, such as platform or system applications, to deceive rather than directly attack the user. Commonly observed examples include obfuscated URLs, phishing emails, drive-by downloads, spoofed websites and scareware to name a few. This paper presents a taxonomy of semantic attacks, as well as a survey of applicable defences. By contrasting the threat landscape and the associated mitigation techniques in a single comparative matrix, we identify the areas where further research can be particularly beneficial.

show abstract

Who on Earth Is “Mr. Cypher”: Automated Friend Injection Attacks on Social Networking Sites

Cited by 20 publications

References 8 publications

Social Networking Sites Security: Quo Vadis

Social Networking Sites Security: Quo Vadis

A survey on deceptions in online social networks

A Taxonomy of Attacks and a Survey of Defence Mechanisms for Semantic Social Engineering Attacks

Contact Info

Product

Resources

About