Interdependencies among Critical Infrastructures, both inside the ICT domain and between ICT and other sectors (e.g. Oil&Gas and Transport), are complex to be understood. Critical Infrastructures risks always change due to new threats, interdependencies and possible scenarios.
ADV organized a seminar on virtualization at SBA Research. Edgar Weippl gave a presentation on security foundations.
Markus Huber received a grant from the Vienna University of Technology to attend the Einsteins in the City 2011 conference in New York. He will present our latest research results on social network forensic.
“Gilbert Wondracek at the Vienna University of Technology in Austria and his colleagues built a history-stealing website aimed at groups on Xing, a business-orientated social network. Mr Wondracek’s analysis of over 6,500 Xing groups, containing a total of more than 1.8m users, suggested that his rogue site would be able to determine the identity of around four in ten visitors. A trial run, in which Mr Wondracek invited colleagues who use Xing to visit his history-stealing site, showed this estimate to be about right. The vulnerability he exploited has since been addressed by the engineers behind several browsers, including Firefox and Safari, but has so far not been fixed in Microsoft’s Internet Explorer.” (verbatim quote from The Economist, Monitor: Anonymous no more, May 10, 2010, http://www.economist.com/node/18304046?story_id=18304046)
Sebastian will stay 5 months at the National Institute of Informatics (NII) in Tokyo, Japan.
Edgar Weippl gives an invited talk at NII.
Whenever data is being processed, there are many places where parts of the data are temporarily stored; thus forensic analysis can reveal past activities, create a (partial) timeline and restore deleted data. While this fact is well known for computer forensic and multiple tools to forensically analyze data exist, the systematic analysis of
data sources such as Web 2.0 services and their underlying database systems has only recently begun.
Clearly, database system are bound to leave more extensive traces since they not only store a file but, in addition, need indexes, rollback segments and log files. In this talk I will cover the basics of forensic analysis particularly focusing on database systems.
During the past few years, a huge number of online file storage services have been introduced. While some provide very basic functionality, e.g., uploading and retrieving files by a specific user, more advanced services offer features like shared folders, real-time collaboration, minimization of data transfers or unlimited storage space. In this talk we closely look at Dropbox, in particular the Dropbox client software as well as the transmission protocol, and describe an attack that results in the unauthorized access to files stored with Dropbox. This attack can be used effectively for forensic investigations.
Markus Klemen and Edgar Weippl are panelists at Future-Network’s event on “Austria’s role in IT markets in Germany, Austria and Switzerland”.
Our manuscript “Friend-in-the-middle Attacks: Exploiting Social Networking Sites for Spam” has been accepted for the upcoming special issue on Security and Privacy in Social Networks in the IEEE Journal of Internet Computing in May/Jun 2011. Preprint is available here.
In this article we have introduced friend-in-the-middle (FITM) attacks which are active eavesdropping attacks against social networking sites. By cloning a user’s authentication cookie which is transmitted in an unencrypted way, it becomes possible to completely impersonate the user. This can then be used to collect sensitive information in an automated fashion which ultimately enables large context-aware spam campaigns that propagate via social phishing. FITM attacks are applicable to the great majority of currently deployed SNSs, such as Facebook, Friendster, and Orkut. Based on FITM attacks we described three subsequent exploits: (1) Friend injection, (2) Application injection, and (3) Social engineering. We furthermore evaluated the impact of a large-scale spam attack on basis of FITM attacks. We therefore set-up a Tor exit node and analyzed the passing through HTTP traffic. Our experiments showed that finding possible FITM attack seeds for spam campaigns is cheap regarding time and hardware resources. Our attack simulation results furthermore suggest that based on the 4000 possible Facebook attack seeds we observed within two weeks, ~300.000 users could have been targeted with context-aware spam.
There are a number of limited protection strategies available to social networking users, such as using browser extensions such as EFF HTTPS Everywhere. The Tor browser bundles include the EFF HTTPS Everywhere extension since May 2010. Social networking providers ultimately have to protect their users against FITM attacks by securing the communication channels of their services with HTTPS. At the time of writing Facebook has announced that they will offer optional HTTPS support for their web service. We strongly advice users to make use of this option once it will become available to everyone.
Our partners at ISecLab have a nice paper on privacy and IPhones (German heise Article)
Guest talk: John Tait
The term Semantic Search is becoming fashionable, but there are a number of problems with the term.
1) There are at least two forms of semantic search. One is based more-or-less hand programmed knowledge sources, like domain ontologies or thesauri. The other is based on emergent properties of the data being searched, using technques like Latent Semantic Analysis or clustering. It is far from clear that the results of applying the two approaches are similar or even compatible.
2) It is often assumed that semantic search is in some sense different from surface text search: which implies that normal old-fashioned Google search (for example) is equivalent to randon string search, when of course the underlying statistics depend critically on the fact that both the queries and copora are natural language (English or German) words with underlying semantics.
3) Semantic Search depends critically on text annotation processes during indexing: but these are potentially corruptable by malefactors. How can this be prevented?
The seminar will explore these three issues, and attempt to find a better definition of the term semantic search and to identify soem ways forward.