Featured Research

from universities, journals, and other organizations

SpamBot wants to be your friend

Date:
October 18, 2010
Source:
Vienna University of Technology
Summary:
Social network sites such as Facebook, mySpace or Twitter are gaining popularity. But the web 2.0 faces us with new dangers. Researchers in Austria, who have been detecting and studying security hazards of social network sites, now provide advice on how to increase your safety on the web.

Social network sites such as Facebook, mySpace or Twitter are gaining popularity. But the 'Web 2.0' presents new dangers. At the Vienna University of Technology (VUT), security hazards of social network sites have been detected and studied. Researchers of the VUT now provide advice on how to increase your safety on the Web.

Related Articles


Socializing and finding new friends on social network sites has become just as common as writing emails. However, new security risks of these new websites are becoming more common. Gilbert Wondracek and Christian Platzer, of the Secure Systems Lab at VUT, have been doing research on these security issues. With a few simple tricks, they managed to match more than 1.2 million social network profiles with the corresponding private email addresses. This experiment was done for scientific purposes only -- but what if the next attack is launched by malicious hackers?

Someone who creates a profile on a social-network site wants to get into contact with as many friends as possible. Most websites offer a very simple and convenient way to find new contacts: users can simply upload their email address book and they get a list of existing profiles matching the email addresses. "This gives cause for concern," says Christian Platzer (VUT). "Even if my email address is supposed to be kept secret and it is not visible in my profile, the website still uses it to identity my profile."

Millions of email addresses matched with personal data

The researchers used email addresses taken from a spam-server (which has been taken offline). Using simple computer programs, millions of email addresses could be checked on various social-network sites in a short period of time. If the social network site responds that there is indeed a user profile for a given email address, then it is most likely an address which is still in use -- and in addition, the user profile provides valuable personal information about the owner of the address. Usually, in someone's user profile, a list of names of their friends can be found. From this list, new email addresses can be generated. The researchers had the computer create a list of possible email addresses for each name, Next, it can again be tested whether any of these addresses are registered on a social network site. That way, hundreds of thousands of valid email addresses could be found rapidly. Altogether, more than 1.2 million user profiles could be matched with their owner's private email address.

Tell me where you click -- I'll tell you who you are

Further dangers are posed by user groups, which can be joined on various social network sites. In these groups, people can discuss their favourite topics and get to know people of similar interests -- but in the worst case, those groups can cause users to lose their anonymity on the Web. A harmless-looking website may search the user's browser-history and find out which group websites have been visited recently. If the malicious website knows the list of groups the user has joined, his identity can, in many cases, be determined quite accurately. After all, it is rather improbable that several users are members of exactly the same set of groups. That way, the website can guess the user's name -- even if the site itself is in no way affiliated with Facebook, Twitter and other social network sites.

"Of course we were very careful in our research project not to harm the websites and not to violate the privacy of users in any way," Gilbert Wondraschek emphasizes. "We only evaluated the data scientifically -- but malicious attackers could indeed do quite a lot of harm with data like that." In the most harmless case, the victim will receive vast amounts of spam -- automatically selected to fit the user's interests. But also serious fraud could be possible. Possibly, tricksters will one day pretend to be friends or business partners, they send a short text, specially designed with the help of personal data from the social network profile -- and the victim is strongly tempted to believe that the sender is indeed the person he claims to be. Even forms of blackmail are conceivable. Maybe the user of a dating site is married -- and willing to pay money so that this information remains secret?

Safety tips for the Web 2.0

The newfound security hazards have been reported to the social network sites by the researchers at Vienna University of Technology. In several cases, the problems have already been fixed. For Internet users, there is no point in developing paranoia, but it pays to be careful, assert Christian Platzer and Gilbert Wondracek. Some safety tips should definitely be followed: it is never a good idea to upload one's email address book anywhere on the Internet. Valuable data which should better be kept private is distributed that way. Most social network sites offer the possibility of deciding which pieces of information should be visible to everybody and which should be restricted to personal friends. It is advisable to choose rather restrictive settings. Special care should be taken with tagging photographs. Not everybody needs to see the beach-party holiday pictures -- especially not with the full names of the people in the picture. Telephone numbers or private addresses should never be posted in the profile. Data like that should only be given personally to people who are actually supposed to have it.


Story Source:

The above story is based on materials provided by Vienna University of Technology. Note: Materials may be edited for content and length.


Cite This Page:

Vienna University of Technology. "SpamBot wants to be your friend." ScienceDaily. ScienceDaily, 18 October 2010. <www.sciencedaily.com/releases/2010/10/101018074416.htm>.
Vienna University of Technology. (2010, October 18). SpamBot wants to be your friend. ScienceDaily. Retrieved November 28, 2014 from www.sciencedaily.com/releases/2010/10/101018074416.htm
Vienna University of Technology. "SpamBot wants to be your friend." ScienceDaily. www.sciencedaily.com/releases/2010/10/101018074416.htm (accessed November 28, 2014).

Share This


More From ScienceDaily



More Computers & Math News

Friday, November 28, 2014

Featured Research

from universities, journals, and other organizations


Featured Videos

from AP, Reuters, AFP, and other news services

EU Pushes Google For Worldwide Right To Be Forgotten

EU Pushes Google For Worldwide Right To Be Forgotten

Newsy (Nov. 27, 2014) Privacy regulators recommend Google expand its requested removals to apply to all its web domains. Video provided by Newsy
Powered by NewsLook.com
Predictions Of Tablets' Demise Sound Familiar

Predictions Of Tablets' Demise Sound Familiar

Newsy (Nov. 26, 2014) The tablet's days are numbered, at least according to a recent IDC report. The market-research firm paints a grim outlook for tablets. Video provided by Newsy
Powered by NewsLook.com
Today's Prostheses Are More Capable Than Ever

Today's Prostheses Are More Capable Than Ever

Newsy (Nov. 26, 2014) Advances in prosthetics are making replacement body parts stronger and more lifelike than they’ve ever been. Video provided by Newsy
Powered by NewsLook.com
FCC Forces T-Mobile To Alert Customers Of Data Throttling

FCC Forces T-Mobile To Alert Customers Of Data Throttling

Newsy (Nov. 25, 2014) T-Mobile and the FCC have reached an agreement requiring the company to alert customers when it throttles their data speeds. Video provided by Newsy
Powered by NewsLook.com

Search ScienceDaily

Number of stories in archives: 140,361

Find with keyword(s):
Enter a keyword or phrase to search ScienceDaily for related topics and research stories.

Save/Print:
Share:

Breaking News:

Strange & Offbeat Stories


Space & Time

Matter & Energy

Computers & Math

In Other News

... from NewsDaily.com

Science News

Health News

Environment News

Technology News



Save/Print:
Share:

Free Subscriptions


Get the latest science news with ScienceDaily's free email newsletters, updated daily and weekly. Or view hourly updated newsfeeds in your RSS reader:

Get Social & Mobile


Keep up to date with the latest news from ScienceDaily via social networks and mobile apps:

Have Feedback?


Tell us what you think of ScienceDaily -- we welcome both positive and negative comments. Have any problems using the site? Questions?
Mobile: iPhone Android Web
Follow: Facebook Twitter Google+
Subscribe: RSS Feeds Email Newsletters
Latest Headlines Health & Medicine Mind & Brain Space & Time Matter & Energy Computers & Math Plants & Animals Earth & Climate Fossils & Ruins