Featured Research

from universities, journals, and other organizations

SpamBot wants to be your friend

October 18, 2010
Vienna University of Technology
Social network sites such as Facebook, mySpace or Twitter are gaining popularity. But the web 2.0 faces us with new dangers. Researchers in Austria, who have been detecting and studying security hazards of social network sites, now provide advice on how to increase your safety on the web.

Social network sites such as Facebook, mySpace or Twitter are gaining popularity. But the 'Web 2.0' presents new dangers. At the Vienna University of Technology (VUT), security hazards of social network sites have been detected and studied. Researchers of the VUT now provide advice on how to increase your safety on the Web.

Socializing and finding new friends on social network sites has become just as common as writing emails. However, new security risks of these new websites are becoming more common. Gilbert Wondracek and Christian Platzer, of the Secure Systems Lab at VUT, have been doing research on these security issues. With a few simple tricks, they managed to match more than 1.2 million social network profiles with the corresponding private email addresses. This experiment was done for scientific purposes only -- but what if the next attack is launched by malicious hackers?

Someone who creates a profile on a social-network site wants to get into contact with as many friends as possible. Most websites offer a very simple and convenient way to find new contacts: users can simply upload their email address book and they get a list of existing profiles matching the email addresses. "This gives cause for concern," says Christian Platzer (VUT). "Even if my email address is supposed to be kept secret and it is not visible in my profile, the website still uses it to identity my profile."

Millions of email addresses matched with personal data

The researchers used email addresses taken from a spam-server (which has been taken offline). Using simple computer programs, millions of email addresses could be checked on various social-network sites in a short period of time. If the social network site responds that there is indeed a user profile for a given email address, then it is most likely an address which is still in use -- and in addition, the user profile provides valuable personal information about the owner of the address. Usually, in someone's user profile, a list of names of their friends can be found. From this list, new email addresses can be generated. The researchers had the computer create a list of possible email addresses for each name, Next, it can again be tested whether any of these addresses are registered on a social network site. That way, hundreds of thousands of valid email addresses could be found rapidly. Altogether, more than 1.2 million user profiles could be matched with their owner's private email address.

Tell me where you click -- I'll tell you who you are

Further dangers are posed by user groups, which can be joined on various social network sites. In these groups, people can discuss their favourite topics and get to know people of similar interests -- but in the worst case, those groups can cause users to lose their anonymity on the Web. A harmless-looking website may search the user's browser-history and find out which group websites have been visited recently. If the malicious website knows the list of groups the user has joined, his identity can, in many cases, be determined quite accurately. After all, it is rather improbable that several users are members of exactly the same set of groups. That way, the website can guess the user's name -- even if the site itself is in no way affiliated with Facebook, Twitter and other social network sites.

"Of course we were very careful in our research project not to harm the websites and not to violate the privacy of users in any way," Gilbert Wondraschek emphasizes. "We only evaluated the data scientifically -- but malicious attackers could indeed do quite a lot of harm with data like that." In the most harmless case, the victim will receive vast amounts of spam -- automatically selected to fit the user's interests. But also serious fraud could be possible. Possibly, tricksters will one day pretend to be friends or business partners, they send a short text, specially designed with the help of personal data from the social network profile -- and the victim is strongly tempted to believe that the sender is indeed the person he claims to be. Even forms of blackmail are conceivable. Maybe the user of a dating site is married -- and willing to pay money so that this information remains secret?

Safety tips for the Web 2.0

The newfound security hazards have been reported to the social network sites by the researchers at Vienna University of Technology. In several cases, the problems have already been fixed. For Internet users, there is no point in developing paranoia, but it pays to be careful, assert Christian Platzer and Gilbert Wondracek. Some safety tips should definitely be followed: it is never a good idea to upload one's email address book anywhere on the Internet. Valuable data which should better be kept private is distributed that way. Most social network sites offer the possibility of deciding which pieces of information should be visible to everybody and which should be restricted to personal friends. It is advisable to choose rather restrictive settings. Special care should be taken with tagging photographs. Not everybody needs to see the beach-party holiday pictures -- especially not with the full names of the people in the picture. Telephone numbers or private addresses should never be posted in the profile. Data like that should only be given personally to people who are actually supposed to have it.

Story Source:

The above story is based on materials provided by Vienna University of Technology. Note: Materials may be edited for content and length.

Cite This Page:

Vienna University of Technology. "SpamBot wants to be your friend." ScienceDaily. ScienceDaily, 18 October 2010. <www.sciencedaily.com/releases/2010/10/101018074416.htm>.
Vienna University of Technology. (2010, October 18). SpamBot wants to be your friend. ScienceDaily. Retrieved October 20, 2014 from www.sciencedaily.com/releases/2010/10/101018074416.htm
Vienna University of Technology. "SpamBot wants to be your friend." ScienceDaily. www.sciencedaily.com/releases/2010/10/101018074416.htm (accessed October 20, 2014).

Share This

More Computers & Math News

Monday, October 20, 2014

Featured Research

from universities, journals, and other organizations

Featured Videos

from AP, Reuters, AFP, and other news services

Japanese Scientists Unveil Floating 3D Projection

Japanese Scientists Unveil Floating 3D Projection

Reuters - Innovations Video Online (Oct. 20, 2014) Scientists in Tokyo have demonstrated what they say is the world's first 3D projection that floats in mid air. A laser that fires a pulse up to a thousand times a second superheats molecules in the air, creating a spark which can be guided to certain points in the air to shape what the human eye perceives as an image. Matthew Stock reports. Video provided by Reuters
Powered by NewsLook.com
Google To Protect Against Piracy ... At A Cost

Google To Protect Against Piracy ... At A Cost

Newsy (Oct. 20, 2014) Google is changing its search-engine results to protect content producers from piracy — for a price. Video provided by Newsy
Powered by NewsLook.com
What We Know About Microsoft's Rumored Smartwatch

What We Know About Microsoft's Rumored Smartwatch

Newsy (Oct. 20, 2014) Microsoft will reportedly release a smartwatch that works across different mobile platforms, has a two-day battery life and tracks heart rate. Video provided by Newsy
Powered by NewsLook.com
Is Spotify Family A Great Deal Or Catching Up?

Is Spotify Family A Great Deal Or Catching Up?

Newsy (Oct. 20, 2014) Spotify Family lets you add a family member to your account for half price. Although users are excited, it's a move competitors have already made. Video provided by Newsy
Powered by NewsLook.com

Search ScienceDaily

Number of stories in archives: 140,361

Find with keyword(s):
Enter a keyword or phrase to search ScienceDaily for related topics and research stories.


Breaking News:

Strange & Offbeat Stories

Space & Time

Matter & Energy

Computers & Math

In Other News

... from NewsDaily.com

Science News

Health News

Environment News

Technology News


Free Subscriptions

Get the latest science news with ScienceDaily's free email newsletters, updated daily and weekly. Or view hourly updated newsfeeds in your RSS reader:

Get Social & Mobile

Keep up to date with the latest news from ScienceDaily via social networks and mobile apps:

Have Feedback?

Tell us what you think of ScienceDaily -- we welcome both positive and negative comments. Have any problems using the site? Questions?
Mobile: iPhone Android Web
Follow: Facebook Twitter Google+
Subscribe: RSS Feeds Email Newsletters
Latest Headlines Health & Medicine Mind & Brain Space & Time Matter & Energy Computers & Math Plants & Animals Earth & Climate Fossils & Ruins