Featured Research

from universities, journals, and other organizations

SpamBot wants to be your friend

Date:
October 18, 2010
Source:
Vienna University of Technology
Summary:
Social network sites such as Facebook, mySpace or Twitter are gaining popularity. But the web 2.0 faces us with new dangers. Researchers in Austria, who have been detecting and studying security hazards of social network sites, now provide advice on how to increase your safety on the web.

Social network sites such as Facebook, mySpace or Twitter are gaining popularity. But the 'Web 2.0' presents new dangers. At the Vienna University of Technology (VUT), security hazards of social network sites have been detected and studied. Researchers of the VUT now provide advice on how to increase your safety on the Web.

Socializing and finding new friends on social network sites has become just as common as writing emails. However, new security risks of these new websites are becoming more common. Gilbert Wondracek and Christian Platzer, of the Secure Systems Lab at VUT, have been doing research on these security issues. With a few simple tricks, they managed to match more than 1.2 million social network profiles with the corresponding private email addresses. This experiment was done for scientific purposes only -- but what if the next attack is launched by malicious hackers?

Someone who creates a profile on a social-network site wants to get into contact with as many friends as possible. Most websites offer a very simple and convenient way to find new contacts: users can simply upload their email address book and they get a list of existing profiles matching the email addresses. "This gives cause for concern," says Christian Platzer (VUT). "Even if my email address is supposed to be kept secret and it is not visible in my profile, the website still uses it to identity my profile."

Millions of email addresses matched with personal data

The researchers used email addresses taken from a spam-server (which has been taken offline). Using simple computer programs, millions of email addresses could be checked on various social-network sites in a short period of time. If the social network site responds that there is indeed a user profile for a given email address, then it is most likely an address which is still in use -- and in addition, the user profile provides valuable personal information about the owner of the address. Usually, in someone's user profile, a list of names of their friends can be found. From this list, new email addresses can be generated. The researchers had the computer create a list of possible email addresses for each name, Next, it can again be tested whether any of these addresses are registered on a social network site. That way, hundreds of thousands of valid email addresses could be found rapidly. Altogether, more than 1.2 million user profiles could be matched with their owner's private email address.

Tell me where you click -- I'll tell you who you are

Further dangers are posed by user groups, which can be joined on various social network sites. In these groups, people can discuss their favourite topics and get to know people of similar interests -- but in the worst case, those groups can cause users to lose their anonymity on the Web. A harmless-looking website may search the user's browser-history and find out which group websites have been visited recently. If the malicious website knows the list of groups the user has joined, his identity can, in many cases, be determined quite accurately. After all, it is rather improbable that several users are members of exactly the same set of groups. That way, the website can guess the user's name -- even if the site itself is in no way affiliated with Facebook, Twitter and other social network sites.

"Of course we were very careful in our research project not to harm the websites and not to violate the privacy of users in any way," Gilbert Wondraschek emphasizes. "We only evaluated the data scientifically -- but malicious attackers could indeed do quite a lot of harm with data like that." In the most harmless case, the victim will receive vast amounts of spam -- automatically selected to fit the user's interests. But also serious fraud could be possible. Possibly, tricksters will one day pretend to be friends or business partners, they send a short text, specially designed with the help of personal data from the social network profile -- and the victim is strongly tempted to believe that the sender is indeed the person he claims to be. Even forms of blackmail are conceivable. Maybe the user of a dating site is married -- and willing to pay money so that this information remains secret?

Safety tips for the Web 2.0

The newfound security hazards have been reported to the social network sites by the researchers at Vienna University of Technology. In several cases, the problems have already been fixed. For Internet users, there is no point in developing paranoia, but it pays to be careful, assert Christian Platzer and Gilbert Wondracek. Some safety tips should definitely be followed: it is never a good idea to upload one's email address book anywhere on the Internet. Valuable data which should better be kept private is distributed that way. Most social network sites offer the possibility of deciding which pieces of information should be visible to everybody and which should be restricted to personal friends. It is advisable to choose rather restrictive settings. Special care should be taken with tagging photographs. Not everybody needs to see the beach-party holiday pictures -- especially not with the full names of the people in the picture. Telephone numbers or private addresses should never be posted in the profile. Data like that should only be given personally to people who are actually supposed to have it.


Story Source:

The above story is based on materials provided by Vienna University of Technology. Note: Materials may be edited for content and length.


Cite This Page:

Vienna University of Technology. "SpamBot wants to be your friend." ScienceDaily. ScienceDaily, 18 October 2010. <www.sciencedaily.com/releases/2010/10/101018074416.htm>.
Vienna University of Technology. (2010, October 18). SpamBot wants to be your friend. ScienceDaily. Retrieved July 29, 2014 from www.sciencedaily.com/releases/2010/10/101018074416.htm
Vienna University of Technology. "SpamBot wants to be your friend." ScienceDaily. www.sciencedaily.com/releases/2010/10/101018074416.htm (accessed July 29, 2014).

Share This




More Computers & Math News

Tuesday, July 29, 2014

Featured Research

from universities, journals, and other organizations


Featured Videos

from AP, Reuters, AFP, and other news services

Teen's Phone Ignites Under Her Pillow; How Real Is The Risk?

Teen's Phone Ignites Under Her Pillow; How Real Is The Risk?

Newsy (July 28, 2014) A Texas teen's Samsung phone apparently ignited while she slept, but what was the real problem here? Video provided by Newsy
Powered by NewsLook.com
Google's Next Frontier: The Human Body

Google's Next Frontier: The Human Body

Newsy (July 27, 2014) Google is collecting genetic and molecular information to paint a picture of the perfectly healthy human. Video provided by Newsy
Powered by NewsLook.com
Cellphone Unlocking Bill Clears U.S. House, Heads to Obama

Cellphone Unlocking Bill Clears U.S. House, Heads to Obama

Reuters - US Online Video (July 27, 2014) Congress gets rid of pesky law that made it illegal to "unlock" mobile phones without permission, giving consumers the option to use the same phone on a competitor's wireless network. Mana Rabiee reports. Video provided by Reuters
Powered by NewsLook.com
Congress OKs Unlocking Phones From Carriers

Congress OKs Unlocking Phones From Carriers

Newsy (July 26, 2014) A bill legalizing "unlocking," or untethering a phone from its default wireless carrier, has passed Congress and is expected to be signed into law. Video provided by Newsy
Powered by NewsLook.com

Search ScienceDaily

Number of stories in archives: 140,361

Find with keyword(s):
Enter a keyword or phrase to search ScienceDaily for related topics and research stories.

Save/Print:
Share:

Breaking News:
from the past week

In Other News

... from NewsDaily.com

Science News

Health News

Environment News

Technology News



Save/Print:
Share:

Free Subscriptions


Get the latest science news with ScienceDaily's free email newsletters, updated daily and weekly. Or view hourly updated newsfeeds in your RSS reader:

Get Social & Mobile


Keep up to date with the latest news from ScienceDaily via social networks and mobile apps:

Have Feedback?


Tell us what you think of ScienceDaily -- we welcome both positive and negative comments. Have any problems using the site? Questions?
Mobile: iPhone Android Web
Follow: Facebook Twitter Google+
Subscribe: RSS Feeds Email Newsletters
Latest Headlines Health & Medicine Mind & Brain Space & Time Matter & Energy Computers & Math Plants & Animals Earth & Climate Fossils & Ruins