Staff View
Evaluating the Security Risks of Freedom on Social Networking Websites

Descriptive

Language
LanguageTerm (authority = ISO 639-3:2007); (type = text)
English
Genre (authority = RULIB-FS)
Other
Genre (authority = marcgt)
technical report
PhysicalDescription
InternetMediaType
application/pdf
Extent
10 p.
Note (type = special display note)
Technical report DCS-TR-646
Name (type = corporate); (authority = RutgersOrg-School)
NamePart
School of Arts and Sciences (SAS) (New Brunswick)
Name (type = corporate); (authority = RutgersOrg-Department)
NamePart
Computer Science (New Brunswick)
TypeOfResource
Text
TitleInfo
Title
Evaluating the Security Risks of Freedom on Social Networking Websites
Name (type = personal)
NamePart (type = family)
Ur
NamePart (type = given)
Blase E.
Affiliation
Computer Science (New Brunswick)
Role
RoleTerm (type = text); (authority = marcrt)
author
Name (type = personal)
NamePart (type = family)
Maung
NamePart (type = given)
Crystal
Affiliation
Computer Science (New Brunswick)
Role
RoleTerm (type = text); (authority = marcrt)
author
Name (type = personal)
NamePart (type = family)
Ganapathy
NamePart (type = given)
Vinod
Affiliation
Computer Science (New Brunswick)
Role
RoleTerm (type = text); (authority = marcrt)
author
OriginInfo
DateCreated (encoding = w3cdtf); (qualifier = exact); (keyDate = yes)
2009-01
Abstract (type = abstract)
Many Web 2.0-based social networking sites permit their users to post comments containing a variety of HTML tags on other users’ profiles. In this paper, we show that allowing arbitrary users to post multimedia HTML content on other users’ social network profiles is an attack vector. Specifically, we demonstrate three attacks— the Social-DDoS attack, the Social-C&C attack, and the Browserchoking attack—each of which allows an arbitrary Web user to jeopardize the security of other Web users. Using the Social-DDoS attack, a malicious Web user can launch a distributed denial of service attack against a Web server; the Social-C&C attack allows a botmaster to covertly and efficiently deliver commands to bot-infected machines; and the Browser-choking attack cripples Web browsers by increasing their memory consumption and prevents users from viewing targeted social network pro- files. We present an experimental evaluation of these attacks on two popular social networking Web sites, Myspace and Flickr. Our results show that the attacks can be highly effective when launched using popular social network profiles. In the context of our results, we discuss the security risks of allowing social network users to post media files on other users’ pages, and we conclude with a discussion of possible approaches to mitigate these risks.
RelatedItem (type = host)
TitleInfo
Title
Computer Science (New Brunswick)
Identifier (type = local)
rucore21032500001
Location
PhysicalLocation (authority = marcorg); (displayLabel = Rutgers, The State University of New Jersey)
NjNbRU
Identifier (type = doi)
doi:10.7282/T30V8H8J
Back to the top

Rights

RightsDeclaration (AUTHORITY = rightsstatements.org); (TYPE = IN COPYRIGHT); (ID = http://rightsstatements.org/vocab/InC/1.0/)
This Item is protected by copyright and/or related rights.You are free to use this Item in any way that is permitted by the copyright and related rights legislation that applies to your use.For other uses you need to obtain permission from the rights-holder(s).
Copyright
Status
Copyright protected
Availability
Status
Open
Reason
Permission or license
Back to the top

Technical

RULTechMD (ID = TECHNICAL1)
ContentModel
Document
CreatingApplication
Version
1.4
ApplicationName
pdfTeX-1.40.9
DateCreated (point = end); (encoding = w3cdtf); (qualifier = exact)
2009-01-18T12:38:52
DateCreated (point = end); (encoding = w3cdtf); (qualifier = exact)
2009-01-18T12:38:52
Back to the top
Version 8.3.10
Rutgers University Libraries - Copyright ©2019