Learn More
—Web browsers are crucial software components in today's usage of the Internet, but the reliable detection of whether a client is using a specific browser can still be considered a nontrivial problem. Reliable browser identification is crucial for online security and privacy e.g., regarding drive-by downloads and user tracking, and can be used to enhance(More)
In recent months a new generation of mobile messag-ing and VoIP applications for smartphones was introduced. These services offer free calls and text messages to other subscribers, providing an Internet-based alternative to the traditional communication methods managed by cellular network carriers such as SMS, MMS and voice calls. While user numbers are(More)
During the past few years, a vast number of online file storage services have been introduced. While several of these services provide basic functionality such as upload-ing and retrieving files by a specific user, more advanced services offer features such as shared folders, real-time collaboration, minimization of data transfers or unlimited storage(More)
Friend-in-the-middle attacks on social networking sites can be used to harvest social data in an automated fashion. Attackers can then exploit this data for large-scale attacks using context-aware spam and social phishing. The authors prove the feasibility of such an attack and simulate the impact on Facebook. Alarmingly, all major social networking sites(More)
Session hijacking has become a major problem in today's Web services, especially with the availability of free off-the-shelf tools. As major websites like Facebook, You tube and Yahoo still do not use HTTPS for all users by default, new methods are needed to protect the users' sessions if session tokens are transmitted in the clear. In this paper we propose(More)
In the ongoing arms race between spammers and the multi-million dollar anti-spam industry, the number of unsolicited e-mail messages (better known as "spam") and phishing has increased heavily in the last decade. In this paper, we show that our novel friend-in-the-middle attack on social networking sites (SNSs) can be used to harvest social data in an(More)
Social networking sites have been studied extensively within the past five years, especially in the area of information security. Within this paper we discuss these emerging web services both regarding possible attack vectors as well as defense strategies. Our results suggest that a gap between attack and defense strategies exists. Furthermore we found that(More)
Recently, academia and law enforcement alike have shown a strong demand for data that is collected from online social networks. In this work, we present a novel method for harvesting such data from social networking websites. Our approach uses a hybrid system that is based on a custom add-on for social networks in combination with a web crawling component.(More)
Whenever data is being processed, there are many places where parts of the data are temporarily stored; thus forensic analysis can reveal past activities, create a (partial) timeline and recover deleted data. While this fact is well known for computer forensics, multiple forensic tools exist to analyze data and the systematic analysis of database systems(More)
This paper analyzes the web browsing behaviour of Tor users. By collecting HTTP requests we show which websites are of interest to Tor users and we determined an upper bound on how vulnerable Tor users are to sophisticated de-anonymization attacks: up to 78 % of the Tor users do not use Tor as suggested by the Tor community, namely to browse the web with(More)