Abstract. In the ongoing arms race between spammers and the multi-million dollar anti-spam industry, the number of unsolicited e-mail messages (better known as “spam”) and phishing has increased heavily in the last decade. In this paper, we show that our novel friend-in-the-middle attack on social networking sites (SNSs) can be used to harvest social data in an automated fashion. This social data can then be exploited for large-scale attacks such as context-aware spam and social-phishing. We prove the feasibility of our attack exemplarily on Facebook and identify possible consequences based on a mathematical model and simulations. Alarmingly, all major SNSs are vulnerable to our attack as they fail to secure the network layer appropriately.
FITM_TR0710
http://fitm.nysos.net
One reply on “Technical Report: Friend-in-the-Middle (FITM) Attacks”
[…] This post was mentioned on Twitter by The Tech Gang. The Tech Gang said: #ContextAware Technical Report: Friend-in-the-Middle (FITM) Attacks | DIO.NYSOS …: This social data can then be … http://bit.ly/bbzZyW […]