Web Security Projects and Demos @ NaN
Under PIs Menczer and
collaborate on a number of Web security and privacy-related
projects. Here is a sample, especially public demos.
We conducted a study to show how easy it is to trick people into
releasing their secrets to strangers, by exploiting their social
vulnerabilities. We mined public friendship information from social
network websites. 72% of victims who thought they received a message
from a friend, disclosed their passwords. The results are
in Communications of the ACM
5(10): 94-100, Oct 2007.
was given at a SOUPS 2005 panel
Many people ask us about the ethical and legal aspects
of crawling social network sites
for this kind of research.
The Gossip Engine demo
shows that fraudsters can make money from ads by generating
fake content that looks real enough to search engines and appears original
enough to lure people into clicking. This kind of click fraud may not be
illegal, but it pollutes the Web.
The Phroogle demo
illustrates how one can exploit comparison shopping engines to bait victims
into disclosing their credit card or bank account numbers. Try it, it's safe!
(Case study in Phishing and Countermeasures
Email Cluster Bombs
Poll of the Day
was intended to show that online polls and ratings are unreliable,
and that third-party cookies can be tricky.