Web Security Projects and Demos @ NaN

See how a truthy rumor about a Marylin Monroe sex film spreads through social media and how many people click...

We conducted a study to show how easy it is to trick people into releasing their secrets to strangers, by exploiting their social vulnerabilities. We mined public friendship information from social network websites. 72% of victims who thought they received a message from a friend, disclosed their passwords. The results are published in Communications of the ACM 5(10): 94-100, Oct 2007. This talk was given at a SOUPS 2005 panel and CACR. Many people ask us about the ethical and legal aspects of crawling social network sites for this kind of research.

The Gossip Engine demo shows that fraudsters can make money from ads by generating fake content that looks real enough to search engines and appears original enough to lure people into clicking. This kind of click fraud may not be illegal, but it pollutes the Web.

The Phroogle demo illustrates how one can exploit comparison shopping engines to bait victims into disclosing their credit card or bank account numbers. Try it, it's safe! (Case study in Phishing and Countermeasures.)

Web forms for email subscriptions can be harvested and exploited to launch DDoS attacks. We demo the Email Cluster Bombs attack and illustrate how to defend from it. Published in login.

Could your browser release your personal information without your knowledge? Find out by solving this riddle! (Case study in Phishing and Countermeasures.)

This demo was intended to show that online polls and ratings are unreliable, and that third-party cookies can be tricky.