Web Security Projects and Demos @ NaN

Under PIs Menczer and Jakobsson, NaN and cybersecurity folks collaborate on a number of Web security and privacy-related projects. Here is a sample, especially public demos.

Truthy Rumors

See how a truthy rumor about a Marylin Monroe sex film spreads through social media and how many people click...

Social Phishing

We conducted a study to show how easy it is to trick people into releasing their secrets to strangers, by exploiting their social vulnerabilities. We mined public friendship information from social network websites. 72% of victims who thought they received a message from a friend, disclosed their passwords. The results are published in Communications of the ACM 5(10): 94-100, Oct 2007. This talk was given at a SOUPS 2005 panel and CACR. Many people ask us about the ethical and legal aspects of crawling social network sites for this kind of research.

Gossip Engine

The Gossip Engine demo shows that fraudsters can make money from ads by generating fake content that looks real enough to search engines and appears original enough to lure people into clicking. This kind of click fraud may not be illegal, but it pollutes the Web.


The Phroogle demo illustrates how one can exploit comparison shopping engines to bait victims into disclosing their credit card or bank account numbers. Try it, it's safe! (Case study in Phishing and Countermeasures.)

Email Cluster Bombs

Web forms for email subscriptions can be harvested and exploited to launch DDoS attacks. We demo the Email Cluster Bombs attack and illustrate how to defend from it. Published in login.


Could your browser release your personal information without your knowledge? Find out by solving this riddle! (Case study in Phishing and Countermeasures.)

Poll of the Day

This demo was intended to show that online polls and ratings are unreliable, and that third-party cookies can be tricky.