| New User, Welcome! Login |
Next Page >>
social networks
3rd Workshop on Security and Privacy in Social Networks
Call for Papers
Third International Workshop on Security and Privacy in Social Networks 2012 (SPSN-2012) in conjunction with IEEE SocialCom 2012, Amsterdam, The Netherlands, September 3-6, 2012
http://spsn12.media.mit.edu/index.html
Scope of Workshop:
The workshop aims to bring to the forefront innovative approaches for analyzing and enhancing the security and privacy dimensions in online social networks. In order to facilitate the transition of such methods from theory to mechanisms designed and deployed in existing online social networking services, we need to create a common language between the researchers and practitioners of this new area, spanning from the theory of computational social sciences to conventional security and network engineering.
anonymous money transfers
- Constructivist Epistemology
- Artificial Intelligence and Robotics - machine learning, humanoid
robots, RoboCup, autonomous cars
- Transportation Hacking - with electronics and bus systems
- Studies about Social Networks - e.g. how different networks are being used
- The Long Tail - crowdsourcing, crowdcasting, crowdfunding, peer to peer
- Media and Internet Technologies in education
- Cyberspace identities and gender issues
- Law Enforcement Activities and Active Countersurveillance
- Revolutions
Hi,
A new type of vulnerability is described in which publicly available
information from social network sites obtained out of context, can be
used to identify a user in cases where anonymity is taken for granted.
This attack (dubbed Cross Site Identification, or CSID) assumes the
following scenario: A user that is currently logged on to her social
network account visits a 3rd party site, supposedly anonymously, in
another browser tab. The 3rd party site causes her browser to contact
************************
http://www.HACKATTACK.at/
http://www.HACKATTACK.eu/
Introduction
************************
SocialEngine is a PHP-based social network platform that lets you create a social network on your website.
More Details
************************
1. SQL Injection:
---------------------
'Pointter PHP Micro-Blogging Social Network' Unauthorized Privilege Escalation (CVE-2010-4333)
Mark Stanislav - mark.stanislav@gmail.com
I. DESCRIPTION
---------------------------------------
A vulnerability exists in the 'Pointter PHP Micro-Blogging Social Network' authentication system which allows for administrative privileges by crafting two specific cookies with arbitrary values.
II. TESTED VERSION
This can leverage to access private/sensitive information of
tuenti.com users.
VI. SYSTEMS AFFECTED
-------------------------
Tuenti.com Social network.
VII. SOLUTION
-------------------------
Tuenti already corrected this issue.
iPhone SMS Fuzzing and Exploitation - Charlie Miller, Independent Security Evaluators
The Microsoft View of the 2008 Threat Landscape - Tony Lee, Microsoft
Cloud Defense in the Post-BotWar Era - Ikuo Takahashi
The Android Security Story: Challenges and Solutions for Secure Open Systems - Rich Cannings & Alex Stamos, Google, iSec Partners
Stealthy Rootkit : How malware fools live memory forensics - Tsukasa Ooi, Livegrid
Defending a Social Network - Alex Rice, Facebook
Museum of API Obfuscation on Win32 - Masaki Suenaga, Symantec
!exploitable and Effective Fuzzing Strategies as a Regular Part of Test - Jason Shirk, Microsoft
Analyzing Word and Excel Document Encryption - Eric Filiol, ESIEA - Operational cryptology and Virology Lab
English Dojo: Auditing Java Security, Marc Schoenefeld
Japanese Dojo: Assembler Programming and Reverse Engineering Malware, Yuji Ukai, fourteenforty
* Secure Collaborative Agents
* Using Multi Agent Systems for Security
* Security in Mobile and Wireless Networks
* Security of Ad Hoc and Sensor Networks
* Security in Peer to Peer Networks
* Security in Social Networks
Submission Instructions:
Papers reporting original and unpublished research results on above and
any other related topics are solicited. Submission should include a
* Security and risk management
* Mechanism design and incentives
* Decentralized security algorithms
* Security of networked systems
* Security of Web-based services
* Security of social networks
* Intrusion and anomaly detection
* Resource allocation for security
* Optimized response to malware
* Identity management
* Privacy and security
13:15 Invited Talk: Ahmad Sadeghi, TU Darmstadt
14:15 Session: Attacks
Reverse Social Engineering Attacks in Online Social Networks
Danesh Irani, Marco Balduzzi, Davide Balzarotti, Engin Kirda, Calton Pu
Timing attacks on VoIP PIN input (Short Paper)
Ge Zhang, Simone Fischer-Hübner
Attackers can trigger a successful exploit against a victim user in a
number of ways such as placing a malicious external
library file made as hidden attribute and a seemingly interesting file
in network shares, usb drives, file sharing networks,
social networks, ..etc
7. SOLUTION
Fixed version from the vendor has not been released yet.
http://magazine.hackinthebox.org/issues/HITB-Ezine-Issue-006.pdf
We've got loads of awesome content lined up as always including a
feature article/interview with Joe Sullivan, Chief Security Officer at
social network behemoth Facebook and keynoter at the 2nd annual
HITBSecConf in Europe. Along side Joe, we also sat down with Chris Evans
who participated in the keynote panel discussion on the Economics of
Vulnerabilities to talk about Google's Vulnerability Rewards program.
While we're on the subject of our 2nd annual HITBSecConf, HITB2011AMS,
We're going to lay the room out for 'standing room only', so get there
early to guarantee your squatting rights...
***
"Exposing Interesting, 'Hidden' & Dark Social Network Relationships
with Maltego " by @l0sthighway & @TheSuggmeister
This talk highlights how you can extend the powerful data visualisation
tool, Maltego, to data mine virtually anything with an API or that you
can 'screen scrape'. We will focus specifically on Facebook and Twitter,
Description
------------------
Symphony is a web-based content management system (CMS) that enables
users to create and manage websites and web applications of all shapes
and sizes—from the simplest of blogs to bustling news sites and
feature-packed social networks.
Details
-------------------
Symphony is affected by several XSS and SQL Injection vulnerabilities.
Example PoC urls are as follows :
(IE7/XP full patched)
by rgod, site: http://retrogod.altervista.org/
software site: http://www.imesh.com
"iMesh is a file sharing and online social network. It uses a proprietary,
centralized, P2P protocol. iMesh is owned by an American company iMesh,
Inc. and maintains a development center in Israel.
iMesh was the first company to introduce "swarming" - the ability to download
one file from multiple sources, increasing download speed."
All the Crap Aircrafts Receive and Send - Hendrik Scholz
Teflon: anti-stick for the browsers attack surface - Saumil Shah,
Net-Square
Hacking PXE without reboot (using the BIOS network stack for other
purposes) - Julien Vanegue, CESAR
LeakedOut: the Social Networks You Get Caught In - Jose Orlicki, Core
Dojos (September 28/29):
Reverse Code Engineering - Edgar Barbosa, COSEINC
Practical 802.11 Wi-Fi (In)Security - Cdric Blancher, EADS
Effective Fuzzing using the Peach Fuzzing Platform (2 days) - Michael
SCADA security
Communication systems security
Russian software security
Mobile devices security
Malicious software
Social networks and WEB 2.0 hacking
Program researching without sources
Vulnerability searching and exploiting
Software, hardware and networks researching
This topic list is not full but preferable. Presentations on other subjects can be considered as well.
Overview: SocialURL is a social community platform enabling you to organize your online identities. Connnect to all your social network sites with one URL.
SocialURL fails to sufficiently sanitize user-supplied input data via login box.
Class: Input Validation Error
Example:
1.<script>alert('xss')</script>
2.<iframe>
Discovered by: Joshua Morin
* Security and risk management
* Mechanism design and incentives
* Decentralized security algorithms
* Security of networked systems
* Security of Web-based services
* Security of social networks
* Intrusion and anomaly detection
* Resource allocation for security
* Optimized response to malware
* Identity management
* Privacy and security
>
>> Dear John Smith,
>>
>> Actually, browser DoS may be quite serious vulnerability, depending on
>> nature of DoS. Think about e.g. banner or content exchange network,
>> social networks, web boards, etc where browser vulnerability may be
>> used against site or page because it will harm any visitors of this
>> site or page.
>>
>> In case of this very vulnerability, most serious impact may be from
>> e-mail vector.
Scripting and SQL Injection.
2. BACKGROUND
Elgg is an award-winning social networking engine, delivering the
building blocks that enable businesses, schools, universities and
associations to create their own fully-featured social networks and
applications. Well-known Organizations with networks powered by Elgg
include: Australian Government, British Government, Federal Canadian
Government, MITRE, The World Bank, UNESCO, NASA, Stanford University,
>
>>> Dear John Smith,
>>>
>>> Actually, browser DoS may be quite serious vulnerability, depending on
>>> nature of DoS. Think about e.g. banner or content exchange network,
>>> social networks, web boards, etc where browser vulnerability may be
>>> used against site or page because it will harm any visitors of this
>>> site or page.
>>>
>>> In case of this very vulnerability, most serious impact may be from
>>> e-mail vector.
Site Scripting.
2. BACKGROUND
Elgg is an award-winning social networking engine, delivering the
building blocks that enable businesses, schools, universities and
associations to create their own fully-featured social networks and
applications. Well-known Organizations with networks powered by Elgg
include: Australian Government, British Government, Federal Canadian
Government, MITRE, The World Bank, UNESCO, NASA, Stanford University,
Attackers can trigger a successful exploit against a victim user in a
number of ways such as placing a malicious external
library file made as hidden attribute and a seemingly interesting file
in network shares, usb drives, file sharing networks,
social networks, ..etc
7. SOLUTION
Fixed version from the vendor has not been released yet.
* Security and risk management
* Mechanism design and incentives
* Decentralized security algorithms
* Security of networked systems
* Security of Web-based services
* Security of social networks
* Intrusion and anomaly detection
* Resource allocation for security
* Optimized response to malware
* Identity management
* Privacy and security
|Description|
+-----------+
The Yoono Firefox extension provides an interface for
users to share objects with their friends on social
networks from any website. It allows users to select
images from a website to be shared, which publishes
that image to their friends.
Security-Assessment.com discovered that Yoono's share
function is vulnerable to DOM event handler injection.
> Dear John Smith,
>
> Actually, browser DoS may be quite serious vulnerability, depending on
> nature of DoS. Think about e.g. banner or content exchange network,
> social networks, web boards, etc where browser vulnerability may be
> used against site or page because it will harm any visitors of this
> site or page.
>
> In case of this very vulnerability, most serious impact may be from
> e-mail vector.
###################
Description By vendor
###################
Elgg is an award-winning social networking engine, delivering
the building blocks that enable businesses, schools, universities
and associations to create their own fully-featured social networks
and applications. Organizations with networks powered by Elgg
include: Australian Government, British Government, Federal Canadian
Government, MITRE, The World Bank, UNESCO, NASA, Stanford University,
Dear John Smith,
Actually, browser DoS may be quite serious vulnerability, depending on
nature of DoS. Think about e.g. banner or content exchange network,
social networks, web boards, etc where browser vulnerability may be
used against site or page because it will harm any visitors of this
site or page.
In case of this very vulnerability, most serious impact may be from
e-mail vector.
>> Dear John Smith,
>>
>> Actually, browser DoS may be quite serious vulnerability, depending on
>> nature of DoS. Think about e.g. banner or content exchange network,
>> social networks, web boards, etc where browser vulnerability may be
>> used against site or page because it will harm any visitors of this
>> site or page.
>>
>> In case of this very vulnerability, most serious impact may be from
>> e-mail vector.
Next Page>>
|
|
|
