Search For:

Displaying 1-11 out of 11 total
SHPF: Enhancing HTTP(S) Session Security with Browser Fingerprinting
Found in: 2013 Eighth International Conference on Availability, Reliability and Security (ARES)
By Thomas Unger,Martin Mulazzani,Dominik Fruhwirt,Markus Huber,Sebastian Schrittwieser,Edgar Weippl
Issue Date:September 2013
pp. 255-261
Session hijacking has become a major problem in today's Web services, especially with the availability of free off-the-shelf tools. As major websites like Facebook, You tube and Yahoo still do not use HTTPS for all users by default, new methods are needed ...
WSDF Workshop: Welcome from the WSDF Workshop Organizers
Found in: 2012 Seventh International Conference on Availability, Reliability and Security (ARES)
By Slay,Martin Mulazzani,Sebastian Schrittwieser
Issue Date:August 2012
pp. xxxi
Digital Forensics is a developing scientific field that is constantly evolving and adapting to face the key challenges of the domain. These challenges are diverse in nature and range, and are increasing in sophistication. With the even more increasing diss...
Trees Cannot Lie: Using Data Structures for Forensics Purposes
Found in: European Intelligence and Security Informatics Conference
By Peter Kieseberg,Sebastian Schrittwieser,Martin Mulazzani,Markus Huber,Edgar Weippl
Issue Date:September 2011
pp. 282-285
Today's forensic techniques for databases are primarily focused on logging mechanisms and artifacts accessible in the database management systems (DBMSs). While log files, plan caches, cache clock hands, etc. can reveal past transactions, a malicious admin...
Friend-in-the-Middle Attacks: Exploiting Social Networking Sites for Spam
Found in: IEEE Internet Computing
By Markus Huber, Martin Mulazzani, Gerhard Kitzler, Sigrun Goluch, Edgar Weippl
Issue Date:May 2011
pp. 28-34
<p>Friend-in-the-middle attacks on social networking sites can be used to harvest social data in an automated fashion. Attackers can then exploit this data for large-scale attacks using context-aware spam and social phishing. The authors prove the fe...
Social Networking Sites Security: Quo Vadis
Found in: Social Computing / IEEE International Conference on Privacy, Security, Risk and Trust, 2010 IEEE International Conference on
By Markus Huber, Martin Mulazzani, Edgar Weippl
Issue Date:August 2010
pp. 1117-1122
Social networking sites have been studied extensively within the past five years, especially in the area of information security. Within this paper we discuss these emerging web services both regarding possible attack vectors as well as defense strategies....
InnoDB Database Forensics
Found in: Advanced Information Networking and Applications, International Conference on
By Peter Fr├╝hwirt, Marcus Huber, Martin Mulazzani, Edgar R. Weippl
Issue Date:April 2010
pp. 1028-1036
Whenever data is being processed, there are many places where parts of the data are temporarily stored; thus forensic analysis can reveal past activities, create a (partial) timeline and recover deleted data. While this fact is well known for computer fore...
Using the structure of B+-trees for enhancing logging mechanisms of databases
Found in: Proceedings of the 13th International Conference on Information Integration and Web-based Applications and Services (iiWAS '11)
By Edgar Weippl, Lorcan Morgan, Markus Huber, Martin Mulazzani, Peter Kieseberg, Sebastian Schrittwieser
Issue Date:December 2011
pp. 301-304
Today's database management systems implement sophisticated access control mechanisms to prevent unauthorized access and modifications. This is, as an example, an important basic requirement for SOX (Sarbanes--Oxley Act) compliance, whereby every past tran...
Social snapshots: digital forensics for online social networks
Found in: Proceedings of the 27th Annual Computer Security Applications Conference (ACSAC '11)
By Edgar Weippl, Gilbert Wondracek, Manuel Leithner, Markus Huber, Martin Mulazzani, Sebastian Schrittwieser
Issue Date:December 2011
pp. 113-122
Recently, academia and law enforcement alike have shown a strong demand for data that is collected from online social networks. In this work, we present a novel method for harvesting such data from social networking websites. Our approach uses a hybrid sys...
QR code security
Found in: Proceedings of the 8th International Conference on Advances in Mobile Computing and Multimedia (MoMM '10)
By Edgar Weippl, Lindsay Munroe, Manuel Leithner, Martin Mulazzani, Mayank Sinha, Peter Kieseberg, Sebastian Schrittwieser
Issue Date:November 2010
pp. 430-435
This paper examines QR Codes and how they can be used to attack both human interaction and automated systems. As the encoded information is intended to be machine readable only, a human cannot distinguish between a valid and a maliciously manipulated QR co...
Cheap and automated socio-technical attacks based on social networking sites
Found in: Proceedings of the 3rd ACM workshop on Artificial intelligence and security (AISec '10)
By Edgar Weippl, Markus Huber, Martin Mulazzani, Sebastian Schrittwieser
Issue Date:October 2010
pp. 61-64
The vastly and steadily increasing data pool collected by social networking sites can have severe implications once this information becomes available to attackers. Whilst socio-technical attacks such as social engineering relied upon expensive background ...
Exploiting social networking sites for spam
Found in: Proceedings of the 17th ACM conference on Computer and communications security (CCS '10)
By Edgar Weippl, Gerhard Kitzler, Markus Huber, Martin Mulazzani, Sigrun Goluch
Issue Date:October 2010
pp. 693-695
In the ongoing arms race between spammers and the multi-million dollar anti-spam industry, the number of unsolicited e-mail messages (better known as "spam") and phishing has increased heavily in the last decade. In this paper, we show that our novel frien...