[HGI-News-de] HGI-Kolloquium am 31.10.2013: "Trusted Friend Attack: Guardian Angels Strike"
Newsletter des Horst Görtz Instituts
hgi-news-deutschland at lists.ruhr-uni-bochum.de
Mo Okt 28 08:12:10 CET 2013
Sehr geehrte Damen und Herren,
im Rahmen des HGI-Kolloquiums, organisiert von der Arbeitsgruppe
Sichere Hardware und dem Horst-Görtz-Institut der Ruhr-Universität
Bochum, wird Ashar Javed von der Ruhr-Universität Bochum, am
nächsten Donnerstag, den 31. Oktober 2013 um 12 Uhr s.t. in Raum
ID 03/411 über folgendes Thema referieren:
"Trusted Friend Attack: Guardian Angels Strike": In this paper, we
survey the "Forgot your password" functionality of fifty social
networks and investigate the security of the password recovery
mechanisms for the important special case that the user has also
lost access to his email account. We were able to compromise
accounts on six social networks (Delicious, Academia, GetGlue,
Lokalisten, Freizeit-Freunde and StayFriends) and block account
on MeetUp due to the weaknesses in the password recovery feature
and help from their untrained support teams.
In addition, we were able to compromise Facebook users
accounts through a novel attack on the password recovery feature
of Facebook that we call Trusted Friend Attack (TFA). We were able to
circumvent reputation-based security mechanisms of Facebook. The only
prerequisite for TFA is that the victim accepts three friendship
requests from different Facebook accounts of the attacker.
We have responsibly reported all attacks to the respective
security teams and they have acknowledged our work. In the end, we
provide general security guidelines for users of social
networks.
Zu diesem und sämtlichen weiteren Vorträgen des HGI-Kolloquiums
sind alle Studenten und Interessierten herzlich eingeladen!
Eine Voranmeldung ist nicht erforderlich!
Weitere Informationen gibt es auf folgender Webseite:
http://hgi.rub.de/hgi/hgi-seminar/
Mit freundlichen Grüßen,
Pascal Sasdrich
--
*************************************************
B.Sc. Pascal Sasdrich
Hardware Security Group
Horst Görtz Institute for IT Security
Ruhr-University Bochum
ID 2/651, Universitaetsstrasse 150
44801 Bochum, Germany
Phone: +49 234-32-29949
Fax: +49 234-32-14389
http://www.sha.rub.de // http://www.emsec.rub.de
*************************************************
Mehr Informationen über die Mailingliste Hgi-News-Deutschland