Saturday, March 13, 2010

Attack Unmasks User Behind the Browser

Researchers develop proof-of-concept that exploits social networking patterns to 'deanonymize' online users

Vienna University of Technology researchers have developed the "deanonymization" attack as a way to reveal the identity of Internet users based on their interactions in social networks. The attack uses social networking groups as well as traditional browser history-stealing tactics to single out specific users.

The researchers focused on Germany's Xing business social network and Facebook and matched stolen browsing histories with social network group members to identify users. "It is the combination of history stealing and group information that is novel," says Vienna University post-doctoral researcher Gilbert Wondracek. Criminals could use the deanonymization method for targeted attacks, which only requires that the victim visit a malicious Web site that contains the attack code.

There is no fix for the attack, but users can turn off their browsing history or use a private-browsing mode to minimize the risk.

Refer here for more details.

No comments: