Authors:
Vittoria Cozza
1
;
Zisis Tsiatsikas
2
;
Mauro Conti
3
and
Georgios Kambourakis
2
Affiliations:
1
Polytechnic University of Bari, Italy
;
2
University of the Aegean, Greece
;
3
University of Padua, Italy
Keyword(s):
Privacy, Offensive Security, Attack, Web-services, Flaws.
Abstract:
Over the last decade online services have penetrated the market and for many of us became an integral part of our software portfolio. On the one hand online services offer flexibility in every sector of the social web, but on the other hand these pros do not come without a cost in terms of privacy. This work focuses on online services, and in particular on the possible inherent design errors which make these services an easy target for privacy invaders. We demonstrate the previous fact using a handful of real-world cases pertaining to popular online web services. More specifically, we show that despite the progress made in raising security/privacy awareness amongst all the stakeholders (developers, admins, users) and the existence of mature security/privacy standards and practices, there still exist a plethora of poor implementations that may put user’s privacy at risk. We particularly concentrate on cases where a breach can happen even if the aggressor has limited knowledge about th
eir target and/or the attack can be completed with limited resources. In this context, the main contribution of the paper at hand revolves around the demonstration of effortlessly exploiting privacy leaks existing in widely-known online services due to software development errors.
(More)