Grids and grid technologies for wide-area distributed computing
Software—Practice & Experience
Information revelation and privacy in online social networks
Proceedings of the 2005 ACM workshop on Privacy in the electronic society
Structure and evolution of online social networks
Proceedings of the 12th ACM SIGKDD international conference on Knowledge discovery and data mining
Puppetnets: misusing web browsers as a distributed attack infrastructure
Proceedings of the 13th ACM conference on Computer and communications security
Defeating script injection attacks with browser-enforced embedded policies
Proceedings of the 16th international conference on World Wide Web
Browser-based distributed evolutionary computation: performance and scaling behavior
Proceedings of the 9th annual conference companion on Genetic and evolutionary computation
Measurement and analysis of online social networks
Proceedings of the 7th ACM SIGCOMM conference on Internet measurement
Poking facebook: characterization of osn applications
Proceedings of the first workshop on Online social networks
Antisocial Networks: Turning a Social Network into a Botnet
ISC '08 Proceedings of the 11th international conference on Information Security
COMPSAC '08 Proceedings of the 2008 32nd Annual IEEE International Computer Software and Applications Conference
A Survey of Botnet Technology and Defenses
CATCH '09 Proceedings of the 2009 Cybersecurity Applications & Technology Conference for Homeland Security
Network-Based Dictionary Attack Detection
ICFN '09 Proceedings of the 2009 International Conference on Future Networks
Bringing Web 2.0 to the Old Web: A Platform for Parasitic Applications
INTERACT '09 Proceedings of the 12th IFIP TC 13 International Conference on Human-Computer Interaction: Part I
Hi-index | 0.00 |
The programming interface (API) for application developers associated with a social network has become a de-facto standard in the modern web development. These features can be exploited by a malicious user in order to trick common users of social networks into unknowingly performing various malicious tasks. This paper shows how a distributed dictionary attack can be performed in such manner. A proof of concept application for a real-world social network has been developed to illustrate this concept. During the application development only legitimate web technologies were used. However, the application execution results in an attack on a remote web server while the user of the application is unaware of its true nature. It is also illustrated how web technologies and JavaScript in particular can be used for distributed computing, a fairly new concept introduced in the past few years. The developed application distributes parts of the dictionary to its clients resulting in a faster attack rate as more users execute the application.