Web Security Projects and Demos @ NaN

We conducted a study to show how easy it is to trick people into releasing their secrets to strangers, by exploiting their social vulnerabilities. We mined public friendship information from social network websites. 72% of victims who thought they received a message from a friend, disclosed their passwords. The results are published in Communications of the ACM (October 2007). Talk given at a SOUPS 2005 panel and CACR.

This demo shows that fraudsters can make money from ads by generating fake content that looks real enough to search engines and appears original enough to lure people into clicking. This kind of click fraud may not be illegal, but it pollutes the Web.

This demo illustrates how one can exploit comparison shopping engines to bait victims into disclosing their credit card or bank account numbers. Try it, it's safe! (Case study in Phishing and Countermeasures.)

Web forms for email subscriptions can be harvested and exploited to launch DDoS attacks. We demo this attack and illustrate how to defend from it. Published in login.

Could your browser release your personal information without your knowledge? Find out by solving this riddle! (Case study in Phishing and Countermeasures.)

This demo is intended to show that online polls and ratings are unreliable, and that third-party cookies can be tricky.