Evaluating the Security Risks of Freedom on Social Networking Websites

Free registration required

Executive Summary

Many Web 2.0-based social networking sites permit their users to post comments containing a variety of HTML tags on other users' profiles. In this paper, the authors show that allowing arbitrary users to post multimedia HTML content on other users' social network profiles is an attack vector. Specifically, they demonstrate three attacks - the Social-DDoS attack, the Social-C&C attack, and the Browser-choking attack - each of which allows an arbitrary Web user to jeopardize the security of other Web users.

  • Format: PDF
  • Size: 953.37 KB