DOCSLIB.ORG

Analysis of UI Redressing Attacks and Countermeasures

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Analysis of UI Redressing Attacks and Countermeasures Analysis of UI Redressing Attacks and Countermeasures Marcus Niemietz www.nds.rub.de Analysis of UI Redressing Attacks and Countermeasures Marcus Niemietz Place of birth: Castrop-Rauxel, Germany Email: [email protected] 25th January 2019 Ruhr-University Bochum Horst G¨ortz Institute for IT-Security Chair for Network and Data Security Dissertation zur Erlangung des Grades eines Doktor-Ingenieurs der Fakult¨atf¨urElektrotechnik und Informationstechnik an der Ruhr-Universit¨atBochum First Supervisor: Prof. Dr. rer. nat. J¨org Schwenk Second Supervisor: Prof. Dr. rer. nat. Martin Johns www.nds.rub.de For the last seven years, I had the chance to speak at over 35 international IT security conferences. Moreover, I am part of a small team which has established a popular lecture about Web security (HackPra) at the Ruhr-University in Bochum, an own annual non-profit IT security conference (RuhrSec), and an IT security start-up company (Hackmanit). Since I have started IT security research in 2011, I had the opportunity to contact and work with amazing people resulting in a great friendship. Next to my family, I would like to thank (in alphabetical order): Abraham Aranguren, Thorsten Holz, Tilman Frosch, Robert Hansen, Mario Heiderich, Brad Hill, Jeremiah Grosmann, Martin Grothe, Vincent Immler, Krzysztof Ko- towicz, Christian Mainka, Giorgio Maone, Andreas Mayer, Vladislav Mladenov, Dominik Noß, David Ross, Juraj Somorovsky, Paul Stone, Karsten Tellmann, and Sandra Terstegge. I also want to explicitly thank all of my colleagues from Hackmanit and the Chair of Network and Data security. I would also like to thank my first advisor Prof. Dr. J¨org Schwenk and my second advisor Prof. Dr. Martin Johns. Thank you all for your valuable time. Bochum, 1st April 2019 Abstract UI Redressing (UIR) describes a set of powerful attacks which can be used to circumvent browser security mechanisms like sandboxing and the Same-Origin Policy. In essence, an attacker wants to lure a victim into performing actions out of context by commonly making use of social engineering techniques in combination with invisible elements and hijacked trustworthy events. The set of attacks includes techniques like manipulating the mouse cursor, stealing touch gestures, and maliciously reuse keystrokes. Introduced in 2008, clickjacking was the first UIR attack which made it possible to automatically hijack the camera respectively microphone of the victim by stealing a few left-clicks within a Flash-based browser game. This thesis analyzes fundamentals, attacks, and countermeasures of UIR in depth. In addition to well known techniques, new research results like case studies of new UIR attacks will be provided. As an important contribution to the fundamentals of UIR, the first extensive investigation about the targets of UIR attacks is provided. These targets are called trustworthy events in this thesis, which should not be confused with the concept of trusted events also known from Web security. Based on this investigation, three new UIR attack variants with a minimized visibility were introduced. Furthermore, an empirical study about the DOM-based Same- Origin Policy – perhaps the most important security mechanism for protecting Web applications – is given. Its aim to separate content from different origins can legally be bypassed by using trustworthy events. Therefore, an extensive evaluation is provided about this target of UIR attacks. By looking at UIR attack contributions, this thesis describes novel drag- and-drop attack variants, an SVG masking technique, tabnabbing to redress named windows, a scriptless attack to steal keystrokes, and inter alia browser- less attacks on Android systems that are based on tapjacking. As UIR defense contributions, window spoofing protection mechanisms, JSAgents as a practi- cal alternative to Content Security Policy, and browserless tapjacking defense mechanisms are presented. Zusammenfassung UI-Redressing (UIR) beschreibt eine umfangreiche Menge an Angriffen, die benutzt werden k¨onnen, um browserbasierte Sicherheitsmechanismen wie Sand- boxing und die Same-Origin Policy zu umgehen. In der Regel m¨ochte ein Angreifer das Opfer unter Verwendung von Social-Engineering Techniken in Kombination mit unsichtbaren Elementen und entf¨uhrten Trustworthy-Events dazu bringen, Aktionen auszuf¨uhren, die außerhalb des Kontextes liegen. Die Menge der Angriffe beinhaltet dabei Techniken wie die Manipulation des Mauszeigers, das Stehlen von Touch-Gesten und das b¨osartige Wiederverwen- den von Tastatureingaben. Im Jahr 2008 wurde Clickjacking als erster UIR- Angriff vorgestellt, der erlaubte nach einigen entf¨uhrten Mausklicks innerhalb eines Flash-basierten Browserspiels einen automatischen Zugriff auf die Kamera und das Mikrofon des Opfers zu erhalten. In dieser Arbeit werden auf UIR basierende Grundlagen, Angriffe und Gegen- maßnahmen detailliert analysiert. Dar¨uber hinaus werden neben bekannten Angriffen mitunter neue Forschungsergebnisse aus bspw. Fallstudien ¨uber neue UIR-Angriffe er¨ortert. Als ein wichtiger Beitrag zu den Grundlagen von UIR wird die erste umfangre- iche Untersuchung ¨uber die Ziele von UIR-Angriffen vorgestellt. Diese Ziele wer- den in dieser Arbeit Trustworthy-Events genannt, so dass diese von dem Web- sicherheitskonzept der Trusted-Events abgegrenzt werden k¨onnen. Aufgrund dieser Untersuchungen konnte das Konzept von Trusted-Events ¨uberlistet und drei neue Varianten von UIR-Angriffen, mit einer minimalisierten Sichtbarkeit, eingef¨uhrt werden. Dar¨uber hinaus wird eine empirische Studie ¨uber die DOM basierte Same-Origin Policy, als der vermutlich wichtigste Sicherheitsmechanis- mus von Webapplikationen, beschrieben. Dessen Ziel Inhalte von verschiedenen Herk¨unften zu separieren kann mit der Hilfe von Trustworthy-Events umgangen werden. Aus diesem Grund wurde eine umfangreiche Untersuchunguber ¨ dieses Ziel von UIR-Angriffen durchgef¨uhrt. Im Hinblick auf die Beitr¨agezu UIR-Angriffen werden in dieser Arbeit neuar- tige Drag-and-Drop Angriffsvarianten, Maskierungen mit der Hilfe von SVGs, Tabnabbing und das Umadressieren von benannten Fenstern, skriptlose Angriffe zum Stehlen von Tastatureingaben, sowie unter anderem browserlose Angriffe auf Android-Systeme die auf Tapjacking basieren, beschrieben. Als Beitr¨age zu UIR-Gegenmaßnahmen werden Pr¨aventionsmaßnahmen gegen die Manip- ulation von Browserfenstern, JSAgents als praktische Alternative zur Content Security Policy und browserlose Abwehrmechanismen gegen Tapjacking pr¨asen- tiert. Contents I. Thesis Introduction 1 1. Outline, Contributions, and Publications 2 1.1. Thesis Outline and Contributions .................. 3 1.2. Publications .............................. 5 II. UI Redressing Fundamentals 8 2. Previously Known Fundamentals 9 2.1. Hypertext Transfer Protocol ..................... 9 2.2. Transport Layer Security ...................... 11 2.3. Languages ............................... 11 2.4. Other Attack Techniques ...................... 17 2.5. Cursor ................................. 20 3. Thesis Contributions to Fundamentals 22 3.1. UI Redressing and Trustworthy Events ............... 22 3.2. Same-Origin Policy: Evaluation in Modern Browsers ....... 39 III. UI Redressing Attacks 63 4. Previously Known Attacks 64 4.1. Classic Clickjacking ......................... 65 4.2. Likejacking and Sharejacking .................... 69 4.3. Cursorjacking ............................. 70 4.4. Cookiejacking ............................. 70 4.5. Filejacking ............................... 71 4.6. Double Clickjacking ......................... 72 4.7. Nested Clickjacking .......................... 73 4.8. Drag-and-Drop Operations ..................... 73 4.9. Strokejacking ............................. 74 4.10. Other Clickjacking Techniques ................... 75 5. Thesis Contributions to Attacks 78 5.1. Drag-and-Drop Attacks ....................... 78 5.2. SVG Masking ............................. 81 5.3. Tabnabbing: Attacking Named Windows .............. 83 5.4. Scriptless Attacks: SVG-based keylogger .............. 84 5.5. Browserless Attacks: Tapjacking .................. 87 5.6. Study: Router Web Security Evaluation Revisited ........ 92 i IV. UI Redressing Defense Mechanisms 101 6. Previously Known Defense Mechanisms 102 6.1. JavaScript-based Frame Buster Overview .............102 6.2. Frame Busting ............................103 6.3. Randomization to Detect Clickjacking Campaigns ........114 6.4. X-Frame-Options ...........................114 6.5. Content Security Policy .......................117 6.6. NoScript ................................121 7. Thesis Contributions to Defenses 124 7.1. Spoofing Protection .........................124 7.2. JSAgents: A Practical Alternative to CSP .............125 7.3. Browserless Tapjacking Defense Mechanisms ............133 V. Thesis Final Part 136 8. Conclusions and Outlook 137 9. Appendix 139 10.Bibliography 141 List of Tables 157 List of Figures 158 ii Part I. Thesis Introduction 1 1 Outline, Contributions, and Publications For being such an underestimated attack, UI redressing produces surprising financial consequences: most notably, it prevents Paypal and other payment processors from embedding “one-click-pay” buttons in vendors’ Web pages. Current browser-built-in countermeasures, aimed to restrict cross-origin documents nesting, just can’t solve this problem. Giorgio Maone, InformAction The current era shows that a company like Alphabet could generate a profit of over $27 billion in 2017 by primary using Web technologies.1 This
Load more

Recommended publications
  • ROADS and BRIDGES: the UNSEEN LABOR BEHIND OUR DIGITAL INFRASTRUCTURE Preface
    Roads and Bridges:The Unseen Labor Behind Our Digital Infrastructure WRITTEN BY Nadia Eghbal 2 Open up your phone. Your social media, your news, your medical records, your bank: they are all using free and public code. Contents 3 Table of Contents 4 Preface 58 Challenges Facing Digital Infrastructure 5 Foreword 59 Open source’s complicated relationship with money 8 Executive Summary 66 Why digital infrastructure support 11 Introduction problems are accelerating 77 The hidden costs of ignoring infrastructure 18 History and Background of Digital Infrastructure 89 Sustaining Digital Infrastructure 19 How software gets built 90 Business models for digital infrastructure 23 How not charging for software transformed society 97 Finding a sponsor or donor for an infrastructure project 29 A brief history of free and public software and the people who made it 106 Why is it so hard to fund these projects? 109 Institutional efforts to support digital infrastructure 37 How The Current System Works 38 What is digital infrastructure, and how 124 Opportunities Ahead does it get built? 125 Developing effective support strategies 46 How are digital infrastructure projects managed and supported? 127 Priming the landscape 136 The crossroads we face 53 Why do people keep contributing to these projects, when they’re not getting paid for it? 139 Appendix 140 Glossary 142 Acknowledgements ROADS AND BRIDGES: THE UNSEEN LABOR BEHIND OUR DIGITAL INFRASTRUCTURE Preface Our modern society—everything from hospitals to stock markets to newspapers to social media—runs on software. But take a closer look, and you’ll find that the tools we use to build software are buckling under demand.
    [Show full text]
  • Detecting and Exploiting Misexposed Components of Android Applications
    POLITECNICO DI TORINO Corso di Laurea in Ingegneria Informatica Tesi di Laurea Magistrale Detecting and exploiting misexposed components of Android applications Relatori prof. Antonio Lioy prof. Ugo Buy Francesco Pinci December 2018 To my parents, my sister, and my relatives, who have been my supporters throughout my entire journey, always believing in me, and providing me with continous encouragement. This accomplishment would not have been possible without them. Thank you. Summary Smartphones and tablets have become an essential element in our everyday lives. Everyone use these devices to send messages, make phone calls, make payments, manage appointments and surf the web. All these use cases imply that they have access to and collect user sensitive information at every moment. This has attracted the attention of attackers, who started targetting them. The attraction is demon- strated by the continuous increase in the sophistication and number of malware that has mobile devices as the target [1][2]. The Android project is an open-source software which can be downloaded and studied by anyone. Its openness has allowed, during the years, an intensive in- spection and testing by developers and researches. This led Google to constantly updating its product with new functionalities as well as with bug fixes. Various types of attacks have targetted the Android software but all of them have been mitigated with the introduction of new security mechanisms and extra prevention methods. Starting from September 2018, 16 major versions of the OS have been realized, reducing incredibly the attack surface exposed by the system. The application ecosystem developed by the Android project is a key factor for the incredible popularity of the mobile devices manufactured and sold with the OS.
    [Show full text]
  • IYIR for HTML
    INFOSEC UPDATE 2006 Student Workbook Norwich University June 19-20, 2006 M. E. Kabay, PhD, CISSP-ISSMP Assoc. Prof. Information Assurance Program Director, MSIA BSIA Division of Business Management Norwich University [email protected] Copyright © 2006 M. E. Kabay. All rights reserved. Page 1 INFOSEC UPDATE 2006 -- June 19-20, 2006 01 Introduction Category 01 Introduction 2006-06-12 Introduction M. E. Kabay, PhD, CISSP WELCOME Welcome to the 2005 edition of the Information Security Year in Review (IYIR) project. In 1993 and 1994, I was an adjunct professor in the Institute for Government Informatics Professionals in Ottawa, Canada under the aegis of the University of Ottawa. I taught a one-semester course introducting information security to government personnel and enjoyed the experience immensely. Many of the chapters of my 1996 textbook, _The NCSA Guide to Enterprise Security_ published by McGraw-Hill were field-tested by my students. In 1995, I was asked if I could run a seminar for graduates of my courses to bring them up to date on developments across the entire field of information security. Our course had twenty students and I so enjoyed it that I continued to develop the material and teach the course with the NCSA (National Computer Security Association; later called ICSA and then eventually renamed TruSecure Corporation and finally CyberTrust, its current name) all over the United States, Canada, Europe, Asia and the Caribbean. After a few years of working on this project, it became obvious that saving abstracts in a WordPerfect file was not going to cut it as an orderly method for organizing the increasing mass of information that I was encountering in my research.
    [Show full text]
  • Google Summer of Code 2019
    Google Summer of Code 2019 Contributing for: The Terasology Foundation Biome-centric Gameplay Template / Enhancements for Terasology! 1 ABOUT ME Name Hassaan Ali (TheHxn) Email [email protected] Discord @TheHxn (#3124) GitHub - https://github.com/TheHxn Profiles Forum - https://forum.terasology.org/members/thehxn.3148/ 2 BIOME-CENTRIC GAMEPLAY ENHANCEMENTS 2.1 OVERVIEW This Idea has been chosen from Terasology’s GSoC Ready Ideas board from Trello [1]. Currently biomes are used in a few game settings, but not with a huge impact to gameplay. This idea aims to support greater variety, meaning to biomes and to help make worlds more "alive" as said by Brylie on the forum. 2.2 INTEREST My interest in this project comes from the fact that not many GSoC students are interested in it, so it definitely needs work as it is a very good idea for Terasology giving the game engine a unique feel to it. Also because I have worked very much with terrains, used World Machine, L3DT, Terresculptor terrain generators to generate climate based terrains. I am very interested as to how the world and life biomes could be improved in Terasology. 2.3 PROJECT FUNCTIONS 1. Inspection tool: When a player encounters a plant or animal, they might use an 'inspection' tool. It can show the details of the entity, we can use WordlyToolTip module to give such information. These details could include health, hunger, biome preferences, and genomic information for the inspected entity. 2. Transplant/Transport: Plants and animals can be transplanted between biomes. Animals could be transplanted using the GooKeeper module as a catch-and-release tool.
    [Show full text]
  • Empirical Study on Media Monitoring and Internationalisation Resources
    MULTISENSOR Mining and Understanding of multilinguaL contenT for Intelligent Sentiment Enriched coNtext and Social Oriented inteRpretation FP7-610411 D2.1 Empirical study on media monitoring and internationalisation resources Dissemination level: Public Contractual date of delivery: Month 6, 30 April 2014 Actual date of delivery: Month 6, 30 April 2014 Workpackage: WP2 Multilingual and multimedia content extraction Task: T2.1 Empirical study Type: Report Approval Status: Final Draft Version: 1.1 Number of pages: 172 Filename: D2.1_EmpiricalStudy_2014-04-30_v1.1.pdf Abstract This empirical study identifies the resources and the type of information that needs to be extracted in the project and their encoding types. In addition it reports information retrieval and crawling techniques that could be employed for the extraction of this information. The information in this document reflects only the author’s views and the European Community is not liable for any use that may be made of the information contained therein. The information in this document is provided as is and no guarantee or warranty is given that the information is fit for any particular purpose. The user thereof uses the information at its sole risk and liability. Page 1 Co-funded by the European Union Page 2 D2.1 – V1.1 History Version Date Reason Revised by 0.1 20/03/2014 Draft V. Aleksić (LT) 0.2 03/04/2014 Comments S. Vrochidis (CERTH), I. Arapakis (BM-Y!) 0.3 15/04/2014 Update V.Aleksić (LT) 0.4 16/04/2014 Document for internal review V.Aleksić (LT) 0.5 24/04/2014 Review A.
    [Show full text]
  • Ultimate++ Forum - Mentoring How to Ing-Howto/Index.Html
    Subject: Google Summer of Code Posted by koldo on Mon, 08 Mar 2010 11:08:17 GMT View Forum Message <> Reply to Message Hello all Google Summer of Code is a program that awards with money students that work in approved Open Source projects. To participate in it first the open source project has to apply to it as a "mentor organization". The deadline for this is this Friday 12. Main things to do are: - Open a "ideas" page in web - Fill the mentor organization questionnaire There is few time and few opportunities to be approved but some of us think that we would have to try it. If you can help please answer to this post ASAP. We have only 4 days, so we have to be very constructive talking ONLY about "Applying to GSoC as a Mentoring Organization". Please put other discussions in other posts. If you cannot participate this week but you have an idea for a project please post it, including: - Project description - Experience required to do it Do not forget that there is few time to do the project ("summer of code") so please be specific including only projects to be finished in short time. Some links: - Google Summer of Code 2010 FAQ http://socghop.appspot.com/document/show/gsoc_program/google /gsoc2010 - "ideas" page examples: -- https://svn.boost.org/trac/boost/wiki/soc2009 -- http://wiki.winehq.org/SummerOfCode -- http://wiki.wxwidgets.org/Development:_Student_Projects - Selection criteria http://socghop.appspot.com/document/show/program/google/gsoc 2009/orgcriteria - Advices for mentor organization http://code.google.com/p/google-summer-of-code/wiki/Advicefo
    [Show full text]
  • Brief Industry Trends Report 2H 2008
    ISSN 1985 - 7535 Brief Industry Trends Report 2H 2008 Malaysian Communications and Multimedia Commission (SKMM), 2009 The information or material in this publication is protected under copyright and save where otherwise stated, may be reproduced for non commercial use provided it is reproduced accurately and not used in a misleading context. Where any material is reproduced, SKMM as the source of the material must be identified and the copyright status acknowledged. The permission to reproduce does not extend to any information or material the copyright of which belongs to any other person, organisation or third party. Authorisation or permission to reproduce such information or material must be obtained from the copyright holders concerned. This work is based on sources believed to be reliable, but SKMM does not warrant the accuracy or completeness of any information for any purpose and cannot accept responsibility for any error or omission. Published by: Malaysian Communications and Multimedia Commission Off Persiaran Multimedia 63000 Cyberjaya, Selangor Darul Ehsan Tel: +60 3 86 88 80 00 Fax: +60 3 86 88 10 06 Toll Free: 1- 800-888-030 http://www.skmm.gov.my CONTENTS FOREWORD 2 SUMMARY HIGHLIGHTS 3 C&M MARKET CAPITALISATION AND PERFORMANCE Feeling the Effects of Global Financial Crisis 4 C&M Market Capitalisation Plummeted Significantly 6 Individual C&M Companies Contribution to Bursa Malaysia 7 C&M Companies Share Price Movements 7 C&M Amongst Other Heavyweights 8 Local C&M versus Overseas by Market Capitalisation in US Dollar 9 GOOGLE
    [Show full text]
  • Phpmyadmin Documentation Release 5.1.2-Dev
    phpMyAdmin Documentation Release 5.1.2-dev The phpMyAdmin devel team Sep 29, 2021 Contents 1 Introduction 3 1.1 Supported features............................................3 1.2 Shortcut keys...............................................4 1.3 A word about users............................................4 2 Requirements 5 2.1 Web server................................................5 2.2 PHP....................................................5 2.3 Database.................................................6 2.4 Web browser...............................................6 3 Installation 7 3.1 Linux distributions............................................7 3.2 Installing on Windows..........................................8 3.3 Installing from Git............................................8 3.4 Installing using Composer........................................9 3.5 Installing using Docker..........................................9 3.6 IBM Cloud................................................ 14 3.7 Quick Install............................................... 14 3.8 Verifying phpMyAdmin releases..................................... 16 3.9 phpMyAdmin configuration storage................................... 17 3.10 Upgrading from an older version..................................... 19 3.11 Using authentication modes....................................... 19 3.12 Securing your phpMyAdmin installation................................ 26 3.13 Using SSL for connection to database server.............................. 27 3.14 Known issues..............................................
    [Show full text]
  • How to Write a Scientific Report
    How to Write an EEI Contents: 1. Formatting your report………………………………………………………….page 3 Grammar v Tense………………………. page 5 Data V Crap………………………………… page 5 Googling ……………………………………. page 6 Referencing………………………………… page 8 Bibliography………………………………. page 12 2. Planning your investigation…………………………………………………..page 14 Variables……………………………………… page 16 Assumptions……………………………….. page 16 Experimental Replication……………. page 17 Checklist for Experimental Design page 17 3. Writing your Report……………………………………………………………….page 17 Title ……………………………………………… page 19 Abstract ………………………………………. page 20 Introduction…………………………………. page 21 Hypothesis ………………………………….. page 22 Risk Assessment………………………….. page 23 Variables………………………………………. Page 24/25 Method…………………………………………. Page 26 Results…………………………………………. page 27 Discussion ………………………………….. page 28, 29, 30 Conclusion ………………………………….. page 31 Literature Cited / Bibliography ….. page 33 Appendices………………………………….. page 34 APPENDICIES Appendix 1 – Data Analysis Appendix 3 – Scientific Drawings Appendix 4 – Literature Reviews Appendix 5 – Example/model reports Appendix 6 – False Positive Data Analysis FORMATTING YOUR REPORT Before you start Grammar and Tense FORMATTING Data v Crap! Qualitative v Quantitative data „Googling‟ How to search online Referencing How to cite reference within your text Bibliography How to write a scientific bibliography Use past tense, third person when writing your report…. e.g. “The research into the corrosion of metals was performed to see if …..” not “We did the experiment to see if….” FORMATTING “It
    [Show full text]
  • Google Enterprise for Manufacturing: Become a Connected Manufacturer
    Google Enterprise for Manufacturing: Become a Connected Manufacturer By Doug Bartholomew Over the past two decades, manufac- productivity and email; mapping software turing enterprises have installed numerous for visualizing geographic business data; a types of systems to help run their businesses. cloud-based infrastructure for software devel- These include enterprise resource planning, opment, computing, data storage and query; customer relationship management, manu- and a comprehensive search capability that facturing execution systems, Web portals, leads the industry. groupware, email, search, mapping software, Google Enterprise enables manufacturers to and on and on. work together more easily; visualize their busi- Yet, some of the most basic functions—such ness data; build, store, and scale applications as enabling employees around the globe to and websites on Google’s cloud; and find the communicate and collaborate securely and information they need when they need it. reliably from any location—continue to pose challenges for manufacturers. Similarly, the WORK BETTER TOGETHER ability to search an ERP system for sales leads, More than 5 million businesses depend on or to create a geographic view of customer Google Apps for Business to help employees concentration in a specific region, should be collaborate and be more productive, wher- easy for most business users, but often requires ever and whenever they work. With hosted an IT specialist. documents including text, spreadsheets and For manufacturers struggling with the presentations, Web-based video access and complexity and cost of these systems, Google easy site-building tools, Google Apps makes Enterprise offers a simple, yet elegant, suite information accessible from just about any of applications and tools designed to make browser or smartphone.
    [Show full text]
  • Visitbyroad.Com Creates Australia's Most Comprehensive Online Tourism Platform with Google Maps & Google Search Appliance
    Case Study | Google Maps API and Google Search Appliance Visitbyroad.com creates Australia’s most comprehensive online tourism platform with Google Maps & Google Search Appliance Company With the tagline ”Enjoy the Journey,” Visitbyroad, which began operations in 2013, is arguably Australia’s best online trip-planning website. Users can search, create, save, edit, and share personalised itineraries via At a Glance Twitter, Facebook, print, or emailed PDFs that include dynamic, map- What they wanted to do based planning, photos, and the quickest route-driving directions. • Create Australia’s most comprehensive They can customise their own journeys, including attractions, events, online tourism platform • Unite supply with demand for operators business listings, daily deals, and accommodations available along the way. and tourists on the road Unlike other sites, Visitbyroad does not charge for booking; instead, the • Provide users with a high functionality, goal is to become the website of choice for those who want to make user friendly, map-based digital every journey a memorable experience. travel platform • Use the world’s leading search and Challenge mapping technology provider to Co-founders Randall Walker and Peter Hale have more than 50 years of ensure market-leading capabilities combined experience in regional tourism, and conducted two years of • Run the business efficiently research before embarking on Visitbyroad. They found that the most What they did common feedback from people arriving at a destination for a short stay was • Partnered with DMSBT to integrate Google that they did not understand all that was available to see and do in the area. Maps API and the Google Search Appliance If they had, they may have stayed longer or enjoyed the experience more.
    [Show full text]
  • Exploring Mood on the Web
    ESSE: Exploring Mood on the Web Sara Owsley Sood and Lucy Vasserman Computer Science Department, Pomona College 185 East Sixth Street, Room 232 Claremont, CA 91711 [email protected], [email protected] Abstract Google or Yahoo! afford. Rather, it enables the user to Future machines will connect with users on an emotional browse their topically relevant search results by mood, level in addition to performing complex computations providing the user with a unique perspective on the topic at (Norman 2004). In this article, we present a system that hand. Consider a user wishing to read opinions about the adds an emotional dimension to an activity that Internet new president of the United States. Typing “President users engage in frequently, search. ESSE, which stands for Obama” into a Google search box will return (among other Emotional State Search Engine, is a web search engine that results), a few recent news stories about Obama, the goes beyond facilitating a user’s exploration of the web by Whitehouse’s website, as well as a wikipedia article about topic, as search engines such as Google or Yahoo! afford. him. Typing “President Obama” to a Google Blog Search Rather, it enables the user to browse their topically relevant box user a bit closer to their goal in that all of the results search results by mood, providing the user with a unique perspective on the topic at hand. Consider a user wishing to are indeed blogs (typically opinions) about Obama. read opinions about the new president of the United States. However, where blog search engines fall short is in Typing “President Obama” into a Google search box will providing users with a way to navigate and digest the return (among other results), a few recent news stories about vastness of the blogosphere, the incredible number of Obama, the Whitehouse’s website, as well as a wikipedia results for the query “President Obama” (approximately article about him.
    [Show full text]