DOCSLIB.ORG

On the Privacy Implications of Real Time Bidding

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
On the Privacy Implications of Real Time Bidding On the Privacy Implications of Real Time Bidding A Dissertation Presented by Muhammad Ahmad Bashir to The Khoury College of Computer Sciences in partial fulfillment of the requirements for the degree of Doctor of Philosophy in Computer Science Northeastern University Boston, Massachusetts August 2019 To my parents, Javed Hanif and Najia Javed for their unconditional support, love, and prayers. i Contents List of Figures v List of Tables viii Acknowledgmentsx Abstract of the Dissertation xi 1 Introduction1 1.1 Problem Statement..................................3 1.1.1 Information Sharing Through Cookie Matching...............3 1.1.2 Information Sharing Through Ad Exchanges During RTB Auctions....5 1.2 Contributions.....................................5 1.2.1 A Generic Methodology For Detecting Information Sharing Among A&A companies..................................6 1.2.2 Transparency & Compliance: An Analysis of the ads.txt Standard...7 1.2.3 Modeling User’s Digital Privacy Footprint..................9 1.3 Roadmap....................................... 10 2 Background and Definitions 11 2.1 Online Display Advertising.............................. 11 2.2 Targeted Advertising................................. 13 2.2.1 Online Tracking............................... 14 2.2.2 Retargeted Ads................................ 14 2.3 Real Time Bidding.................................. 14 2.3.1 Overview................................... 15 2.3.2 Cookie Matching............................... 16 2.3.3 Advertisement Served via RTB........................ 17 3 Related Work 18 3.1 The Online Advertising Ecosystem.......................... 18 3.2 Online Tracking.................................... 19 3.2.1 Tracking Mechanisms............................ 19 3.2.2 Users’ Perceptions of Tracking........................ 20 ii 3.2.3 Blocking & Anti-Blocking.......................... 21 3.2.4 Transparency................................. 22 3.3 Real Time Bidding and Cookie Matching...................... 23 4 Tracing Information Flows Between A&A companies Using Retargeted Ads 25 4.1 Methodology..................................... 26 4.1.1 Insights and Approach............................ 27 4.1.2 Instrumenting Chromium........................... 28 4.1.3 Creating Shopper Personas.......................... 29 4.1.4 Collecting Ads................................ 30 4.2 Image Labeling.................................... 31 4.2.1 Basic Filtering................................ 31 4.2.2 Identifying Targeted & Retargeted Ads................... 32 4.2.3 Limitations.................................. 35 4.3 Analysis........................................ 35 4.3.1 Information Flow Categorization....................... 36 4.3.2 Cookie Matching............................... 40 4.3.3 The Retargeting Ecosystem......................... 42 4.4 Summary....................................... 44 5 A Longitudinal Analysis of the ads.txt Standard 46 5.1 Background...................................... 48 5.1.1 Ad Fraud and Spoofing............................ 49 5.1.2 A Brief Intro to ads.txt .......................... 49 5.1.3 ads.txt File Format............................ 50 5.2 Related Work..................................... 51 5.2.1 Ad Fraud................................... 51 5.2.2 ads.txt Adoption............................. 52 5.3 Methodology..................................... 53 5.3.1 Collection of ads.txt Data........................ 53 5.4 Adoption of ads.txt ................................ 55 5.4.1 Publisher’s Perspective............................ 56 5.4.2 Seller’s Perspective.............................. 59 5.5 Compliance...................................... 63 5.5.1 Isolating RTB Ads.............................. 63 5.5.2 Compliance Verification Metrics....................... 63 5.5.3 Results.................................... 64 5.6 Summary....................................... 67 6 Diffusion of User Tracking Data in the Online Advertising Ecosystem 69 6.1 Related Work on Graph Models........................... 71 6.2 Methodology..................................... 72 6.2.1 Dataset.................................... 72 6.2.2 Graph Construction.............................. 73 6.2.3 Detection of A&A Domains......................... 75 iii 6.2.4 Coverage................................... 75 6.3 Graph Analysis.................................... 76 6.3.1 Basic Analysis................................ 76 6.3.2 Cores and Communities........................... 78 6.3.3 Node Importance............................... 79 6.4 Information Diffusion................................. 80 6.4.1 Simulation Goals............................... 80 6.4.2 Simulation Setup............................... 81 6.4.3 Validation................................... 87 6.4.4 Results.................................... 89 6.4.5 Random Browsing Model.......................... 95 6.5 Limitations...................................... 96 6.6 Sumamry....................................... 97 7 Conclusion 99 7.1 Contributions & Impact................................ 100 7.2 Limitations...................................... 102 7.3 Lessons Learned................................... 103 7.3.1 Future Directions............................... 105 Bibliography 108 8 Appendices 126 8.1 Clustered Domains.................................. 126 8.2 Selected Ad Exchanges................................ 126 iv List of Figures 2.1 The display advertising ecosystem. Impressions and tracking data flow left-to-right, while revenue and ads flow right-to-left........................ 15 2.2 Examples of (a) cookie matching and (b) showing an ad to a user via RTB auctions. (a) The user visits publisher p1 Ê which includes JavaScript from advertiser a1 Ë. a1’s JavaScript then cookie matches with exchange e1 by programmatically gener- ating a request that contains both of their cookies . (b) The user visits publisher p2, which then includes resources from SSP s1 and exchange e2 Ê–. e2 solicits bids Í and sells the impression to e1 ÎÏ, which then holds another auction Ð, ultimately selling the impression to a1 ...................... 16 4.1 (a) DOM Tree, and (b) Inclusion Tree......................... 28 4.2 Overlap between frequent A&A domains and A&A domains from Alexa Top-5K.. 29 4.3 Unique A&A domains contacted by each A&A domain as we crawl more pages.. 29 4.4 Average number of images per persona, with standard deviation error bars...... 31 4.5 Screenshot of our AMT HIT, and examples of different types of ads......... 33 4.6 Regex-like rules we use to identify different types of ad exchange interactions. shop and pub refer to chains that begin at an e-commerce site or publisher, respectively. d is the DSP that serves a retarget; s is the predecessor to d in the publisher-side chain, and is most likely an SSP holding an auction. Dot star (:∗) matches any domains zero or more times................................... 36 5.1 Adoption of the ads.txt standard by Alexa Top-100K publishers over time.... 56 5.2 Publisher adoption over alexa ranks.......................... 56 5.3 Number of ads.txt records per publisher...................... 56 5.4 Number of publisher using the same ads.txt file.................. 58 5.5 Clusters of jxj, where x is the # of publishers using the same file........... 58 5.6 Number of seller domains over time.......................... 59 5.7 Authorized sellers over Alexa............................. 59 5.8 Sellers across two snapshots.............................. 59 5.9 Number of sellers and associated publisher IDs (April 2019)............. 60 5.10 Sellers by publisher relationships (April 2019).................... 60 5.11 Number of unique publishers and total entries (across all publishers) for sellers... 60 5.12 Percentage of non-compliant (non-clustered) Seller/Buyer tuples per publisher... 64 v 5.13 Percentage of non-compliant (clustered) Seller/Buyer tuples per publisher...... 64 5.14 Average distance of buyer from first seller across all publishers. Distances are shown for both compliant and non-compliant tuples.................. 66 6.1 An example HTML document and the corresponding inclusion tree, Inclusion graph, and Referer graph. In the DOM representation, the a1 script and a2 img appear at the same level of the tree; in the inclusion tree, the a2 img is a child of the a1 script because the latter element created the former. The Inclusion graph has a 1:1 correspondence with the inclusion tree. The Referer graph fails to capture the relationship between the a1 script and a2 img because they are both embed- ded in the first-party context, while it correctly attributes the a4 script to the a3 iframe because of the context switch........................ 73 6.2 k-core: size of the Inclusion graph WCC as nodes with degree ≤ k are recursively removed........................................ 78 6.3 CDF of the termination probability for A&A nodes.................. 82 6.4 CDF of the mean weight on incoming edges for A&A nodes............. 82 6.5 Examples of my information diffusion simulations. The observed impression count for each A&A node is shown below its name. (a) shows an example graph with two publishers and two ad exchanges. Advertisers a1 and a3 participate in the RTB auctions, as well as DSP a2 that bids on behalf of a4 and a5. (b)–(d) show the flow of data (dark grey arrows) when a user generates impressions on p1 and p2 under three diffusion models. In all three examples, a2 purchases both impressions on behalf of a5, thus they both directly receive information.
Load more

Recommended publications
  • The Web Never Forgets: Persistent Tracking Mechanisms in the Wild
    The Web Never Forgets: Persistent Tracking Mechanisms in the Wild Gunes Acar1, Christian Eubank2, Steven Englehardt2, Marc Juarez1 Arvind Narayanan2, Claudia Diaz1 1KU Leuven, ESAT/COSIC and iMinds, Leuven, Belgium {name.surname}@esat.kuleuven.be 2Princeton University {cge,ste,arvindn}@cs.princeton.edu ABSTRACT 1. INTRODUCTION We present the first large-scale studies of three advanced web tracking mechanisms — canvas fingerprinting, evercookies A 1999 New York Times article called cookies compre­ and use of “cookie syncing” in conjunction with evercookies. hensive privacy invaders and described them as “surveillance Canvas fingerprinting, a recently developed form of browser files that many marketers implant in the personal computers fingerprinting, has not previously been reported in the wild; of people.” Ten years later, the stealth and sophistication of our results show that over 5% of the top 100,000 websites tracking techniques had advanced to the point that Edward employ it. We then present the first automated study of Felten wrote “If You’re Going to Track Me, Please Use Cook­ evercookies and respawning and the discovery of a new ev­ ies” [18]. Indeed, online tracking has often been described ercookie vector, IndexedDB. Turning to cookie syncing, we as an “arms race” [47], and in this work we study the latest present novel techniques for detection and analysing ID flows advances in that race. and we quantify the amplification of privacy-intrusive track­ The tracking mechanisms we study are advanced in that ing practices due to cookie syncing. they are hard to control, hard to detect and resilient Our evaluation of the defensive techniques used by to blocking or removing.
    [Show full text]
  • Zeszyty T 13 2018 Tytulowa I Redakcyjna
    POLITECHNIKA KOSZALIŃSKA Zeszyty Naukowe Wydziału Elektroniki i Informatyki Nr 13 KOSZALIN 2018 Zeszyty Naukowe Wydziału Elektroniki i Informatyki Nr 13 ISSN 1897-7421 ISBN 978-83-7365-501-0 Przewodniczący Uczelnianej Rady Wydawniczej Zbigniew Danielewicz Przewodniczący Komitetu Redakcyjnego Aleksy Patryn Komitet Redakcyjny Krzysztof Bzdyra Walery Susłow Wiesław Madej Józef Drabarek Adam Słowik Strona internetowa https://weii.tu.koszalin.pl/nauka/zeszyty-naukowe Projekt okładki Tadeusz Walczak Skład, łamanie Maciej Bączek © Copyright by Wydawnictwo Uczelniane Politechniki Koszalińskiej Koszalin 2018 Wydawnictwo Uczelniane Politechniki Koszalińskiej 75-620 Koszalin, ul. Racławicka 15-17 Koszalin 2018, wyd. I, ark. wyd. 5,72, format B-5, nakład 100 egz. Druk: INTRO-DRUK, Koszalin Spis treści Damian Giebas, Rafał Wojszczyk ..................................................................................................................................................... 5 Zastosowanie wybranych reprezentacji graficznych do analizy aplikacji wielowątkowych Grzegorz Górski, Paweł Koziołko ...................................................................................................................................................... 27 Semantyczne ataki na aplikacje internetowe wykorzystujące język HTML i arkusze CSS Grzegorz Górski, Paweł Koziołko ..................................................................................................................................................... 37 Analiza skuteczności wybranych metod
    [Show full text]
  • Stuxnet : Analysis, Myths and Realities
    ACTUSÉCU 27 XMCO David Helan STUXNET : ANALYSIS, MYTHS AND REALITIES CONTENTS Stuxnet: complete two-part article on THE virus of 2010 Keyboard Layout: analysis of the MS10-073 vulnerability used by Stuxnet Current news: Top 10 hacking techniques, zero-day IE, Gsdays 2010, ProFTPD... Blogs, softwares and our favorite Tweets... This document is the property of XMCO Partners. Any reproduction is strictly prohibited. !!!!!!!!!!!!!!!!! [1] Are you concerned by IT security in your company? ACTU SÉCU 27 XMCO Partners is a consultancy whose business is IT security audits. Services: Intrusion tests Our experts in intrusion can test your networks, systems and web applications Use of OWASP, OSSTMM and CCWAPSS technologies Security audit Technical and organizational audit of the security of your Information System Best Practices ISO 27001, PCI DSS, Sarbanes-Oxley PCI DSS support Consulting and auditing for environments requiring PCI DSS Level 1 and 2 certification. CERT-XMCO: Vulnerability monitoring Personalized monitoring of vulnerabilities and the fixes affecting your Information System CERT-XMCO: Response to intrusion Detection and diagnosis of intrusion, collection of evidence, log examination, malware autopsy About XMCO Partners: Founded in 2002 by experts in security and managed by its founders, we work in the form of fixed-fee projects with a commitment to achieve results. Intrusion tests, security audits and vulnerability monitoring are the major areas in which our firm is developing. At the same time, we work with senior management on assignments providing support to heads of information- systems security, in drawing up master plans and in working on awareness-raising seminars with several large French accounts.
    [Show full text]
  • 2011-2012 CJFE's Review of Free Expression in Canada
    2011-2012 CJFE’s Review of Free Expression in Canada LETTER FROM THE EDITORS OH, HOW THE MIGHTY FALL. ONCE A LEADER IN ACCESS TO INFORMATION, PEACEKEEPING, HUMAN RIGHTS AND MORE, CANADA’S GLOBAL STOCK HAS PLUMMETED IN RECENT YEARS. This Review begins, as always, with a Report Card that grades key issues, institutions and governmental departments in terms of how their actions have affected freedom of expres- sion and access to information between May 2011 and May 2012. This year we’ve assessed Canadian scientists’ freedom of expression, federal protection of digital rights and Internet JOIN CJFE access, federal access to information, the Supreme Court, media ownership and ourselves—the Canadian public. Being involved with CJFE is When we began talking about this Review, we knew we wanted to highlight a major issue with a series of articles. There were plenty of options to choose from, but we ultimately settled not restricted to journalists; on the one topic that is both urgent and has an impact on your daily life: the Internet. Think about it: When was the last time you went a whole day without accessing the membership is open to all Internet? No email, no Skype, no gaming, no online shopping, no Facebook, Twitter or Instagram, no news websites or blogs, no checking the weather with that app. Can you even who believe in the right to recall the last time you went totally Net-free? Our series on free expression and the Internet (beginning on p. 18) examines the complex free expression. relationship between the Internet, its users and free expression, access to information, legislation and court decisions.
    [Show full text]
  • Tracking the Cookies a Quantitative Study on User Perceptions About Online Tracking
    Bachelor of Science in Computer Science Mars 2019 Tracking the cookies A quantitative study on user perceptions about online tracking. Christian Gribing Arlfors Simon Nilsson Faculty of Computing, Blekinge Institute of Technology, 371 79 Karlskrona, Sweden This thesis is submitted to the Faculty of Computing at Blekinge Institute of Technology in partial fulfilment of the requirements for the degree of Bachelor of Science in Computer Science. The thesis is equivalent to 20 weeks of full time studies. The authors declare that they are the sole authors of this thesis and that they have not used any sources other than those listed in the bibliography and identified as references. They further declare that they have not submitted this thesis at any other institution to obtain a degree. Contact Information: Author(s): Christian Gribing Arlfors E-mail: [email protected] Simon Nilsson E-mail: [email protected] University advisor: Fredrik Erlandsson Department of Computer Science Faculty of Computing Internet : www.bth.se Blekinge Institute of Technology Phone : +46 455 38 50 00 SE–371 79 Karlskrona, Sweden Fax : +46 455 38 50 57 Abstract Background. Cookies and third-party requests are partially implemented to en- hance user experience when traversing the web, without them the web browsing would be a tedious and repetitive task. However, their technology also enables com- panies to track users across the web to see which sites they visit, which items they buy and their overall browsing habits which can intrude on users privacy. Objectives. This thesis will present user perceptions and thoughts on the tracking that occurs on their most frequently visited websites.
    [Show full text]
  • Future Internet (FI) and Innovative Internet Technologies and Mobile Communication (IITM)
    Chair of Network Architectures and Services Department of Informatics Technical University of Munich Proceedings of the Seminars Future Internet (FI) and Innovative Internet Technologies and Mobile Communication (IITM) Summer Semester 2018 26. 2. 2017 – 19. 8. 2018 Munich, Germany Editors Georg Carle, Daniel Raumer, Stephan Gunther,¨ Benedikt Jaeger Publisher Chair of Network Architectures and Services Network Architectures and Services NET 2018-11-1 Lehrstuhl für Netzarchitekturen und Netzdienste Fakultät für Informatik Technische Universität München Proceedings zu den Seminaren Future Internet (FI) und Innovative Internet-Technologien und Mobilkommunikation (IITM) Sommersemester 2018 München, 26. 2. 2017 – 19. 8. 2018 Editoren: Georg Carle, Daniel Raumer, Stephan Günther, Benedikt Jaeger Network Architectures and Services NET 2018-11-1 Proceedings of the Seminars Future Internet (FI) and Innovative Internet Technologies and Mobile Communication (IITM) Summer Semester 2018 Editors: Georg Carle Lehrstuhl für Netzarchitekturen und Netzdienste (I8) Technische Universität München 85748 Garching b. München, Germany E-mail: [email protected] Internet: https://net.in.tum.de/~carle/ Daniel Raumer Lehrstuhl für Netzarchitekturen und Netzdienste (I8) E-mail: [email protected] Internet: https://net.in.tum.de/~raumer/ Stephan Günther Lehrstuhl für Netzarchitekturen und Netzdienste (I8) E-mail: [email protected] Internet: https://net.in.tum.de/~guenther/ Benedikt Jaeger Lehrstuhl für Netzarchitekturen und Netzdienste (I8) E-mail: [email protected] Internet: https://net.in.tum.de/~jaeger/ Cataloging-in-Publication Data Seminars FI & IITM SS 18 Proceedings zu den Seminaren „Future Internet“ (FI) und „Innovative Internet-Technologien und Mobilkom- munikation“ (IITM) München, Germany, 26. 2. 2017 – 19. 8.
    [Show full text]
  • Protecting Consumer Privacy in an Era of Rapid Change: a Proposed Framework for Businesses and Policymakers
    A PROPOSED FRAMEWORK FOR BUSINESSES AND POLICYMAKERS PRELIMINARY FTC STAFF REPORT FEDERAL TRADE COMMISSION | DECEMBER 2010 A PROPOSED FRAMEWORK FOR BUSINESSES AND POLICYMAKERS PRELIMINARY FTC STAFF REPORT DECEMBER 2010 TABLE OF CONTENTS EXECUTIVE SUMMARY...................................................... i I. INTRODUCTION .......................................................1 II. BACKGROUND ........................................................3 A. Privacy and the FTC ...............................................3 1. The FTC Approach to Fair Information Practice Principles...........6 2. Harm-Based Approach .......................................9 B. Recent Privacy Initiatives ..........................................12 1. Enforcement...............................................12 2. Consumer and Business Education .............................13 3. Policymaking and Research...................................14 4. International Activities ......................................17 III. RE-EXAMINATION OF THE COMMISSION’S PRIVACY APPROACH .........19 A. Limitations of the FTC’s Existing Privacy Models.......................19 B. Technological Changes and New Business Models ......................21 IV. PRIVACY ROUNDTABLES .............................................22 A. Description. .....................................................22 B. Major Themes and Concepts from the Roundtables ......................22 1. Increased Collection and Use of Consumer Data ..................23 2. Lack of Understanding Undermines Informed
    [Show full text]
  • PINPOINTING TARGETS: Exploiting Web Analytics to Ensnare Victims
    SPECIAL REPORT FIREEYE THREAT INTELLIGENCE PINPOINTING TARGETS: Exploiting Web Analytics to Ensnare Victims NOVEMBER 2015 SECURITY REIMAGINED SPECIAL REPORT Pinpointing Targets: Exploiting Web Analytics to Ensnare Victims CONTENTS FIREEYE THREAT INTELLIGENCE Jonathan Wrolstad Barry Vengerik Introduction 3 Key Findings 4 The Operation 5 WITCHCOVEN in Action – Profiling Computers and Tracking Users 6 A Means to a Sinister End? 8 Assembling the Pieces 9 Finding a Needle in a Pile of Needles 11 Employ the Data to Deliver Malware 13 Effective, Efficient and Stealthy 15 Likely Intended Targets: Government Officials and Executives in the U.S. and Europe 18 Focus on Eastern Europe and Russian Organizations 18 Similar Reporting 19 Collateral Damage: Snaring Unintended Victims 19 Mitigation 21 Appendix: Technical Details 22 2 SPECIAL REPORT Pinpointing Targets: Exploiting Web Analytics to Ensnare Victims INTRODUCTION The individuals behind this activity have amassed vast amounts of information on OVER web traffic and visitors to more than 100 websites—sites that the threat actors have selectively compromised to gain access to THE their collective audience. PAST we have identified suspected nation-state sponsored cyber actors engaged in a large-scale reconnaissance effort. This effort uses web analytics—the technologies to collect, analyze, and report data from the web—on compromised websites to passively collect information YEAR, from website visitors.1 The individuals behind this activity have amassed vast amounts of information on web traffic and visitors to over 100 websites—sites that the threat actors have selectively compromised to gain access to their collective audience. Web analytics is used every day in much the same way by advertisers, marketers and retailers for insight into the most effective ways to reach their customers and target audiences.
    [Show full text]
  • New Telebots Backdoor: First Evidence Linking Industroyer to Notpetya
    10/14/2018 New TeleBots backdoor links Industroyer to NotPetya for first time (https://www.welivesecurity.com/) New TeleBots backdoor: First evidence linking Industroyer to NotPetya ESET’s analysis of a recent backdoor used by TeleBots – the group behind the massive NotPetya ransomware outbreak – uncovers strong code similarities to the Industroyer main backdoor, revealing a rumored connection that was not previously proven Among the most significant malware-induced cybersecurity incidents in recent years were the attacks against the Ukrainian power grid (https://www.welivesecurity.com/2017/06/12/industroyer-biggest- threat-industrial-control-systems-since-stuxnet/) – which resulted in unprecedented blackouts two years in a row – and the devastating NotPetya ransomware outbreak (https://www.welivesecurity.com/2017/06/27/new-ransomware- attack-hits-ukraine/). Let’s take a look at the links between these major incidents. The first ever malware-enabled blackout in history, which happened in December 2015, was facilitated by the BlackEnergy malware toolkit (https://www.welivesecurity.com/2016/01/04/blackenergy-trojan- strikes-again-attacks-ukrainian-electric-power-industry/). ESET researchers have been following the activity (https://www.welivesecurity.com/2014/10/14/cve-2014-4114-details- august-blackenergy-powerpoint-campaigns/) of the APT group https://www.welivesecurity.com/2018/10/11/new-telebots-backdoor-linking-industroyer-notpetya/ 1/19 10/14/2018 New TeleBots backdoor links Industroyer to NotPetya for first time utilizing BlackEnergy both before and after this milestone event. After th(het t2p0s:1/5/w bwlawc.kwoeulivte, stehcuer igtyr.ocoump/ s) eemed to have ceased actively using BlackEnergy, and evolved into what we call TeleBots (https://www.welivesecurity.com/2016/12/13/rise-telebots-analyzing- disruptive-killdisk-attacks/).
    [Show full text]
  • Chapter Malware, Vulnerabilities, and Threats
    Chapter Malware, Vulnerabilities, and 9 Threats THE FOLLOWING COMPTIA SECURITY+ EXAM OBJECTIVES ARE COVERED IN THIS CHAPTER: ✓ 3.1 Explain types of malware. ■ Adware ■ Virus ■ Spyware ■ Trojan ■ Rootkits ■ Backdoors ■ Logic bomb ■ Botnets ■ Ransomware ■ Polymorphic malware ■ Armored virus ✓ 3.2 Summarize various types of attacks. ■ Man-in-the-middle ■ DDoS ■ DoS ■ Replay ■ Smurf attack ■ Spoofing ■ Spam ■ Phishing ■ Spim ■ Vishing ■ Spear phishing ■ Xmas attack ■ Pharming ■ Privilege escalation ■ Malicious insider threat ■ DNS poisoning and ARP poisoning ■ Transitive access ■ Client-side attacks ■ Password attacks: Brute force; Dictionary attacks; Hybrid; Birthday attacks; Rainbow tables ■ Typo squatting/URL hijacking ■ Watering hole attack ✓ 3.5 Explain types of application attacks. ■ Cross-site scripting ■ SQL injection ■ LDAP injection ■ XML injection ■ Directory traversal/command injection ■ Buffer overflow ■ Integer overflow ■ Zero-day ■ Cookies and attachments; LSO (Locally Shared Objects); Flash Cookies; Malicious add-ons ■ Session hijacking ■ Header manipulation ■ Arbitrary code execution/remote code execution ✓ 3.7 Given a scenario, use appropriate tools and techniques to discover security threats and vulnerabilities. ■ Interpret results of security assessment tools ■ Tools: Protocol analyzer; Vulnerability scanner; Honeypots; honeynets; Port scanner; Passive vs. active tools; Banner grabbing ■ Risk calculations: Threat vs. likelihood ■ Assessment types: Risk; Threat; Vulnerability ■ Assessment technique: Baseline reporting; Code review; Determine attack surface; Review architecture; Review designs ✓ 4.1 Explain the importance of application security controls and techniques. ■ Cross-site scripting prevention ■ Cross-site Request Forgery (XSRF) prevention ■ Server-side vs. client-side validation As we discussed in Chapter 1, “Measuring and Weighing Risk,” everywhere you turn there are risks; they begin the minute you fi rst turn on a computer and they grow exponen- tially the moment a network card becomes active.
    [Show full text]
  • Trend Micro About Trendlabs Security Intelligence Blog Home » Exploits
    Trend Micro About TrendLabs Security Intelligence Blog Search:Home Categories Home » Exploits » Tropic Trooper’s New Strategy Featured Stories Tropic Trooper’s New Strategy 0 systemd Vulnerability Leads Posted on: March 14, 2018 at 7:01 am Posted in: Exploits, Malware, Targeted Attacks to Denial of Service on Author: Trend Micro Linux qkG Filecoder: Self- Replicating, Document- Encrypting Ransomware Mitigating CVE-2017-5689, an Intel Management Engine Vulnerability A Closer Look at North Korea’s Internet From Cybercrime to Cyberpropaganda by Jaromir Horejsi, Joey Chen, and Joseph C. Chen Tropic Trooper (also known as KeyBoy) levels its campaigns against Taiwanese, Philippine, and Security Predictions for 2018 Hong Kong targets, focusing on their government, healthcare, transportation, and high-tech industries. Its operators are believed to be very organized and develop their own cyberespionage tools that they fine-tuned in their recent campaigns. Many of the tools they use now feature new behaviors, including a change in the way they maintain a foothold in the targeted network. Attack Chain Attackers are banking on network vulnerabilities and inherent weaknesses to facilitate massive malware attacks, IoT hacks, and operational disruptions. The ever-shifting threats and increasingly expanding attack surface will challenge users and enterprises to catch up with their security. Read our security predictions for 2018. Business Process Compromise Figure 1. Attack chain of Tropic Trooper’s operations Here’s a summary of the attack chain of Tropic Trooper’s recent campaigns: 1. Execute a command through exploits for CVE-2017-11882 or CVE-2018-0802, security flaws in Microsoft Office’s Equation Editor (EQNEDT32.EXE).
    [Show full text]
  • University of Bradford Ethesis
    University of Bradford eThesis This thesis is hosted in Bradford Scholars – The University of Bradford Open Access repository. Visit the repository for full metadata or to contact the repository team © University of Bradford. This work is licenced for reuse under a Creative Commons Licence. SOCIAL DATA MINING FOR CRIME INTELLIGENCE H. ISAH PHD 2017 Social Data Mining for Crime Intelligence: Contributions to Data Quality Assessment and Prediction Methods Haruna ISAH Submitted for the Degree of Doctor of Philosophy Department of Computer Science University of Bradford 2017 Abstract Haruna Isah Social Data Mining for Crime Intelligence: Contributions to Social Data Quality Assessment and Prediction Methods Keywords: Social networks analysis, data mining, social network data quality, digital crime intelligence With the advancement of the Internet and related technologies, many traditional crimes have made the leap to digital environments. The successes of data mining in a wide variety of disciplines have given birth to crime analysis. Traditional crime analysis is mainly focused on understanding crime patterns, however, it is unsuitable for identifying and monitoring emerging crimes. The true nature of crime remains buried in unstructured content that represents the hidden story behind the data. User feedback leaves valuable traces that can be utilised to measure the quality of various aspects of products or services and can also be used to detect, infer, or predict crimes. Like any application of data mining, the data must be of a high quality standard in order to avoid erroneous conclusions. This thesis presents a methodology and practical experiments towards discovering whether (i) user feedback can be harnessed and processed for crime intelligence, (ii) criminal associations, structures, and roles can be inferred among entities involved in a crime, and (iii) methods and standards can be developed for measuring, predicting, and comparing the quality level of social data instances and samples.
    [Show full text]