nach oben

Erschienen in:

2015 | OriginalPaper | Buchkapitel

Gathering and Analyzing Identity Leaks for Security Awareness

verfasst von : David Jaeger, Hendrik Graupner, Andrey Sapegin, Feng Cheng, Christoph Meinel

Erschienen in: Technology and Practice of Passwords

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

The amount of identity data leaks in recent times is drastically increasing. Not only smaller web services, but also established technology companies are affected. However, it is not commonly known, that incidents covered by media are just the tip of the iceberg. Accordingly, more detailed investigation of not just publicly accessible parts of the web but also deep web is imperative to gain greater insight into the large number of data leaks. This paper presents methods and experiences of our deep web analysis. We give insight in commonly used platforms for data exposure, formats of identity related data leaks, and the methods of our analysis. On one hand a lack of security implementations among Internet service providers exists and on the other hand users still tend to generate and reuse weak passwords. By publishing our results we aim to increase awareness on both sides and the establishment of counter measures.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel Unrevealed Patterns in Password Databases Part One: Analyses of Cleartext Passwords

Nächstes Kapitel PassCue: The Shared Cues System in Practice

DataLossDB - http://datalossdb.org/.

BSI Security Check - https://www.sicherheitstest.bsi.de/.

Survela - https://survela.com/.

BreachAlarm - https://breachalarm.com/.

PwnedList - https://pwnedlist.com/.

HPI Identity Leak Checker - https://sec.hpi.de/leak-checker.

PasteBin - http://pastebin.com.

AnonFiles - https://anonfiles.com.

LeakedIn - http://www.leakedin.com/.

PHPass - http://www.openwall.com/phpass/.

hashcat - http://hashcat.net/hashcat/.

John the Ripper - http://www.openwall.com/john/.

bcrypt library - http://bcrypt.sourceforge.net/.

Important Customer Security Announcement. http://blogs.adobe.com/conversations/2013/10/important-customer-security-announcement.html

Symantec Corporation. Internet Security Threat Report (2014)

Data Breach QuickView: An Executive’s Guide to 2013 Data Breach Trends. Presentation, Risk Based Security, February 2014

Parno, B., McCune, J.M. et al.: CLAMP: practical prevention of large-scale data leaks. In: 2013 IEEE Symposium on Security and Privacy 0, pp. 154–169 (2009). doi:http://doi.ieeecomputersociety.org/10.1109/SP.2009.21. ISSN: 1081–6011

Mirante, D., Cappos, J.: Understanding Password Database Compromises. Technical report TR-CSE-2013-02, Department of Computer Science and Engineering Polytechnic Institute of NYU (2013)

Ives, B., Walsh, K.R., Schneider, H.: The domino effect of password reuse. In: Commun. ACM 47(4), 75–78, April 2004. doi:10.1145/975817.975820, url:http://doi.acm.org/10.1145/975817.975820, issn: 0001–0782

Castelluccia, C., Chaabane, A., et al.: When privacy meets security: leveraging personal information for password cracking. In: ArXiv e-prints, April 2013

High-Tech Bridge. 300,000 Compromised Accounts Available on Pastebin: Just the Tip of Cybercrime Iceberg. Web site, February 2014. https://www.htbridge.com/news/300_000_compromised_accounts_available_on_pastebin.html. Accessed on January 07 2014

Krebs, B.: Adobe Breach Impacted At Least 38 Million Users. Web Site, October 2013. http://krebsonsecurity.com/2013/10/adobe-breach-impacted-at-least-38-million-users/. Accessed on January 07 2014

10.

Holz, T., Engelberth, M., Freiling, F.: Learning more about the underground economy: a case-study of keyloggers and dropzones. In: Backes, M., Ning, P. (eds.) ESORICS 2009. LNCS, vol. 5789, pp. 1–18. Springer, Heidelberg (2009) CrossRef

11.

Krebs, B.: Adobe To Announce Source Code, Customer Data Breach. Web Site, October 2013. http://krebsonsecurity.com/2013/10/adobe-to-announce-source-code-customer-data-breach/. Accessed on January 07 2014

12.

Nadji, Y., Antonakakis, M. et al.: Beheading hydras: performing effective botnet takedowns. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security, CCS 2013, pp. 121–132. ACM, New York (2013)

13.

Stone-Gross, B., Cova, M. et al.: Your botnet is my botnet: analysis of a botnet takeover. In: Proceedings of the 16th ACM Conference on Computer and Communications Security. CCS 2009, pp. 635–647. ACM, New York (2009)

14.

Dingledine, R., Mathewson, N., Syverson, P.: Tor: the second-generation onion router. In: Proceedings of the 13th USENIX Security Symposium, August 2004

15.

The Tor Project. Tor: Hidden Service Protocol. Web Site. https://www.torproject.org/docs/hidden-services.html.en. Accessed on January 07 2014

16.

Bonneau, J., Xu, R.: Character encoding issues for web passwords. In: Web 2.0 Security & Privacy 2012 (W2SP) (2012)

17.

Wang, X., Yu, H.: How to break MD5 and other hash functions. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 19–35. Springer, Heidelberg (2005) CrossRef

18.

Hillerup, J.C.: Cryptanalysis and its Applications to Password Hashing. MA thesis. KTH Information and Communication Technology (2013)

19.

Narayanan, A., Shmatikov, V.: Fast dictionary attacks on passwords using time-space tradeoff. In: Proceedings of the 12th ACM Conference on Computer and Communications Security (2005)

20.

Teat, C., Peltsverger, S.: The security of cryptographic hashes. In: Proceedings of the 49th Annual Southeast Regional Conference, March 2011

Titel: Gathering and Analyzing Identity Leaks for Security Awareness
verfasst von: David Jaeger
Hendrik Graupner
Andrey Sapegin
Feng Cheng
Christoph Meinel
Verlag: Springer International Publishing
Buch: Technology and Practice of Passwords
Print ISBN: 978-3-319-24191-3

Electronic ISBN: 978-3-319-24192-0

Copyright-Jahr: 2015
DOI: https://doi.org/10.1007/978-3-319-24192-0_7

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"