{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,18]],"date-time":"2025-11-18T23:15:12Z","timestamp":1763507712249,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":69,"publisher":"ACM","license":[{"start":{"date-parts":[[2018,5,29]],"date-time":"2018-05-29T00:00:00Z","timestamp":1527552000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"Austrian Research Promotion Agency (FFG)","award":["862235 (DeSSnet)"],"award-info":[{"award-number":["862235 (DeSSnet)"]}]},{"name":"Styrian Business Promotion Agency (SFG)","award":["862235 (DeSSnet)"],"award-info":[{"award-number":["862235 (DeSSnet)"]}]},{"name":"Carinthian Economic Promotion Fund (KWF)","award":["862235 (DeSSnet)"],"award-info":[{"award-number":["862235 (DeSSnet)"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2018,5,29]]},"DOI":"10.1145\/3196494.3196514","type":"proceedings-article","created":{"date-parts":[[2018,5,31]],"date-time":"2018-05-31T13:18:28Z","timestamp":1527772708000},"page":"297-311","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":9,"title":["Use-After-FreeMail"],"prefix":"10.1145","author":[{"given":"Daniel","family":"Gruss","sequence":"first","affiliation":[{"name":"Graz University of Technology, Graz, Austria"}]},{"given":"Michael","family":"Schwarz","sequence":"additional","affiliation":[{"name":"Graz University of Technology, Graz, Austria"}]},{"given":"Matthias","family":"W\u00fcbbeling","sequence":"additional","affiliation":[{"name":"Fraunhofer FKIE &University of Bonn, Bonn, Germany"}]},{"given":"Simon","family":"Guggi","sequence":"additional","affiliation":[{"name":"Graz University of Technology, Graz, Austria"}]},{"given":"Timo","family":"Malderle","sequence":"additional","affiliation":[{"name":"University of Bonn, Bonn, Germany"}]},{"given":"Stefan","family":"More","sequence":"additional","affiliation":[{"name":"Graz University of Technology, Graz, Austria"}]},{"given":"Moritz","family":"Lipp","sequence":"additional","affiliation":[{"name":"Graz University of Technology, Graz, Austria"}]}],"member":"320","published-online":{"date-parts":[[2018,5,29]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"Jonathan Afek and Adi Sharabani. 2007. Dangling pointer: Smashing the pointer for fun and profit Black Hat 2007 Briefings.  Jonathan Afek and Adi Sharabani. 2007. Dangling pointer: Smashing the pointer for fun and profit Black Hat 2007 Briefings."},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"crossref","unstructured":"Pieter Agten Wouter Joosen Frank Piessens and Nick Nikiforakis. 2015. Seven months' worth of mistakes: A longitudinal study of typosquatting abuse NDSS'15.  Pieter Agten Wouter Joosen Frank Piessens and Nick Nikiforakis. 2015. Seven months' worth of mistakes: A longitudinal study of typosquatting abuse NDSS'15.","DOI":"10.14722\/ndss.2015.23058"},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1145\/953171.803943"},{"volume-title":"The Password Thicket: Technical and Market Failures in Human Authentication on the Web. The 9th Workshop on the Economics of Information Security.","year":"2010","author":"Bonneau Joseph","key":"e_1_3_2_1_4_1"},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1145\/3232755.3232859"},{"key":"e_1_3_2_1_6_1","unstructured":"Matthew Bryant. 2017. The .io Error -- Taking Control of All .io Domains With a Targeted Registration. (July. 2017). https:\/\/thehackerblog.com\/the-io-error-taking-control-of-all-io-domains-with-a-targeted-registration\/  Matthew Bryant. 2017. The .io Error -- Taking Control of All .io Domains With a Targeted Registration. (July. 2017). https:\/\/thehackerblog.com\/the-io-error-taking-control-of-all-io-domains-with-a-targeted-registration\/"},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/2338965.2336769"},{"key":"e_1_3_2_1_8_1","unstructured":"Certified Senders Alliance (CSA). 2016. Admission Criteria - Pertaining to the Participation of Bulk Mailers in the Certified Senders Alliance (CSA). (2016). https:\/\/certified-senders.org\/wp-content\/uploads\/2017\/07\/CSA_Admission_Criteria.pdf  Certified Senders Alliance (CSA). 2016. Admission Criteria - Pertaining to the Participation of Bulk Mailers in the Certified Senders Alliance (CSA). (2016). https:\/\/certified-senders.org\/wp-content\/uploads\/2017\/07\/CSA_Admission_Criteria.pdf"},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/800121.803941"},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/1531914.1531916"},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2014.23357"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2006.31"},{"volume-title":"Bitsquatting: DNS hijacking without exploitation Black Hat 2011 Briefings. https:\/\/media.blackhat.com\/bh-us-11\/Dinaburg\/BH_US_11_Dinaburg_Bitsquatting_WP.pdf","year":"2011","author":"Dinaburg Artem","key":"e_1_3_2_1_13_1"},{"key":"e_1_3_2_1_14_1","unstructured":"Igor Dobrovitski. 2003. Exploit for CVS double free () for linux pserver. (2003).  Igor Dobrovitski. 2003. Exploit for CVS double free () for linux pserver. (2003)."},{"key":"e_1_3_2_1_15_1","unstructured":"Benjamin Edelman. 2003. Large-scale registration of domains with typographical errors. (2003). https:\/\/cyber.harvard.edu\/archived_content\/people\/edelman\/typo-domains\/  Benjamin Edelman. 2003. Large-scale registration of domains with typographical errors. (2003). https:\/\/cyber.harvard.edu\/archived_content\/people\/edelman\/typo-domains\/"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.1980.230482"},{"volume-title":"Technical Report","author":"Gee G","key":"e_1_3_2_1_17_1"},{"key":"e_1_3_2_1_18_1","first-page":"267","article-title":"The Latest Cybersquatting Trend: Typosquatters, Their Changing Tactics, and How to Prevent Public Deception and Trademark Infringement","volume":"11","author":"Gilwit Dara B","year":"2003","journal-title":"Washington University Journal of Law & Policy"},{"key":"e_1_3_2_1_19_1","unstructured":"GMX. 2017 a. Deleting an Account. (2017). https:\/\/support.gmx.com\/account\/managing\/delete.html  GMX. 2017 a. Deleting an Account. (2017). https:\/\/support.gmx.com\/account\/managing\/delete.html"},{"key":"e_1_3_2_1_20_1","unstructured":"GMX. 2017 b. General terms and conditions. (2017). https:\/\/service.gmx.net\/de\/cgi\/g.fcgi\/products\/mail\/agb  GMX. 2017 b. General terms and conditions. (2017). https:\/\/service.gmx.net\/de\/cgi\/g.fcgi\/products\/mail\/agb"},{"key":"e_1_3_2_1_21_1","unstructured":"Google. 2017 a. Recover your Google Account. (2017). https:\/\/support.google.com\/accounts\/answer\/6236295  Google. 2017 a. Recover your Google Account. (2017). https:\/\/support.google.com\/accounts\/answer\/6236295"},{"key":"e_1_3_2_1_22_1","unstructured":"Google. 2017 b. User Agreement. (2017). https:\/\/support.google.com\/mail\/answer\/56256  Google. 2017 b. User Agreement. (2017). https:\/\/support.google.com\/mail\/answer\/56256"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/2556288.2557013"},{"key":"e_1_3_2_1_24_1","unstructured":"Miniwatts Marketing Group. 2017. World Internet Users Statistics and 2017 World Population Stats. (2017). http:\/\/www.internetworldstats.com\/stats.htm  Miniwatts Marketing Group. 2017. World Internet Users Statistics and 2017 World Population Stats. (2017). http:\/\/www.internetworldstats.com\/stats.htm"},{"key":"e_1_3_2_1_25_1","unstructured":"Zoltan Gyongyi and Hector Garcia-Molina. 2005. Web spam taxonomy First international workshop on adversarial information retrieval on the web (AIRWeb 2005).  Zoltan Gyongyi and Hector Garcia-Molina. 2005. Web spam taxonomy First international workshop on adversarial information retrieval on the web (AIRWeb 2005)."},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/2504730.2504753"},{"key":"e_1_3_2_1_27_1","unstructured":"John B Horrigan. 2008. Use of cloud computing applications and services. (Sept. . 2008). http:\/\/www.pewinternet.org\/2008\/09\/12\/use-of-cloud-computing-applications-and-services\/  John B Horrigan. 2008. Use of cloud computing applications and services. (Sept. . 2008). http:\/\/www.pewinternet.org\/2008\/09\/12\/use-of-cloud-computing-applications-and-services\/"},{"key":"e_1_3_2_1_28_1","unstructured":"Troy Hunt. 2017. Have I been pwned? Check if your email has been compromised in a data breach. (2017). https:\/\/haveibeenpwned.com  Troy Hunt. 2017. Have I been pwned? Check if your email has been compromised in a data breach. (2017). https:\/\/haveibeenpwned.com"},{"key":"e_1_3_2_1_29_1","unstructured":"ICANN - Internet Corporation for Assigned Names and Numbers. 2017. Life Cycle of a Typical gTLD Domain Name. (2017). https:\/\/www.icann.org\/resources\/pages\/gtld-lifecycle-2012-02--25-en  ICANN - Internet Corporation for Assigned Names and Numbers. 2017. Life Cycle of a Typical gTLD Domain Name. (2017). https:\/\/www.icann.org\/resources\/pages\/gtld-lifecycle-2012-02--25-en"},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1145\/2078827.2078845"},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/1879141.1879182"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.16"},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516746"},{"volume-title":"Preventing Use-after-free with Dangling Pointers Nullification. NDSS'15","year":"2015","author":"Lee Byoungyoung","key":"e_1_3_2_1_34_1"},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"crossref","unstructured":"Chaz Lever Robert Walls Yacin Nadji David Dagon Patrick McDaniel and Manos Antonakakis . 2016. Domain-Z: 28 registrations later measuring the exploitation of residual trust in domains S&P'16.  Chaz Lever Robert Walls Yacin Nadji David Dagon Patrick McDaniel and Manos Antonakakis . 2016. Domain-Z: 28 registrations later measuring the exploitation of residual trust in domains S&P'16.","DOI":"10.1109\/SP.2016.47"},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978387"},{"key":"e_1_3_2_1_37_1","unstructured":"Lycos. 2017. Lycos Mail Terms of Service. (2017). http:\/\/info.lycos.com\/resources\/terms-of-service\/mail\/  Lycos. 2017. Lycos Mail Terms of Service. (2017). http:\/\/info.lycos.com\/resources\/terms-of-service\/mail\/"},{"key":"e_1_3_2_1_38_1","unstructured":"Mail.ru. 2017 a. Deleting your account. (2017). https:\/\/help.mail.ru\/engmail-help\/registration\/delete  Mail.ru. 2017 a. Deleting your account. (2017). https:\/\/help.mail.ru\/engmail-help\/registration\/delete"},{"key":"e_1_3_2_1_39_1","unstructured":"Mail.ru. 2017 b. User Agreement. (2017). https:\/\/help.mail.ru\/engmail-help\/UA  Mail.ru. 2017 b. User Agreement. (2017). https:\/\/help.mail.ru\/engmail-help\/UA"},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1145\/3038912.3052589"},{"key":"e_1_3_2_1_41_1","unstructured":"James Martindale. 2017. I kinda hacked a few Facebook accounts using a vulnerability they won't fix. (2017). https:\/\/medium.com\/@jkmartindale\/i-kinda-hacked-a-few-facebook-2f5669794f79  James Martindale. 2017. I kinda hacked a few Facebook accounts using a vulnerability they won't fix. (2017). https:\/\/medium.com\/@jkmartindale\/i-kinda-hacked-a-few-facebook-2f5669794f79"},{"key":"e_1_3_2_1_42_1","unstructured":"Microsoft. 2017 a. Deleted Hotmail Account due to Inactivity. (2017). https:\/\/answers.microsoft.com\/en-us\/outlook_com\/forum\/oemail-orestoremail\/d\/252611c1-94d6-4b48-974c-005038ea46f7  Microsoft. 2017 a. Deleted Hotmail Account due to Inactivity. (2017). https:\/\/answers.microsoft.com\/en-us\/outlook_com\/forum\/oemail-orestoremail\/d\/252611c1-94d6-4b48-974c-005038ea46f7"},{"key":"e_1_3_2_1_43_1","unstructured":"Microsoft. 2017 b. How to close your Microsoft account. (2017). https:\/\/support.microsoft.com\/en-us\/help\/12412\/microsoft-account-how-to-close-account  Microsoft. 2017 b. How to close your Microsoft account. (2017). https:\/\/support.microsoft.com\/en-us\/help\/12412\/microsoft-account-how-to-close-account"},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"crossref","unstructured":"W Mills and M Kucherawy. 2014. The Require-Recipient-Valid-Since Header Field and SMTP Service Extension. RFC 7293. Internet Requests for Comments.  W Mills and M Kucherawy. 2014. The Require-Recipient-Valid-Since Header Field and SMTP Service Extension. RFC 7293. Internet Requests for Comments.","DOI":"10.17487\/rfc7293"},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"crossref","unstructured":"Tyler Moore and Richard Clayton. 2014. The ghosts of banking past: Empirical analysis of closed bank websites FC'14.  Tyler Moore and Richard Clayton. 2014. The ghosts of banking past: Empirical analysis of closed bank websites FC'14.","DOI":"10.1007\/978-3-662-45472-5_3"},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-14577-3_15"},{"volume-title":"USENIX Security Symposium.","year":"2010","author":"Motoyama Marti","key":"e_1_3_2_1_47_1"},{"volume-title":"Soundsquatting: Uncovering the use of homophones in domain squatting International Conference on Information Security.","year":"2014","author":"Nikiforakis Nick","key":"e_1_3_2_1_48_1"},{"key":"e_1_3_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1145\/2488388.2488474"},{"key":"e_1_3_2_1_50_1","unstructured":"Oath Inc.. 2017. Terms of Service. (2017). http:\/\/legal.aol.com\/terms-of-service_full-terms\/  Oath Inc.. 2017. Terms of Service. (2017). http:\/\/legal.aol.com\/terms-of-service_full-terms\/"},{"key":"e_1_3_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.1145\/2487788.2488036"},{"key":"e_1_3_2_1_52_1","doi-asserted-by":"publisher","DOI":"10.1145\/2751323.2751327"},{"key":"e_1_3_2_1_53_1","unstructured":"Sara Radicati and Quoc Hoang. 2015. Email statistics report 2011--2015 -- Executive Summary. Technical Report. The Radicati Group Inc. http:\/\/www.radicati.com\/wp\/wp-content\/uploads\/2015\/02\/Email-Statistics-Report-2015-2019-Executive-Summary.pdf  Sara Radicati and Quoc Hoang. 2015. Email statistics report 2011--2015 -- Executive Summary. Technical Report. The Radicati Group Inc. http:\/\/www.radicati.com\/wp\/wp-content\/uploads\/2015\/02\/Email-Statistics-Report-2015-2019-Executive-Summary.pdf"},{"key":"e_1_3_2_1_54_1","unstructured":"Rambler. 2017 a. How to delete an account. (2017). https:\/\/help.rambler.ru\/id\/id-manage\/1200\/  Rambler. 2017 a. How to delete an account. (2017). https:\/\/help.rambler.ru\/id\/id-manage\/1200\/"},{"key":"e_1_3_2_1_55_1","unstructured":"Rambler. 2017 b. Rules for the use of projects and services. (2017). https:\/\/help.rambler.ru\/legal\/1430  Rambler. 2017 b. Rules for the use of projects and services. (2017). https:\/\/help.rambler.ru\/legal\/1430"},{"key":"e_1_3_2_1_56_1","doi-asserted-by":"crossref","unstructured":"Johann Schlamp Josef Gustafsson Matthias W\u00e4hlisch Thomas C Schmidt and Georg Carle. 2015. The abandoned side of the Internet: Hijacking Internet resources when domain names expire International Workshop on Traffic Monitoring and Analysis.  Johann Schlamp Josef Gustafsson Matthias W\u00e4hlisch Thomas C Schmidt and Georg Carle. 2015. The abandoned side of the Internet: Hijacking Internet resources when domain names expire International Workshop on Traffic Monitoring and Analysis.","DOI":"10.1007\/978-3-319-17172-2_13"},{"volume-title":"USENIX Annual Technical Conference. 309--318","year":"2012","author":"Serebryany Konstantin","key":"e_1_3_2_1_57_1"},{"key":"e_1_3_2_1_58_1","doi-asserted-by":"crossref","unstructured":"Jeffrey Spaulding Shambhu Upadhyaya and Aziz Mohaisen. 2016. The landscape of domain name typosquatting: Techniques and countermeasures 11th International Conference on Availability Reliability and Security (ARES).  Jeffrey Spaulding Shambhu Upadhyaya and Aziz Mohaisen. 2016. The landscape of domain name typosquatting: Techniques and countermeasures 11th International Conference on Availability Reliability and Security (ARES).","DOI":"10.1109\/ARES.2016.84"},{"key":"e_1_3_2_1_59_1","unstructured":"Arne Swinnen. 2017. SGX Secure Enclaves in Practice: Security and Crypto Review. (June . 2017). https:\/\/www.arneswinnen.net\/2017\/06\/authentication-bypass-on-ubers-sso-via-subdomain-takeover\/  Arne Swinnen. 2017. SGX Secure Enclaves in Practice: Security and Crypto Review. (June . 2017). https:\/\/www.arneswinnen.net\/2017\/06\/authentication-bypass-on-ubers-sso-via-subdomain-takeover\/"},{"key":"e_1_3_2_1_60_1","unstructured":"The MITRE Corporation. 2017. Common Vulnerabilities and Exposures. (2017). http:\/\/cve.mitre.org\/  The MITRE Corporation. 2017. Common Vulnerabilities and Exposures. (2017). http:\/\/cve.mitre.org\/"},{"key":"e_1_3_2_1_61_1","doi-asserted-by":"publisher","DOI":"10.1145\/3064176.3064211"},{"key":"e_1_3_2_1_62_1","unstructured":"Web.de. 2017 a. Delete Account. (2017). https:\/\/hilfe.web.de\/premium\/vertraege\/loeschen.html  Web.de. 2017 a. Delete Account. (2017). https:\/\/hilfe.web.de\/premium\/vertraege\/loeschen.html"},{"key":"e_1_3_2_1_63_1","unstructured":"Web.de. 2017 b. General terms and conditions. (2017). https:\/\/agb.web.de\/registrierungspflichtig\/AGB\/20170622  Web.de. 2017 b. General terms and conditions. (2017). https:\/\/agb.web.de\/registrierungspflichtig\/AGB\/20170622"},{"key":"e_1_3_2_1_64_1","unstructured":"Nikolaus Wirth. 1976. Pascal Newsletter. (Sept.. 1976) pages29 pages.  Nikolaus Wirth. 1976. Pascal Newsletter. (Sept.. 1976) pages29 pages."},{"key":"e_1_3_2_1_65_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813637"},{"key":"e_1_3_2_1_66_1","unstructured":"Yahoo Holdings Inc.. 2017 a. Close your Yahoo Account. (2017). https:\/\/help.yahoo.com\/kb\/SLN2044.html  Yahoo Holdings Inc.. 2017 a. Close your Yahoo Account. (2017). https:\/\/help.yahoo.com\/kb\/SLN2044.html"},{"key":"e_1_3_2_1_67_1","unstructured":"Yahoo Holdings Inc.. 2017 b. Reasons Yahoo deactivates or deletes an account. (2017). https:\/\/help.yahoo.com\/kb\/SLN3057.html  Yahoo Holdings Inc.. 2017 b. Reasons Yahoo deactivates or deletes an account. (2017). https:\/\/help.yahoo.com\/kb\/SLN3057.html"},{"key":"e_1_3_2_1_68_1","unstructured":"Yandex. 2017. User Agreement for Yandex Services. (2017). https:\/\/yandex.com\/legal\/rules\/  Yandex. 2017. User Agreement for Yandex Services. (2017). https:\/\/yandex.com\/legal\/rules\/"},{"key":"e_1_3_2_1_69_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2015.23190"}],"event":{"name":"ASIA CCS '18: ACM Asia Conference on Computer and Communications Security","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"],"location":"Incheon Republic of Korea","acronym":"ASIA CCS '18"},"container-title":["Proceedings of the 2018 on Asia Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3196494.3196514","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3196494.3196514","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T01:08:39Z","timestamp":1750208919000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3196494.3196514"}},"subtitle":["Generalizing the Use-After-Free Problem and Applying it to Email Services"],"short-title":[],"issued":{"date-parts":[[2018,5,29]]},"references-count":69,"alternative-id":["10.1145\/3196494.3196514","10.1145\/3196494"],"URL":"https:\/\/doi.org\/10.1145\/3196494.3196514","relation":{},"subject":[],"published":{"date-parts":[[2018,5,29]]},"assertion":[{"value":"2018-05-29","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}