{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2023,12,2]],"date-time":"2023-12-02T05:05:03Z","timestamp":1701493503076},"reference-count":36,"publisher":"IGI Global","issue":"3","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2014,7,1]]},"abstract":"<p>Online social networks have changed the way people interact, allowing them to stay in touch with their acquaintances, reconnect with old friends, and establish new relationships with other people based on hobbies, interests, and friendship circles. Unfortunately, the regrettable concurrence of the users' carefree attitude in sharing information, the often sub-par security measures from the part of the system operators and, eventually, the high value of the published information make online social networks an interesting target for crackers and scammers alike. The information contained can be used to trigger attacks to even more sensible targets and the ultimate goal of sociability shared by the users allows sophisticated forms of social engineering inside the system. This work reviews some typical social attacks that are conducted on social networking systems, carrying real-world examples of such violations and analysing in particular the weakness of password mechanisms. It then presents some solutions that could improve the overall security of the systems.<\/p>","DOI":"10.4018\/jitr.2014070104","type":"journal-article","created":{"date-parts":[[2014,10,7]],"date-time":"2014-10-07T15:37:19Z","timestamp":1412696239000},"page":"54-71","source":"Crossref","is-referenced-by-count":3,"title":["Information Attacks on Online Social Networks"],"prefix":"10.4018","volume":"7","author":[{"given":"Enrico","family":"Franchi","sequence":"first","affiliation":[{"name":"Department of Information Engineering, University of Parma, Parma, Italy"}]},{"given":"Agostino","family":"Poggi","sequence":"additional","affiliation":[{"name":"Department of Information Engineering, University of Parma, Parma, Italy"}]},{"given":"Michele","family":"Tomaiuolo","sequence":"additional","affiliation":[{"name":"Department of Information Engineering, University of Parma, Parma, Italy"}]}],"member":"2432","reference":[{"key":"jitr.2014070104-0","doi-asserted-by":"publisher","DOI":"10.1073\/pnas.0904891106"},{"key":"jitr.2014070104-1","unstructured":"Agarwal, A. (2012). Security update & new features. Retrieved January 10, 2014, from https:\/\/blog.dropbox.com\/bre\/07\/security-update-new-features\/"},{"key":"jitr.2014070104-2","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2007.11"},{"key":"jitr.2014070104-3","unstructured":"Bevand, M. (2010). Whitepixel. Retrieved January 10, 2014, from http:\/\/whitepixel.zorinaq.com\/"},{"key":"jitr.2014070104-4","doi-asserted-by":"publisher","DOI":"10.1145\/1526709.1526784"},{"key":"jitr.2014070104-5","doi-asserted-by":"publisher","DOI":"10.1007\/978-1-4614-4139-7_4"},{"key":"jitr.2014070104-6","doi-asserted-by":"publisher","DOI":"10.1145\/1578002.1578005"},{"key":"jitr.2014070104-7","first-page":"708","article-title":"Multicast security: A taxonomy and some efficient constructions. In INFOCOM'99. Eighteenth Annual Joint Conference of the IEEE Computer and Communications Societies.","volume":"2","author":"R.Canetti","year":"1999","journal-title":"Proceedings of the IEEE"},{"key":"jitr.2014070104-8","unstructured":"Cheng, J. (2012). Your iPhone calendar isn\u2019t private\u2014at least if you use the LinkedIn app. Retrieved January 10, 2014, from http:\/\/arstechnica.com\/apple\/2012\/06\/your-iphone-calendar-isnt-privateat-least-if-you-use-the-linkedin-app\/"},{"key":"jitr.2014070104-9","unstructured":"Cubrilovic, N. (2009). RockYou Hack: From Bad To Worse. Retrieved January 10, 2014, from http:\/\/techcrunch.com\/2009\/12\/14\/rockyou-hack-security-myspace-facebook-passwords\/"},{"key":"jitr.2014070104-10","doi-asserted-by":"publisher","DOI":"10.1109\/MCOM.2009.5350374"},{"key":"jitr.2014070104-11","unstructured":"Dai, W. (2009). Crypto++ 5.6.0 Benchmarks. Retrieved January 10, 2014, from http:\/\/www.cryptopp.com\/benchmarks-amd64.html"},{"key":"jitr.2014070104-12","unstructured":"Dragusin, R. (2012). Data breach at IEEE.org: 100k plaintext passwords. Retrieved January 10, 2014, from http:\/\/ieeelog.com\/"},{"key":"jitr.2014070104-13","unstructured":"Felt, A., & Evans, D. (2008). Privacy protection for social networking APIs. 2008 Web 2.0 Security and Privacy (W2SP\u201908)."},{"key":"jitr.2014070104-14","doi-asserted-by":"publisher","DOI":"10.4018\/jec.2013070104"},{"key":"jitr.2014070104-15","unstructured":"Goodin, D. (2013). How the Bible and YouTube are fueling the next frontier of password cracking. Retrieved January 10, 2014, from http:\/\/arstechnica.com\/security\/2013\/10\/how-the-bible-and-youtube-are-fueling-the-next-frontier-of-password-cracking\/"},{"key":"jitr.2014070104-16","unstructured":"Honan, M. (2012). How Apple and Amazon Security Flaws Led to My Epic Hacking. Retrieved January 10, 2014, from http:\/\/www.wired.com\/gadgetlab\/2012\/08\/apple-amazon-mat-honan-hacking"},{"key":"jitr.2014070104-17","doi-asserted-by":"publisher","DOI":"10.1109\/MIC.2011.25"},{"key":"jitr.2014070104-18","doi-asserted-by":"crossref","unstructured":"Li, N., Li, T., & Venkatasubramanian, S. (2007, April). t-closeness: Privacy beyond k-anonymity and l-diversity. In Data Engineering, 2007. ICDE 2007. IEEE 23rd International Conference on (pp. 106-115). IEEE.","DOI":"10.1109\/ICDE.2007.367856"},{"key":"jitr.2014070104-19","unstructured":"Merrill, M., & Beck, B. (2012). League of Legends Account Security Alert. Retrieved January 10, 2014, from http:\/\/euw.leagueoflegends.com\/news\/league-legends-account-security-alert"},{"key":"jitr.2014070104-20","doi-asserted-by":"publisher","DOI":"10.1145\/359168.359172"},{"key":"jitr.2014070104-21","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-45146-4_36"},{"key":"jitr.2014070104-22","first-page":"81","article-title":"A Future-Adaptable Password Scheme.","author":"N.Provos","year":"1999","journal-title":"USENIX Annual Technical Conference, FREENIX Track"},{"key":"jitr.2014070104-23","doi-asserted-by":"publisher","DOI":"10.1145\/1408664.1408667"},{"key":"jitr.2014070104-24","unstructured":"Robertson, A. (2012). LulzSec hackers post data on 8,000 Twitter accounts, but your passwords are safe. Retrieved January 10, 2014, from http:\/\/www.theverge.com\/2012\/6\/12\/3080534\/lulzsec-reborn-twitter-tweetgif-hack"},{"key":"jitr.2014070104-25","unstructured":"Slattery, B. (2011). LastPass, Online Password Manager, May Have Been Hacked. Retrieved January 10, 2014, from http:\/\/www.pcworld.com\/article\/227223\/LastPass_Online_Password_Manager_May_Have_Been_Hacked.html"},{"key":"jitr.2014070104-26","first-page":"111","article-title":"Strategies and struggles with privacy in an online social networking community.","author":"K.Strater","year":"2008","journal-title":"Proceedings of the 22nd British HCI Group Annual Conference on People and Computers: Culture, Creativity, Interaction-Volume 1"},{"key":"jitr.2014070104-27","doi-asserted-by":"publisher","DOI":"10.1057\/palgrave.dddmp.4350099"},{"key":"jitr.2014070104-28","doi-asserted-by":"publisher","DOI":"10.4018\/jitr.2012040101"},{"key":"jitr.2014070104-29","doi-asserted-by":"publisher","DOI":"10.4018\/jisp.2013070104"},{"key":"jitr.2014070104-30","doi-asserted-by":"publisher","DOI":"10.4018\/jvcsn.2013010104"},{"key":"jitr.2014070104-31","unstructured":"Vijayan, J. (2007). TJX data breach: At 45.6M card numbers, it's the biggest ever. Retrieved January 10, 2014, from http:\/\/www.computerworld.com\/s\/article\/9014782"},{"key":"jitr.2014070104-32","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2004.81"},{"key":"jitr.2014070104-33","unstructured":"Yin, S. (2012). Last.FM Joins eHarmony, LinkedIn to Celebrate Breach Week. Retrieved January 10, 2014, from http:\/\/www.pcmag.com\/article.aspx\/curl\/2405492"},{"key":"jitr.2014070104-34","doi-asserted-by":"publisher","DOI":"10.1145\/1526709.1526781"},{"key":"jitr.2014070104-35","doi-asserted-by":"publisher","DOI":"10.1145\/1540276.1540279"}],"container-title":["Journal of Information Technology Research"],"original-title":[],"language":"ng","link":[{"URL":"https:\/\/www.igi-global.com\/viewtitle.aspx?TitleId=116637","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,12,2]],"date-time":"2023-12-02T02:11:43Z","timestamp":1701483103000},"score":1,"resource":{"primary":{"URL":"https:\/\/services.igi-global.com\/resolvedoi\/resolve.aspx?doi=10.4018\/jitr.2014070104"}},"subtitle":[""],"short-title":[],"issued":{"date-parts":[[2014,7,1]]},"references-count":36,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2014,7]]}},"URL":"https:\/\/doi.org\/10.4018\/jitr.2014070104","relation":{},"ISSN":["1938-7857","1938-7865"],"issn-type":[{"value":"1938-7857","type":"print"},{"value":"1938-7865","type":"electronic"}],"subject":[],"published":{"date-parts":[[2014,7,1]]}}}