new social attack vector

Jun. 8th, 2007 07:57 am
dsrtao: dsr as a LEGO minifig (Default)
[personal profile] dsrtao
Let us suppose that our target, Tom, is a habitual user of an RSS aggregator. Early on Tom used the service as a fast browser selector, making filtering decisions but ultimately viewing the content by clicking the links. Soon, however, he starts reading some sources right in the aggregator. Eventually Tom relies on the aggregator for leads, filtering and the majority of reading.

Now Mallory gains control of the aggregator in such a fashion that she can insert, edit and delete stories. Tom has a high degree of unwarranted trust in his news source. I don't see any standard verification mechanisms in place for Tom to assure authenticity...

Google is perfectly positioned to be Mallory.
  • Current Location: again with the bus
  • Add Memory
  • Share This Entry
This account has disabled anonymous posting.
(will be screened if not on Access List)
(will be screened if not on Access List)
If you don't have an account you can create one now.
HTML doesn't work in the subject.
More info about formatting

If you are unable to use this captcha for any reason, please contact us by email at support@dreamwidth.org

 
Notice: This account is set to log the IP addresses of everyone who comments.
Links will be displayed as unclickable URLs to help prevent spam.
Page generated Jun. 15th, 2025 01:44 pm
Powered by Dreamwidth Studios