332 research outputs found
A Study of Existing Cross-Site Scripting Detection and Prevention Techniques Using XAMPP and VirtualBox
Most operating websites experience a cyber-attack at some point. Cross-site Scripting (XSS) attacks are cited as the top website risk. More than 60 percent of web applications are vulnerable to them, and they ultimately are responsible for over 30 percent of all web application attacks. XSS attacks are complicated, and they often are used in conjunction with social engineering techniques to cause even more damage. Although prevention techniques exist, hackers still find points of vulnerability to launch their attacks. This project explored what XSS attacks are, examples of popular attacks, and ways to detect and prevent them. Using knowledge gained and lessons-learned from analyzing prior XSS incidents, a simulation environment was built using XAMPP and VirtualBox. Four typical XSS attacks were launched in this virtual environment, and their potential to cause significant damage was measured and compared using the Common Vulnerability Scoring System (CVSS) Calculator. Recommendations are offered for approaches to impeding XSS attacks including solutions involving sanitizing data, whitelisting data, implementing a content security policy and statistical analysis tools
Virtual migrant communities: 'Orkut' and the Brazilian case
"This paper attempts to provide some insights into ethnography on the internet, more specifically
research on the use of Social Network Sites (SNSs) by migrants. Starting from the Brazilian
migrant communities in Europe, it raises the question of the usability of the analysis of
virtual migrant communities for the study of transnational networks. Can offline and online
observations be combined? Does virtual research lead to high quality data? The paper illustrates
the methodology of virtual research by exploring the example of the online social network
site âOrkutâ which is enormously popular among Brazilians, both among those who are
residing within Brazil as among those who migrate. Providing an important resource for migrants
from different social classes, Orkut plays a significant role as an access gate to information
and as a place where the status of Brazilian migrants can be discussed. It also functions
as a stage to re-affirm Brazilian nationality. Within the variety of Brazilian websites,
magazines and satellite channels, Orkut is often mentioned as the most important application
to keep in touch with other Brazilians inside and outside Brazil. Recognizing the growing importance
of SNSs such as Orkut, a growing body of scholarship addresses several aspects
of these sites and the practices they enable. Most scholars recognise the importance of
these SNSs for community formation and the formation of a diasporic public sphere. This
paper highlights the significance of social network sites as a topic of research. The fact that
participation on social network sites leaves online traces offers unprecedented opportunities
for researchers. Even so, because of the relatively recentness of SNSs, there are some
methodological and ethical limitations. These will also be discussed and further explored." [author's abstract
The role of social networks in studentsâ learning experiences
The aim of this research is to investigate the role of social networks in computer science education. The Internet shows great potential for enhancing collaboration between people and the role of social software has become increasingly relevant in recent years. This research focuses on analyzing the role that social networks play in studentsâ learning experiences. The construction of studentsâ social networks, the evolution of these networks, and their effects on the studentsâ learning experience in a university environment are examined
Mapping web personal learning environments
A recent trend in web development is to build platforms which are carefully designed to host a plurality of software components (sometimes called widgets or plugins) which can be organized or combined (mashed-up) at user's convenience to create personalized environments. The same holds true for the web development of educational applications. The degree of personalization can depend on the role of users such as in traditional virtual learning environment, where the components are chosen by a teacher in the context of a course. Or, it can be more opened as in a so-called personalized learning environment (PLE). It now exists a wide array of available web platforms exhibiting different functionalities but all built on the same concept of aggregating components together to support different tasks and scenarios. There is now an overlap between the development of PLE and the more generic developments in web 2.0 applications such as social network sites. This article shows that 6 more or less independent dimensions allow to map the functionalities of these platforms: the screen dimensionmaps the visual integration, the data dimension maps the portability of data, the temporal dimension maps the coupling between participants, the social dimension maps the grouping of users, the activity dimension maps the structuring of end usersâinteractions with the environment, and the runtime dimensionmaps the flexibility in accessing the system from different end points. Finally these dimensions are used to compare 6 familiar Web platforms which could potentially be used in the construction of a PLE
Rhythms of social interaction: messaging within a massive online network
We have analyzed the fully-anonymized headers of 362 million messages
exchanged by 4.2 million users of Facebook, an online social network of college
students, during a 26 month interval. The data reveal a number of strong daily
and weekly regularities which provide insights into the time use of college
students and their social lives, including seasonal variations. We also
examined how factors such as school affiliation and informal online friend
lists affect the observed behavior and temporal patterns. Finally, we show that
Facebook users appear to be clustered by school with respect to their temporal
messaging patterns
Improving Security and Privacy in Online Social Networks
Online social networks (OSNs) have gained soaring popularity and are among the most popular sites on the Web. With OSNs, users around the world establish and strengthen connections by sharing thoughts, activities, photos, locations, and other personal information. However, the immense popularity of OSNs also raises significant security and privacy concerns. Storing millions of users\u27 private information and their social connections, OSNs are susceptible to becoming the target of various attacks. In addition, user privacy will be compromised if the private data collected by OSNs are abused, inadvertently leaked, or under the control of adversaries. as a result, the tension between the value of joining OSNs and the security and privacy risks is rising.;To make OSNs more secure and privacy-preserving, our work follow a bottom-up approach. OSNs are composed of three components, the infrastructure layer, the function layer, and the user data stored on OSNs. For each component of OSNs, in this dissertation, we analyze and address a representative security/privacy issue. Starting from the infrastructure layer of OSNs, we first consider how to improve the reliability of OSN infrastructures, and we propose Fast Mencius, a crash-fault tolerant state machine replication protocol that has low latency and high throughput in wide-area networks. For the function layer of OSNs, we investigate how to prevent the functioning of OSNs from being disturbed by adversaries, and we propose SybilDefender, a centralized sybil defense scheme that can effectively detect sybil nodes by analyzing social network topologies. Finally, we study how to protect user privacy on OSNs, and we propose two schemes. MobiShare is a privacy-preserving location-sharing scheme designed for location-based OSNs (LBSNs), which supports sharing locations between both friends and strangers. LBSNSim is a trace-driven LBSN model that can generate synthetic LBSN datasets used in place of real datasets. Combining our work contributes to improving security and privacy in OSNs
- âŠ