i know what you did last summer new persistent tracking
play

I know what you did last summer: New persistent tracking mechanisms - PowerPoint PPT Presentation

Jan 18, 2024 •252 likes •576 views

I know what you did last summer: New persistent tracking mechanisms in the wild Stefano Belloro & Dr Alexios Mylonas $whoami Currently: Lecturer, Cyber Security @BU Previously: PhD in Cyber Security & BSc @AUEB MSc

  1. I know what you did last summer: New persistent tracking mechanisms in the wild Stefano Belloro & Dr Alexios Mylonas

  2. $whoami Currently: – Lecturer, Cyber Security @BU Previously: – PhD in Cyber Security & BSc @AUEB – MSc Information Security @RHUL – Security Consultant

  3. $id belloro Currently: – Software Engineering Manager @BBC Previously: – M.Sc. in software engineering and Internet architecture

  4. Web • The world wide web (www) has changed our lives • We spend more than 34h per week accessing online content

  5. Web • Mobile devices are the primary means used to access the web

  6. Web Threats? Malware Browser Phishing exploita- tion kits Threats Malverti- Profiling sing /tracking Watering hole attacks

  7. Protection from web threats? Can (mobile|desktop) Malware browsers protect us from web threats? Browser Phishing exploita- tion kits Threats Malverti- Profiling sing /tracking Watering hole attacks

  8. Protection from web threats? • Popular controls absent from mobile browsers (September 2013) Control • Multiple usability issues in the GUI Availability • Blacklist unavailable on mobile browsers or ineffective (July 2014) • Blacklist ineffective (December 2016 & June 2018) Blacklists • Artefacts can be recovered after a private session (April 2016) Private browsing • November 2017 & May 2018 • New tracking vectors Tracking

  9. Protection from web threats? • Popular controls absent from mobile browsers (September 2013) Control • Multiple usability issues in the GUI Availability • Blacklist unavailable on mobile browsers or ineffective (July 2014) • Blacklist ineffective (December 2016 & June 2018) Blacklists • Artefacts can be recovered after a private session (April 2016) Private browsing • November 2017 & May 2018 • New tracking vectors Tracking

  10. Protection from web threats? • Popular controls absent from mobile browsers (September 2013) Control • Multiple usability issues in the GUI Availability • Blacklist unavailable on mobile browsers or ineffective (July 2014) • Blacklist ineffective (December 2016 & June 2018) Blacklists • Artefacts can be recovered after a private session (April 2016) Private browsing • November 2017 & May 2018 • New tracking vectors Tracking

  11. Protection from web threats? • Popular controls absent from mobile browsers (September 2013) Control • Multiple usability issues in the GUI Availability • Blacklist unavailable on mobile browsers or ineffective (July 2014) • Blacklist ineffective (December 2016 & June 2018) Blacklists • Artefacts can be recovered after a private session (April 2016) Private browsing • November 2017 & May 2018 • New tracking vectors Tracking

  12. Tracking • Web tracking is not new – Madrigal. I'm Being Followed: How Google — and 104 Other Companies — Are Tracking Me on the Web, link • Today?

  13. Tracking

  14. Tracking • Client-side tracking is not new – Madrigal. I'm Being Followed: How Google — and 104 Other Companies — Are Tracking Me on the Web, link • Different tracking vectors – Cookies, Flash cookies, Silverlight, … – HTML 5.0 storage

  15. HTML 5.0 client-side technologies • Focus – Web Storage, Web SQL Database, Indexed Database API • Have not received the same level of attention – Infrequent use or no use as tracking vector – Should be treated as cookies

  16. Used for tracking? 1. Frequency of their use? 2. How often used for tracking?

  17. Methodology Tracking Blacklists Static Analysis HTTP Google BigQuery Archive

  18. Methodology: Architecture

  19. Frequency of use APIs often found as 3 rd party subresource ( N =460K)

  20. Tracking? Tracking is their main use case

  21. Pervasiveness? High percentage of websites containing at least one tracking subresource ( N =460K)

  22. Browser Protection • Can I erase them like cookies? – Tested all popular desktop and mobile browsers – Windows, Mac OS – Android, iOS, Windows Phone

  23. Methodology https://github.com/stefano-belloro/storage-watcher

  24. Clearing browsing data might not be enough 1. Data from these APIs might not be removed 2. Extra step in the GUI is required

  26. Private session might not be enough 1. Data persists after closing private mode or guest mode 2. Data from a private session leaked to normal session

  28. Submitted bugs… • Most of the bugs that we found have been patched  – Users might not update their OS or app  • Newer versions of the browser introduce other bugs  – Noticed this in our experiments – Bugs appear and disappear in newer versions! 

  29. Demo Android 8 • Firefox 63.0.2 • Opera 48.2

  30. More info Belloro, S., & Mylonas, A. (2018). I know what you did last summer: New persistent tracking mechanisms in the wild. IEEE Access , 6 , 52779-52792. Link (open access)

  31. Questions Now! Later: • Alexios Mylonas, amylonas@bournemouth.ac.uk, alexios.mylonas@gmail.com • Steafano Belloro, stefano.belloro@gmail.com

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

I Know What You Did Last Summer: New Persistent Tracking Mechanisms in the Wild STEFANO BELLORO 1

I Know What You Did Last Summer: New Persistent Tracking Mechanisms in the Wild STEFANO BELLORO 1

Received July 1, 2018, accepted August 5, 2018, date of publication September 10, 2018, date of current version October 12, 2018. Digital Object Identifier 10.1 109/ACCESS.2018.2869251 I Know What You Did Last Summer: New Persistent Tracking

509 views • 14 slides
Tracking the Provision of Specialized Instruction Procedures for Children Under Age 6 Summer

Tracking the Provision of Specialized Instruction Procedures for Children Under Age 6 Summer

Tracking the Provision of Specialized Instruction Procedures for Children Under Age 6 Summer 2019 | Division of Systems and Supports, K-12 Agenda C-to-B Transition Requirements Overview Tracking the First Provision of Specialized

558 views • 31 slides
Online Learning for Tracking Robert Collins July 25, 2009 VLPR Summer School. Beijing, China.

Online Learning for Tracking Robert Collins July 25, 2009 VLPR Summer School. Beijing, China.

Online Learning for Tracking Robert Collins July 25, 2009 VLPR Summer School. Beijing, China. We Are... Penn State Lab for Perception, Action and Cognition SU-VLPR09, Beijing Collins, PSU 2 What is Tracking? typical idea: tracking a

1.26k views • 123 slides
Tracking 2 Basic Principles of Detectors Jochen Kaminski University of Bonn BND summer

Tracking 2 Basic Principles of Detectors Jochen Kaminski University of Bonn BND summer

Tracking 2 Basic Principles of Detectors Jochen Kaminski University of Bonn BND summer school Callantsoog, Netherlands 4.-6.9.2017 Overview Course Lecture 1: Tracking - Basics and Reconstruction Lecture 2: Basic Principle of

1.18k views • 54 slides
Distributed Shared Persistent Memory (SoCC 17) Yizhou Shan, Yiying Zhang Persistent Memory

Distributed Shared Persistent Memory (SoCC 17) Yizhou Shan, Yiying Zhang Persistent Memory

Distributed Shared Persistent Memory (SoCC 17) Yizhou Shan, Yiying Zhang Persistent Memory (PM/NVM) CPU Byte Addressable Persistent Cache Low Latency Capacity Cost effective PM DRAM 2 Many PM Work, but All in Single Machine

712 views • 33 slides
A glimpse at visual tracking Patrick Prez ENS-INRIA VRML Summer School ENS Paris, July 2013

A glimpse at visual tracking Patrick Prez ENS-INRIA VRML Summer School ENS Paris, July 2013

A glimpse at visual tracking Patrick Prez ENS-INRIA VRML Summer School ENS Paris, July 2013 https://research.technicolor.com/~PatrickPerez Outline Introduction What and why? Formalization Probabilistic filtering Main

1.21k views • 67 slides
The Persistent Effects of Perus Mining Mita by Melissa Dell, Econometrica (2010)

The Persistent Effects of Perus Mining Mita by Melissa Dell, Econometrica (2010)

Introduction and Motivation Historical Background Data and Estimation Method Results Conclusion and Discussion The Persistent Effects of Perus Mining Mita by Melissa Dell, Econometrica (2010) Microeconometrics, Summer Semester 2017

1.23k views • 63 slides
Assessment of sinoatrial node function at patients with persistent and long-standing persistent

Assessment of sinoatrial node function at patients with persistent and long-standing persistent

Assessment of sinoatrial node function at patients with persistent and long-standing persistent forms of atrial fibrillation after Maze III procedure combined with a mitral valve operation A.A. Kulikov, L.A. Bokeria Bakoulev Scientific Center

267 views • 12 slides
UDRC Summer School 2019 Day 2 - Sensing and Tracking David Cormack*, Mengwei Sun, James R.

UDRC Summer School 2019 Day 2 - Sensing and Tracking David Cormack*, Mengwei Sun, James R.

UDRC Summer School 2019 Day 2 - Sensing and Tracking David Cormack*, Mengwei Sun, James R. Hopgood * drc9@hw.ac.uk University of Edinburgh 25 th June 2019 David Cormack, Mengwei Sun, James R. Hopgood Day 2 - Sensing and Tracking 1 / 96

2.17k views • 162 slides
Hardware Support for ACID Transactions in Persistent Memory Arpit Joshi , Vijay Nagarajan, Marcelo

Hardware Support for ACID Transactions in Persistent Memory Arpit Joshi , Vijay Nagarajan, Marcelo

Hardware Support for ACID Transactions in Persistent Memory Arpit Joshi , Vijay Nagarajan, Marcelo Cintra, Stratis Viglas NVMW 2019 Persistent Memory Systems L1 L1 LLC Persistent Memory 2 Persistent Memory Systems L1 L1 Persistent

1.1k views • 70 slides
1 CtoB Transition Overview Under the Individuals with Disabilities Education Act (IDEA),

1 CtoB Transition Overview Under the Individuals with Disabilities Education Act (IDEA),

Tracking the Provision of Specialized Instruction Procedures for Children Under Age 6 Summer 2019 | Division of Systems and Supports, K12 Agenda CtoB Transition Requirements Overview Tracking the First Provision of Specialized

498 views • 11 slides
Logging in Persistent Memory: to Cache, or Not to Cache? Mengjie Li, Matheus Ogleari , Jishen Zhao

Logging in Persistent Memory: to Cache, or Not to Cache? Mengjie Li, Matheus Ogleari , Jishen Zhao

Logging in Persistent Memory: to Cache, or Not to Cache? Mengjie Li, Matheus Ogleari , Jishen Zhao Persistent Memory STT-RAM, PCM, Memory CPU CPU ReRAM, NVDIMM, Battery-backed Load/store DRAM NVRAM DRAM, etc. Not persistent Persistent

308 views • 20 slides
Tracking by learning Arnold W.M. Smeulders Tracking Online tracking is to determine the location

Tracking by learning Arnold W.M. Smeulders Tracking Online tracking is to determine the location

Tracking by learning Arnold W.M. Smeulders Tracking Online tracking is to determine the location of one target in video starting from a bounding box in the first frame. When conceived as an instant learning problem, the task is to discriminate

651 views • 39 slides
Persistent Handles: approaches Ralph Bhme, Samba Team, SerNet 2018-06-08 Outline Persistent

Persistent Handles: approaches Ralph Bhme, Samba Team, SerNet 2018-06-08 Outline Persistent

Persistent Handles: approaches Ralph Bhme, Samba Team, SerNet 2018-06-08 Outline Persistent Handles: Recap Persistent Handles: Samba dbwrap approach ctdb approach Persistent Handles: implementation (with dbwrap) VFS approach Outlook The

586 views • 43 slides
Persistent Bioperl Persistent Bioperl BOSC 2003 Hilmar Lapp Genomics Institute Of The Novartis

Persistent Bioperl Persistent Bioperl BOSC 2003 Hilmar Lapp Genomics Institute Of The Novartis

Persistent Bioperl Persistent Bioperl BOSC 2003 Hilmar Lapp Genomics Institute Of The Novartis Research Foundation San Diego, USA Acknowledgements Acknowledgements Bio* contributors and core developers Aaron, Ewan, ThomasD, Matthew,

534 views • 30 slides
Tracking Articulated Objects Alexander (Sasha) Lambert CS7495 Fall 2014 Tracking From Depth

Tracking Articulated Objects Alexander (Sasha) Lambert CS7495 Fall 2014 Tracking From Depth

Tracking Articulated Objects Alexander (Sasha) Lambert CS7495 Fall 2014 Tracking From Depth Infra-red point-clouds (structured light) Affordable sensors (Primesense) Large body of work on people-tracking Complex tracking

409 views • 23 slides
Kleopatra 2 Certificate Manager Universal Crypto GUI akademy 2008 Marc Mutz (presentation)

Kleopatra 2 Certificate Manager Universal Crypto GUI akademy 2008 Marc Mutz (presentation)

Kleopatra 2 Certificate Manager Universal Crypto GUI akademy 2008 Marc Mutz (presentation) Thomas Moenicke (artwork) Outline Kleopatra History Three Dimensions of Universality Kleopatra 2.0 for the Developer Outlook Kleopatra

457 views • 14 slides
ENGR/CS 101 CS Session Lecture 4 Log into Windows/ACENET (reboot if in Linux) Start

ENGR/CS 101 CS Session Lecture 4 Log into Windows/ACENET (reboot if in Linux) Start

ENGR/CS 101 CS Session Lecture 4 Log into Windows/ACENET (reboot if in Linux) Start Microsoft Visual Studio 2010 Any questions about exercise from last time? Lecture 4 ENGR/CS 101 Computer Science Session 1 Outline Problem: Use

1.02k views • 25 slides
How the Session Works Outline Getting Started Practical on arrival Log-on Talk 1

How the Session Works Outline Getting Started Practical on arrival Log-on Talk 1

T eaching L ondon C omputing A Level Computer Science Programming GUI in Python William Marsh School of Electronic Engineering and Computer Science Queen Mary University of London How the Session Works Outline Getting Started Practical on

660 views • 25 slides
with Search-Based Recommendation 1 Motivation Architectural refactoring for solving technical

with Search-Based Recommendation 1 Motivation Architectural refactoring for solving technical

Interactive and Guided Architectural Refactoring with Search-Based Recommendation 1 Motivation Architectural refactoring for solving technical debts An ideal design in mind A solution consisting of lots of low-level refactorings

672 views • 42 slides
Storage Management in INDIGO Paul Millar paul.millar@desy.de with contributions from Marcus

Storage Management in INDIGO Paul Millar paul.millar@desy.de with contributions from Marcus

Storage Management in INDIGO Paul Millar paul.millar@desy.de with contributions from Marcus Hardt, Patrick Fuhrmann, ukasz Dutka, Giacinto Donvito. INDIGO-DataCloud: cheat sheet A Horizon-2020 project Approved: January 2015; Started:

805 views • 22 slides
WUGS-20 Graphical Monitor Wei Deng Applied Research Laboratory Washington University, St. Louis

WUGS-20 Graphical Monitor Wei Deng Applied Research Laboratory Washington University, St. Louis

WUGS-20 Graphical Monitor Wei Deng Applied Research Laboratory Washington University, St. Louis wdeng@arl.wustl.edu Washington 1 WASHINGTON UNIVERSITY IN ST LOUIS Introduction Course project of CS577 Software project: Visualize

408 views • 9 slides
Gulliver Project - Distributed Active Measurement with Remote Management System - Yuji Sekiya

Gulliver Project - Distributed Active Measurement with Remote Management System - Yuji Sekiya

Gulliver Project - Distributed Active Measurement with Remote Management System - Yuji Sekiya Yohei Kuga Kenjiro Cho Project Goal Distributed Active Measurement All over the world, more than 50 boxes Using small BOX, not PC Low

403 views • 8 slides
Mental Health & Mental Illness in Cycling Karen Cogan, Ph. D. USOPC Senior Sport Psychologist

Mental Health & Mental Illness in Cycling Karen Cogan, Ph. D. USOPC Senior Sport Psychologist

Mental Health & Mental Illness in Cycling Karen Cogan, Ph. D. USOPC Senior Sport Psychologist Disclosures Recent Headlines Does elite cycling have a problem with mental health? 6 Pro Cyclists Open Up About Their Struggles

841 views • 49 slides

More recommend