English
Related papers

Related papers: Revisiting Security Vulnerabilities in Commercial …

200 papers

Threats to passwords are still very relevant due to attacks like phishing or credential stuffing. One way to solve this problem is to remove passwords completely. User studies on passwordless FIDO2 authentication using security tokens…

Cryptography and Security · Computer Science 2021-05-27 Johannes Kunke , Stephan Wiefling , Markus Ullmann , Luigi Lo Iacono

The amount of personal information unwillingly exposed by users on online social networks is staggering, as shown in recent research. Moreover, recent reports indicate that these networks are infested with tens of millions of fake users…

Social and Information Networks · Computer Science 2013-03-18 Michael Fire , Dima Kagan , Aviad Elyashar , Yuval Elovici

Despite numerous countermeasures proposed by practitioners and researchers, remote control-flow alteration of programs with memory-safety vulnerabilities continues to be a realistic threat. Guaranteeing that complex software is completely…

Cryptography and Security · Computer Science 2017-02-20 Martín Ochoa , Sebastian Banescu , Cynthia Disenfeld , Gilles Barthe , Vijay Ganesh

Passwords are widely used for user authentication and, despite their weaknesses, will likely remain in use in the foreseeable future. Human-generated passwords typically have a rich structure, which makes them susceptible to guessing…

Cryptography and Security · Computer Science 2013-04-25 Claude Castelluccia , Abdelberi Chaabane , Markus Dürmuth , Daniele Perito

The increasing frequency of attacks on Android applications coupled with the recent popularity of large language models (LLMs) necessitates a comprehensive understanding of the capabilities of the latter in identifying potential…

Cryptography and Security · Computer Science 2025-03-18 Vasileios Kouliaridis , Georgios Karopoulos , Georgios Kambourakis

We present a large-scale characterization of attacker activity across 111 real-world enterprise organizations. We develop a novel forensic technique for distinguishing between attacker activity and benign activity in compromised enterprise…

Cryptography and Security · Computer Science 2020-07-29 Neil Shah , Grant Ho , Marco Schweighauser , M. H. Afifi , Asaf Cidon , David Wagner

The choice of password composition policy to enforce on a password-protected system represents a critical security decision, and has been shown to significantly affect the vulnerability of user-chosen passwords to guessing attacks. In…

Cryptography and Security · Computer Science 2024-03-18 Saul Johnson , João F. Ferreira , Alexandra Mendes , Julien Cordry

Accurately assessing software vulnerabilities is essential for effective prioritization and remediation. While various scoring systems exist to support this task, their differing goals, methodologies and outputs often lead to inconsistent…

Cryptography and Security · Computer Science 2025-08-20 Viktoria Koscinski , Mark Nelson , Ahmet Okutan , Robert Falso , Mehdi Mirakhorli

Software vulnerabilities can have serious consequences, which is why many techniques have been proposed to defend against them. Among these, vulnerability detection techniques are a major area of focus. However, there is a lack of a…

Software Engineering · Computer Science 2023-03-30 Yingzhou Bi , Jiangtao Huang , Penghui Liu , Lianmei Wang

We present a framework by which websites can coordinate to make it difficult for users to set similar passwords at these websites, in an effort to break the culture of password reuse on the web today. Though the design of such a framework…

Cryptography and Security · Computer Science 2021-03-05 Ke Coby Wang , Michael K. Reiter

Nowadays, advanced security mechanisms exist to protect data, systems, and networks. Most of these mechanisms are effective, and security experts can handle them to achieve a sufficient level of security for any given system. However, most…

Cryptography and Security · Computer Science 2015-06-24 Hans-Joachim Hof

Mobile banking apps, belonging to the most security-critical app category, render massive and dynamic transactions susceptible to security risks. Given huge potential financial loss caused by vulnerabilities, existing research lacks a…

Cryptography and Security · Computer Science 2020-02-19 Sen Chen , Lingling Fan , Guozhu Meng , Ting Su , Minhui Xue , Yinxing Xue , Yang Liu , Lihua Xu

Serverless computing has rapidly emerged as a prominent cloud paradigm, enabling developers to focus solely on application logic without the burden of managing servers or underlying infrastructure. Public serverless repositories have become…

Cryptography and Security · Computer Science 2025-10-21 Eduard Marin , Jinwoo Kim , Alessio Pavoni , Mauro Conti , Roberto Di Pietro

Among the various means of available resource protection including biometrics, password based system is most simple, user friendly, cost effective and commonly used. But this method having high sensitivity with attacks. Most of the advanced…

Cryptography and Security · Computer Science 2009-10-13 Manoj Kumar Singh

In an algorithmic complexity attack, a malicious party takes advantage of the worst-case behavior of an algorithm to cause denial-of-service. A prominent algorithmic complexity attack is regular expression denial-of-service (ReDoS), in…

Cryptography and Security · Computer Science 2017-01-17 Valentin Wüstholz , Oswaldo Olivo , Marijn J. H. Heule , Isil Dillig

As a fundamental communicative service, email is playing an important role in both individual and corporate communications, which also makes it one of the most frequently attack vectors. An email's authenticity is based on an authentication…

Cryptography and Security · Computer Science 2022-04-15 Kaiwen Shen , Chuhan Wang , Minglei Guo , Xiaofeng Zheng , Chaoyi Lu , Baojun Liu , Yuxuan Zhao , Shuang Hao , Haixin Duan , Qingfeng Pan , Min Yang

Phishing in mobile applications is a relevant threat with successful attacks reported in the wild. In such attacks, malicious mobile applications masquerade as legitimate ones to steal user credentials. In this paper we categorize…

Cryptography and Security · Computer Science 2015-02-25 Claudio Marforio , Ramya Jayaram Masti , Claudio Soriente , Kari Kostiainen , Srdjan Capkun

We introduce password strength information signaling as a novel, yet counter-intuitive, defense mechanism against password cracking attacks. Recent breaches have exposed billions of user passwords to the dangerous threat of offline password…

Cryptography and Security · Computer Science 2021-08-17 Wenjie Bai , Jeremiah Blocki , Ben Harsha

We present the first large-scale characterization of lateral phishing attacks, based on a dataset of 113 million employee-sent emails from 92 enterprise organizations. In a lateral phishing attack, adversaries leverage a compromised…

Cryptography and Security · Computer Science 2019-10-03 Grant Ho , Asaf Cidon , Lior Gavish , Marco Schweighauser , Vern Paxson , Stefan Savage , Geoffrey M. Voelker , David Wagner

This paper presents a measurement study of information leakage and SSL vulnerabilities in popular Android apps. We perform static and dynamic analysis on 100 apps, downloaded at least 10M times, that request full network access. Our…

Cryptography and Security · Computer Science 2015-05-05 Lucky Onwuzurike , Emiliano De Cristofaro