Online Dating - Just How Safe is Your Profile?

advertisement
Jonathan Grall
6.857 – Pset 3
02/16/2016
(solutions to individual problems)
Problem 3-1 – Project Ideas
Online Dating – Just How Safe is Your Profile?
If you’ve ever used Friendster, or the Facebook, or some of the more dating-specific web
services, you’ll notice that they are less than perfect. However, some of these services
have millions of members spending millions of dollars to use them. I would like to do
some ‘stress testing’ of various large commercial online dating sites that I suspect have
severe security holes in them. Particular attacks that I suspect will be possible are: session
hijacking, SQL injection and maybe even profile defacing. The goal of this project would
be to get an accurate picture of how good security is on a number of popular dating
websites, and find out what the most common faults are. At the end of the semester, we
would contact the sites concerned, to alert them to any vulnerabilities we find.
Apple’s Airport Express
Apple’s nifty little gadget Airport Express that shipped this summer allows you (among
other things) to wirelessly stream your music from iTunes on your Mac or PC to any
music or speaker system within range. The limitation here is one that seems rather
artificial - you can only stream music to your sound system, and only from within iTunes.
But what about if you want to play a video game or DVD movie and have the sound play
through your impressive speaker system, without having to change the wires around?
Currently this is impossible, partly because Apple has only written an Aiport Express
plugin for iTunes, and also because the source for this plugin is not publicly available,
making it hard for people to write their own. It appears that the media stream is actually
encoded in real time, buffered and then sent wirelessly to the Airport Express where it is
then decoded and played. Apple apparently has no plans to allow you to use the Airport
Express as a general audio device for your computer.
What is needed is to write a driver that could serve as the computer’s interface to a
“Wave Out” device (in this case the Airport Express), and which would provide an audio
output that you could switch to from any application. The only real difficulty is that you
would need to reverse engineer Apple’s encoding/encryption scheme so that you can
actually reproduce similar streams yourself without needing to know the keys or random
seeds that iTunes uses. Very little is written on the web about this particular issue, and
nobody seems to know the exact communication scheme used by Apple to send data to
the Aiport Express (except Apple themselves of course). I can’t see how the company
would object to us writing a plugin that makes their product even more useful, and that
doesn’t violate any copyright laws, and I think it sounds like a fun challenge.
Download