Vision: What the hack is going on? A first look at how website owners became aware that their website was hacked

Anne Hennig, Nhu Thi Thanh Vuong, Peter Mayer

Research output: Chapter in Book/Report/Conference proceedingArticle in proceedingsResearchpeer-review

Abstract

Websites are an essential part of today's business activities. Content Management Systems (CMS) are known for the fact that even laypersons can create good-looking websites with simple means and without huge costs. But if websites are not maintained regularly, they are prone to vulnerabilities. Such vulnerabilities can be abused, e.g., for third party redirects. Informing website owner about this type of attack is challenging. To gain more information about how website owners are informed about vulnerabilities on their websites, we invited 156 website owners to participate in an online survey. We asked those who had fixed the third party redirect before we could inform them, how they became aware of the attack. The participants could choose to answer the questionnaire via a link to an online platform, or to send their answers back to us via e-mail. Only 11 people answered our questionnaire, and only four people were already aware of the attack before our invitation e-mail. Based on these four answers, we assumed that we can confirm previous research with respect to the design of a vulnerability notification. Nevertheless, it would be interesting to see if - with a bigger sample - we can also confirm our findings that a) online surveys, even if they can only be accessed by clicking an unknown link, are preferred over responding via e-mail, b) the number of responses can be increased by sending out several reminder, and c) a sender attributed with higher authority increases the response rate. Furthermore, we suggest that future research on vulnerability notifications questions the use of the term trustworthiness, and examines whether recipients distinguish between credibility and trustworthiness of notifications when remediating attacks.

Original languageEnglish
Title of host publicationProceedings of the 2023 European Symposium on Usable Security
PublisherAssociation for Computing Machinery
Publication date16. Oct 2023
Pages312-317
ISBN (Electronic)9798400708145
DOIs
Publication statusPublished - 16. Oct 2023
Event2023 European Symposium on Usable Security, EuroUSEC 2023 - Copenhagen, Denmark
Duration: 16. Oct 202317. Oct 2023

Conference

Conference2023 European Symposium on Usable Security, EuroUSEC 2023
Country/TerritoryDenmark
CityCopenhagen
Period16/10/202317/10/2023
SponsorKASTEL
SeriesACM International Conference Proceeding Series

Keywords

  • credibility vs trustworthiness
  • online survey
  • vulnerability notification
  • website hacking

Fingerprint

Dive into the research topics of 'Vision: What the hack is going on? A first look at how website owners became aware that their website was hacked'. Together they form a unique fingerprint.

Cite this