About Dimitris Mitropoulos

Dimitris Mitropoulos is the Security Officer of the Greek Research and Technology Network (GRNET) and a Researcher at the Athens University of Economics and Business. Dimitris holds a PhD in Computer Security from the Athens University of Economics and Business, and has been a Postdoctoral Researcher at the Network Security Laboratory (NSL) of Columbia University in the City of New York. He has worked in the industry as a Software Engineer and has been involved in several EU and US funded R&D projects. His research interests include application and system security, applied cryptography and software engineering. He is a member of ACM, IEEE, OWASP and SysSec.

Querying Hacking Incidents with Style (Python)

Posted on March 27, 2014 by Dimitris Mitropoulos

Some months ago I attended a presentation where one of my colleagues, Panos, showed how he used Python to process data in a meaningful way. In particular, he showed how he extracted some interesting findings from a .csv file coming from the Boston Mayor’s 24 Hour Constituent Service web site. Such findings involved incidents that were still open by then, how many incidents were closed in a justifiable amount of time and others. Continue reading →

Using Search Engines to Uncover Sensitive Data on the Web

Posted on February 4, 2014 by Dimitris Mitropoulos

Search engines are powerful tools that can really help you with your work. Apart from finding useful resources and interesting articles, a search engine can be used for other practical purposes. Specifically, if you don’t know which word to use exactly in the phrase you are writing down, or if you do not remember how to spell it, you can use a search engine to find an answer. You can also search for specific terms within a web page and make sure if they exist or not. Continue reading →

How to Hack a Sketchy e-voting System

Posted on December 22, 2013 by Dimitris Mitropoulos

The quintessence of an e-voting transaction is to be secure. In the e-voting context, security issues are very subtle. This is because there are features that clash with each other. For example, guaranteeing anonymity makes it harder to track election fraud. In addition, security in e-voting is highly related to the type of the technology used during the process. In distance e-voting, the voter can cast his vote from his personal computer by sending it to a central server via the Internet. The electronic, network-based nature of the latter makes it susceptible to a wide range of attacks. Continue reading →

Security Bugs in Large Software Ecosystems

Posted on July 5, 2013 by Dimitris Mitropoulos

In a previous blog post, I discussed about the occurrence of security bugs through software evolution. In this post we will examine their existence in a large software ecosystem. To achieve this, together with four other colleagues (Vasilios Karakoidas, Georgios Gousios, Panos Louridas and Diomidis Spinellis) we used the FindBugs static analysis tool, to analyze all the projects that exist in the Maven central repository (approximately 260GB of interdependent project versions).

Continue reading →

Fatal Injection: The Client’s Side

Posted on February 28, 2013 by Dimitris Mitropoulos

In a previous blog post I discussed about a critical class of web attacks known as code injection attacks. In particular, I presented a subset of such attacks where target entities exist on the server. Here we will talk about the emerging subset of dynamic code injection attacks, which, except for server-side entities, threaten network-oriented applications hosted in a client machine, such as the browser and messaging applications.