1 / 28

Surveying The Landscape of Threats Facing Users In The Social Web

Surveying The Landscape of Threats Facing Users In The Social Web. Steve Webb, Ph.D. Emory Guest Lecture April 16, 2009. Introduction. The World Wide Web is evolving into a “social Web” World’s top Web destinations are now dominated by social environments. Introduction (cont.).

rhian
Download Presentation

Surveying The Landscape of Threats Facing Users In The Social Web

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Surveying The Landscape of Threats Facing Users In The Social Web Steve Webb, Ph.D. Emory Guest Lecture April 16, 2009

  2. Introduction • The World Wide Web is evolving into a “social Web” • World’s top Web destinations are now dominated by social environments

  3. Introduction (cont.) • New and exciting ways to connect with others • Wildly popular • 200 million active Facebook users • 100 million YouTube videos • 1.5 million SecondLife residents

  4. Introduction (cont.) • And as always... attackers love crashing big parties • Threat categories • Traditional Attacks • Socially Enhanced Attacks • Social Web-specific Attacks • Let’s take a closer look…

  5. Traditional Attacks • Social environment characteristics • Large and very distributed • Numerous communication mechanisms • Relatively naïve user bases • That seems like a paradise for attackers…

  6. Malware Propagation • Worms • Samy • Mikeyy • Spyware • Ad networks • Rogue apps • Adware • Zango

  7. Spam • Comment spam • Bulletin spam • Message spam

  8. Phishing • Fraudulent login display • Grants access to resources outside of the community • Compromised accounts used to launch additional attacks

  9. Research Challenges • Same problems… new and more challenging environment • More information available… but it’s a double-edged sword

  10. Research Challenges • How can we adapt existing techniques to these environments? • What new approaches are necessary?

  11. Socially Enhanced Attacks • Obviously, social environments are vulnerable to traditional attacks • But that’s just the beginning…

  12. Socially Enhanced Attacks (cont.) • Key barrier for attackers has been private information • Generic attacks against the masses

  13. Socially Enhanced Attacks (cont.) • What if attackers knew private information about their victims? • Oh, wait! Isn’t that what social environments provide?!?!

  14. What’s The Big Deal? Name, Age, Gender, and Location Friends Relationship Status Interests and Favorite Things Education/Employment History Etc., Etc., Etc.

  15. Socially Enhanced Attacks (cont.) ORIGINAL From: Bellusci Thresa <mehhplus_1986@bloominboomers.com> Subject: Jessica Alba's hot scene If your powder is damped and gun can't fire: We know the spark you need! http://yqazqvot.com/

  16. Socially Enhanced Attacks (cont.) SOCIALLY ENHANCED From: Li Xiong <lxiong@mathcs.emory.edu> Subject: Jessica Alba's hot scene Steve, Check out this link: http://yqazqvot.com/ -Li

  17. Socially Enhanced Attacks (cont.) • Scary, right?! • Not isolated to spam • Malware propagation and phishing attacks benefit too

  18. Socially Enhanced Attacks (cont.)

  19. Socially Enhanced Attacks (cont.) SOCIALLY ENHANCED From: Li Xiong <lxiong@mathcs.emory.edu> Subject: Check out this auction… Steve, I think you might like this Kevin Smith auction… http://url.com/ -Li

  20. Research Challenges • How can we protect users without killing the fun of these environments? • How do you identify a needle in a stack of needles?

  21. Social Web-specific Attacks • Phishing revisited • Questionably more dangerous than “old school phishing” • Creates a new set of problems…

  22. Social Identity Theft • “Bryan NEEDS HELP URGENTLY!!!” • Twitter fail

  23. Fake Profiles • “Fakesters” • Impersonators • Thin line between fun and slander

  24. Fake Profiles (cont.) • The next generation of spam • The next generation of malware propagation

  25. Research Questions • How do we collect examples of these new attacks? • Social Honeypots (CEAS 2008) • More importantly, how do we protect users…

  26. Purewire Trust Demo http://www.purewiretrust.org

  27. Questions

More Related