1 / 42

Facebook Security and Privacy Issues

Facebook Security and Privacy Issues. Brian Allen Network Security Analyst Washington University December 2, 2010 Alumni House. Today’s Discussion Items. Social Networking Security and Privacy: Facebook photo settings Phishing examples Facebook and Computer Tips

azalia-kemp
Download Presentation

Facebook Security and Privacy Issues

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Facebook Security and Privacy Issues Brian Allen Network Security AnalystWashington University December 2, 2010 Alumni House

  2. Today’s Discussion Items • Social Networking Security and Privacy: • Facebookphoto settings • Phishing examples • Facebook and Computer Tips • Ursa Bear Observations • Highlighted Facebook Malware: • Koobface

  3. Twitter Phish 1 of 2

  4. Twitter Phish 2 of 2

  5. Facebook Options • Facebook User • Facebook Page • Facebook Group • Open: All content is public. • Closed: Limited public content. Members can see all content. • Secret: Members and content are private.

  6. Facebook Group Problems • Members can add friends. No confirmation is required by the person being added. • One of your “friends” could add you to the new, closed “Al-Qaeda lovers” group. • When Facebook group administrators step down, anyone else can take over. • For small groups, administrators can edit a group name or info, moderate discussion, and message group members.

  7. Social Network Policy • http://isc.sans.edu/diary.html?storyid=9733 • http://isc.sans.edu/diary.html?storyid=9826

  8. Link Security Tips • Use caution when clicking a link or opening an attachment, even if sent or posted by a friend. • If you have any doubt, get confirmation directly from the sender. • Be wary of messages that include attractive offers or urgent requests. • Watch out for links that require you to immediately provide a login and password. • Type the URL (for example, www.facebook.com) directly into your browser address bar.

  9. Browser Security Tips • Use Firefox as your regular browser and have it automatically update itself. • Firefox 3+ has Phishing and Malware Protection on by default to help keep you safe. • Use the Add Block Plus Firefox Addon. • Use the NoScript Firefox Addon(for diehard users only)

  10. Four OS Security Tips • Make sure the operating system has: • Update automatically • Up-to-date Anti-virus/Anti-spyware • Firewall turned on • All accounts have strong passwords

  11. Facebook Security • Facebook provides easy tools to help you: • Keep track of your activity • Keep track of your logins • Control the information you share • Prove your identity if you ever lose access to your account

  12. Facebook Security Tips

  13. Facebook Account Security

  14. Facebook Download Info

  15. Ursa Bear 1

  16. Ursa Bear 2

  17. Ursa Bear 3

  18. Ursa Bear 4

  19. Ursa Bear 5

  20. What To Do With A Scam • If you come across a scam, report it so that it can be taken down. • Facebook provides report links next to most pieces of content, as well as ways to report spam messages and emails. • You can also let the Network Security Office know about it.

  21. KoobfaceBotnet • Koobfacemade an estimated $2m since July 2009 • It makes money by selling scareware (fake anti-virus), doing click fraud and other scams. • Koobface targets Facebook and other sites. • 400,000+ bots; 20,000+ fake Facebook accounts • Tricks users to execute malware disguised as Flash updates needed to view shocking content. • The malware turns compromised PCs into zombie drones under the control of hackers. • http://www.theregister.co.uk/2010/11/15/koobface_take_down/

  22. Fake Anti-Virus Screen Shot

  23. KoobFaceBotnet • How it works in one example: • Koobface is a Russian based botnet • The threat arrives as a Facebook private message that contains a supposed link to a youtube video

  24. Don’t Click the LINK!

  25. Koobface Example Continued • Users who are tricked into clicking the link are redirected to other pages until they finally end up at a spoofed YouTube site called YuoTube

  26. Don’t Trust the “Adobe Flash Update”!

  27. How KoobFace works • It searches for social-networking-related cookies and connects to these using saved login sessions. • It then navigates through users’ pages to search for their friends. • It phones home to get the actual message that the worm will then spread to your friends. • McAfee says it is not unusual to see 10,000 Koobface variants in one month. • http://blogs.mcafee.com/mcafee-labs/malware-at-midyear-a-summary • TrendLabsconsiders Zeus and Koobface to be the most prolific malware families • http://us.trendmicro.com/imperia/md/content/us/trendwatch/researchandanalysis/tm101hthreat_report.pdf

  28. Koobface Targets MacOSX • A new version of Koobfaceattacks Mac OSX spreads through Facebook. • Security company Intego says this version uses a malicious Java applet to attack users. • http://krebsonsecurity.com/2010/10/koobface-worm-targets-java-on-mac-os-x/

  29. Facebook Survey Scam • A message is posted with an enticing link. • It appears to be posted by one of your friends.

  30. Facebook Survey Scam • Clicking the link takes you to a page which makes you "Like" the page before showing you the “SICK hidden message" from Toy Story 3.

  31. Facebook Survey Scam • The goal for this scam is to direct users to an online survey. • The survey is required if you want to view the Toy Story 3 content. • The scammers make money for the traffic they bring to the survey, and the survey-makers will benefit from collecting your data.

More Related