370 likes | 467 Views
Social Network Are We Secure Enough?. By Arwa Binsaleh. Outline. OSN overview Threats and attacks Solutions and advises Conclusion: are we secure enough ?. Online Social Networking (OSN). Enable people to connect with each other, share information
E N D
Social NetworkAre We Secure Enough? By Arwa Binsaleh
Outline • OSN overview • Threats and attacks • Solutions and advises • Conclusion: are we secure enough?
Online Social Networking (OSN) • Enable people to connect with each other, share information • Common friends, interests, personal info • Post photos, videos, etc. for others to see • Communicate via email, instant message, etc.
OSN Types • Facebook & MySpace – free access social networking websites • Twitter – “micro” blog – 140 characters or less • YouTube – Video Sharing Sites • Blog – shared on-line journal
OSN Popularity • Over 900 million Facebook users worldwide • Over 140 million Twitter users • Over 175 million LinkedIn members in over 200 countries* *Source: Canadian social media survey, 2009
Which Social Network Do You Think Poses The Biggest Risk To Security?** **Source: Sophos 2010 Security Threat Report
Threats and Attacks • OSN Variants of Traditional Network and Information Security Threats • Identity Related Threats • Privacy Related Threats • Social Threats
OSN Variants of Traditional Network and Information Security Threats
Trojans • Social networks have become a great vector for Trojans -- "click here" and you get: * Zeus -- a potent and popular banking Trojan in social networks in 2009 * URL Zone -- calculates the value of the victim's accounts
Malware • Spread viruses and Trojan horses • Ex: a malicious link prompt a file download to view a news article or video • If a user complies, malware installs on his device and quickly spreads throughout network • Best-known example: Koobface
URL Shortening • Due to the small space allotted by the network sites, third-party services such as: http://tinyurl.com/or http://bit.ly/will “encode” the URL into a much shorter version Risks: • URL really does not tell you the true destination of the link • May contain drive-by malware
OSN 3rd Party Applications • Games, quizzes, “cute” stuff • Untested by Facebook – anyone can write one... • No Terms and Conditions – either allow or deny • Installation gives developers rights to look at your profile and overrides your privacy settings!
Profile Squatting Through Identity Theft • vulnerabilities: A malicious attacker can create a fake profile to a person causing all sorts of problems for the victim • Risks: a significant damage to the reputation of a person which may in turn lead to the financial and social embarrassment
Phishing Attacks • Gain sensitive information such as usernames, passwords, and credit card details by posing as a trustworthy entity • After they gather a large number of friends by using a fake OSN profile, they send a link to this Phishing site
Data leakage • Share too much about the organization’s sensitive information • Spouses over-share how much their partner is working late on top-secret project • Risks: embarrassing, damaging and legal
OSN Information Privacy • Information posted on OSNs is generally public • Unless you set privacy settings appropriately • “I’ll be on vacation” post plus geolocation invites burglars, i.e., “Please Rob Me” • The dangers of posting Credit Cards, IDs on OSNs
Geo-tagging • process of adding geographical identification metadata to various media such as photographs, video, or websites • Ex: Facebook • Risks: can give someone intent on causing you harm the opportunity to know your exact location
Stalking • The ability for malicious users to figure out where a target is physically is very dangerous • Risks: it opens up opportunities for burglary, assault and kidnapping
Cyber Bullying & Harassment • Cyber bullying can range from embarrassing or cruel online posts or digital pictures, to online threats, harassment, and negative comments, to stalking through emails, websites, and social networks
“Do’s” • Use strong, unique passwords • Provide minimal personal information: avoid entering birthdate, address, etc. • Review privacy settings, set them to “maximum privacy” “Friends of friends” includes far more people than “friends only” • Be wary of 3rd party apps, ads, etc. • Use browser security tools for protection: Anti-phishing filters (IE, Firefox) • Supervise children’s OSN activity
“Don’ts” • Don’t: Discuss Details • Never post anything you would not tell directly to the enemy • Never post private or personal information • Assume the information you share will be made public • Details make you vulnerable
Conclusion • No, we are not secured enough! • Social networking sites can be valuable and useful tools • However, these sites have security risks that can put the individual or a company in a compromising position or at serious risk
References [1] Al Hasib, Abdullah. "Threats of online social networks." IJCSNS International Journal of Computer Science and Network Security 9.11 (2009): 288-93. [2] Ghari, Wajeb, and MahaShaabi. "Cyber Threats In Social Networking Websites." International Journal 3. [3] Internet Social Networking Risks by FBI on https://www.fbi.gov/about-us/investigate/counterintelligence/internet-social-networking-risks [4] Rosenblum, David. "What anyone can know: The privacy risks of social networking sites.” Security & Privacy, IEEE 5.3 (2007): 40-49. [5] Shin, Dong-Hee. "The effects of trust, security and privacy in social networking: a security-based approach to understand the pattern of adoption." Interacting with Computers22.5 (2010): 428-438. [6] http://www.youtube.com/watch?v=ej7afkypUsc
The End Thank You!