SOCIAL NETWORK SECURITY
-
Upload
marketingatbahrain -
Category
Business
-
view
1.038 -
download
0
description
Transcript of SOCIAL NETWORK SECURITY
![Page 1: SOCIAL NETWORK SECURITY](https://reader034.fdocuments.us/reader034/viewer/2022052619/5555e95dd8b42a8a5f8b47ce/html5/thumbnails/1.jpg)
DR. MOHAMMAD ALAA AL-HAMAMI DELMON UNIVERSITY FOR SCIENCE AND TECHNOLOGY
THE SECURITY AWARNESS OF SOCIAL NETWORKING SITES USAGE
![Page 2: SOCIAL NETWORK SECURITY](https://reader034.fdocuments.us/reader034/viewer/2022052619/5555e95dd8b42a8a5f8b47ce/html5/thumbnails/2.jpg)
INTRODUCTION
![Page 3: SOCIAL NETWORK SECURITY](https://reader034.fdocuments.us/reader034/viewer/2022052619/5555e95dd8b42a8a5f8b47ce/html5/thumbnails/3.jpg)
• Social networking sites enhance our
life, we can’t count the advantages that
we could get if we use them in a good
manner.
• But at the same time these sites could
be a main security threat if we don’t
have the awareness to use them in a
safety way.
INTRODUCTION
![Page 4: SOCIAL NETWORK SECURITY](https://reader034.fdocuments.us/reader034/viewer/2022052619/5555e95dd8b42a8a5f8b47ce/html5/thumbnails/4.jpg)
THE DANGER OF SOCIAL
NETWORKS
![Page 5: SOCIAL NETWORK SECURITY](https://reader034.fdocuments.us/reader034/viewer/2022052619/5555e95dd8b42a8a5f8b47ce/html5/thumbnails/5.jpg)
THE DANGER OF SOCIAL
NETWORKS
• Social networking sites can be: – A source of personal & business information leaks.
– A malware attack vector when not used carefully.
• Users trust their contacts to: – Not send bad links.
– Not trying to infect their computers.
– And take good care of their personal data.
• URL shorteners are a security concern and should be taken very seriously in social networks.
![Page 6: SOCIAL NETWORK SECURITY](https://reader034.fdocuments.us/reader034/viewer/2022052619/5555e95dd8b42a8a5f8b47ce/html5/thumbnails/6.jpg)
SOCIAL NETWORKS PROBLEMS
FROM A LEGAL POINT OF VIEW
![Page 7: SOCIAL NETWORK SECURITY](https://reader034.fdocuments.us/reader034/viewer/2022052619/5555e95dd8b42a8a5f8b47ce/html5/thumbnails/7.jpg)
SOCIAL NETWORKS PROBLEMS
FROM A LEGAL POINT OF VIEW
• Violation user’s data protection rights.
• Identity Fraud.
• Absence of uniform rule at the international
level.
![Page 8: SOCIAL NETWORK SECURITY](https://reader034.fdocuments.us/reader034/viewer/2022052619/5555e95dd8b42a8a5f8b47ce/html5/thumbnails/8.jpg)
WHAT COULD GO WRONG IN
SOCIAL NETWORKING SITES?
![Page 9: SOCIAL NETWORK SECURITY](https://reader034.fdocuments.us/reader034/viewer/2022052619/5555e95dd8b42a8a5f8b47ce/html5/thumbnails/9.jpg)
WHAT COULD GO WRONG?
• Your contact’s account is compromised and somebody else is using it.
• You added somebody to your network that you thought you knew but, in fact, you did not.
• You added somebody you thought was trustworthy but he/she turns out not to be.
• Insufficient use of privacy controls caused you to share data with people you never intended.
![Page 10: SOCIAL NETWORK SECURITY](https://reader034.fdocuments.us/reader034/viewer/2022052619/5555e95dd8b42a8a5f8b47ce/html5/thumbnails/10.jpg)
WHAT DATA THAT COULD BE
MINED IN SOCIAL NETWORKS?
![Page 11: SOCIAL NETWORK SECURITY](https://reader034.fdocuments.us/reader034/viewer/2022052619/5555e95dd8b42a8a5f8b47ce/html5/thumbnails/11.jpg)
Social networks contain a wealth of
information like:
![Page 12: SOCIAL NETWORK SECURITY](https://reader034.fdocuments.us/reader034/viewer/2022052619/5555e95dd8b42a8a5f8b47ce/html5/thumbnails/12.jpg)
DATA THAT COULD BE MINED IN
SOCIAL NETWORKS
• USER IDENTIFIERS AND ATTRIBUTES.
• CONTACT INFORMATION .
• WORK.
• EDUCATION.
• PERSONAL INFORMATION AND INTERESTS .
• CONNECTION AND USAGE INFORMATION .
![Page 13: SOCIAL NETWORK SECURITY](https://reader034.fdocuments.us/reader034/viewer/2022052619/5555e95dd8b42a8a5f8b47ce/html5/thumbnails/13.jpg)
These information
are treasure for
Attackers and
Criminals !
![Page 14: SOCIAL NETWORK SECURITY](https://reader034.fdocuments.us/reader034/viewer/2022052619/5555e95dd8b42a8a5f8b47ce/html5/thumbnails/14.jpg)
SO WHAT ATTACKERS WILL
DO WITH THE MINED DATA?
![Page 15: SOCIAL NETWORK SECURITY](https://reader034.fdocuments.us/reader034/viewer/2022052619/5555e95dd8b42a8a5f8b47ce/html5/thumbnails/15.jpg)
SO WHAT ATTACKERS WILL DO
WITH THE MINED DATA?
• Underground forums sell information:
– Your data can be mined and stored somewhere in the dark corners of the Internet waiting for a criminal to pay the right price for it.
– Criminals can use this information to obtain birth certificates/passports and other documents.
![Page 16: SOCIAL NETWORK SECURITY](https://reader034.fdocuments.us/reader034/viewer/2022052619/5555e95dd8b42a8a5f8b47ce/html5/thumbnails/16.jpg)
MOST IMPORTANT DATA
FOR ATTACKERS
![Page 17: SOCIAL NETWORK SECURITY](https://reader034.fdocuments.us/reader034/viewer/2022052619/5555e95dd8b42a8a5f8b47ce/html5/thumbnails/17.jpg)
MOST IMPORTANT DATA FOR
ATTACKERS
• Email addresses:
– Used for spam campaigns.
– Can be categorized to improve the impact of the campaign like age, country and other factors so that its market price is higher than just any normal email address.
– Can also be a great value for phishing campaigns.
![Page 18: SOCIAL NETWORK SECURITY](https://reader034.fdocuments.us/reader034/viewer/2022052619/5555e95dd8b42a8a5f8b47ce/html5/thumbnails/18.jpg)
• Real-life addresses:
– Often shared in social networking sites.
– They can be used to collect mailing databases
for advertising purposes in a similar way as
described above.
MOST IMPORTANT DATA FOR
ATTACKERS
![Page 19: SOCIAL NETWORK SECURITY](https://reader034.fdocuments.us/reader034/viewer/2022052619/5555e95dd8b42a8a5f8b47ce/html5/thumbnails/19.jpg)
• Date of birth:
– Used by different companies to confirm
people’s identities over the telephone.
– Criminals have tools to automate “date of birth”
searches in social networking sites.
MOST IMPORTANT DATA FOR
ATTACKERS
![Page 20: SOCIAL NETWORK SECURITY](https://reader034.fdocuments.us/reader034/viewer/2022052619/5555e95dd8b42a8a5f8b47ce/html5/thumbnails/20.jpg)
• Public Profile:
– A potential massive data-leak-age.
– Social networking search engines can search all available data about any name in a certain region.
– Public profile makes the lives of stalkers, fraudsters, or any other attackers much easier.
MOST IMPORTANT DATA FOR
ATTACKERS
![Page 21: SOCIAL NETWORK SECURITY](https://reader034.fdocuments.us/reader034/viewer/2022052619/5555e95dd8b42a8a5f8b47ce/html5/thumbnails/21.jpg)
PRIVACY IN A CONNECTED
WORLD: A STORY
![Page 22: SOCIAL NETWORK SECURITY](https://reader034.fdocuments.us/reader034/viewer/2022052619/5555e95dd8b42a8a5f8b47ce/html5/thumbnails/22.jpg)
PRIVACY IN A CONNECTED WORLD:
A STORY
• In July 2009, the wife of a high-level government executive in the UK published personal data in a social networking site.
• This had get a lot of attention: – Not for the confidentiality of the content,
– But for the lack of awareness about the accessibility of your online content.
– There is also another issue to play here, the fact that once you publish anything online, you will lose the control over it, people leech and republish it on places you do not even know !
![Page 23: SOCIAL NETWORK SECURITY](https://reader034.fdocuments.us/reader034/viewer/2022052619/5555e95dd8b42a8a5f8b47ce/html5/thumbnails/23.jpg)
HOW CAN ATTACKERS FOOL
SOCIAL NETWORKS USERS?
![Page 24: SOCIAL NETWORK SECURITY](https://reader034.fdocuments.us/reader034/viewer/2022052619/5555e95dd8b42a8a5f8b47ce/html5/thumbnails/24.jpg)
HOW CAN ATTACKERS FOOL SOCIAL
NETWORKS USERS?
• Creating a fake celebrity profile.
• Creating a duplicate of somebody’s profile.
• Creating a profile, adding themselves to a medium-sized group or community. Then joining a second group and starting again.
• Creating a female profile and publishing a pretty picture of “herself”.
![Page 25: SOCIAL NETWORK SECURITY](https://reader034.fdocuments.us/reader034/viewer/2022052619/5555e95dd8b42a8a5f8b47ce/html5/thumbnails/25.jpg)
WHY ATTACKERS SUCCESS IN FOOLING
SOCIAL NETWORKS USERS?
![Page 26: SOCIAL NETWORK SECURITY](https://reader034.fdocuments.us/reader034/viewer/2022052619/5555e95dd8b42a8a5f8b47ce/html5/thumbnails/26.jpg)
WHY ATTACKERS SUCCESS IN FOOLING
SOCIAL NETWORKS USERS?
- A lot of users don’t realize that:
- Their contact lists is a circle of trust.
- And by adding somebody they don’t know
they are opening their data to untrusted
parties.
- Some sites don’t have privacy controls in
place, or the ones they have do not protect
all user data.
![Page 27: SOCIAL NETWORK SECURITY](https://reader034.fdocuments.us/reader034/viewer/2022052619/5555e95dd8b42a8a5f8b47ce/html5/thumbnails/27.jpg)
- The user is often not concern to select who
can access his/her data.
- The user don’t use the available controls
because they appear too complex or time-
consuming (laziness or lack of knowledge).
WHY ATTACKERS SUCCESS IN FOOLING
SOCIAL NETWORKS USERS?
![Page 28: SOCIAL NETWORK SECURITY](https://reader034.fdocuments.us/reader034/viewer/2022052619/5555e95dd8b42a8a5f8b47ce/html5/thumbnails/28.jpg)
WHAT CAN AN ATTACKER DO WITH
LARGE NETWORK OF USERS?
![Page 29: SOCIAL NETWORK SECURITY](https://reader034.fdocuments.us/reader034/viewer/2022052619/5555e95dd8b42a8a5f8b47ce/html5/thumbnails/29.jpg)
WHAT CAN AN ATTACKER DO ?
• Advertise.
• Collect Contact Information.
• Phishing.
• Malware Installation.
![Page 30: SOCIAL NETWORK SECURITY](https://reader034.fdocuments.us/reader034/viewer/2022052619/5555e95dd8b42a8a5f8b47ce/html5/thumbnails/30.jpg)
WHEN SOCIAL NETWORKING
SITES CODE BREAKS !
![Page 31: SOCIAL NETWORK SECURITY](https://reader034.fdocuments.us/reader034/viewer/2022052619/5555e95dd8b42a8a5f8b47ce/html5/thumbnails/31.jpg)
WHEN CODE BREAKS
• Attack vector is the exploitation of programming flaws in websites.
• These Web pages have been made by humans and they can have errors that could compromise the site’s security measures.
• Poor security, weak administration practices, or badly written code can all help attackers to gather your data or help them stage a bigger attack against any number of users.
![Page 32: SOCIAL NETWORK SECURITY](https://reader034.fdocuments.us/reader034/viewer/2022052619/5555e95dd8b42a8a5f8b47ce/html5/thumbnails/32.jpg)
• Social networking sites keep adding to their security controls and refining their existing ones.
• But as in any development project, they also continue to innovate on their platforms and add exciting new features.
• These new options need to keep up with the security features or they too will suffer from security weaknesses.
WHEN CODE BREAKS
![Page 33: SOCIAL NETWORK SECURITY](https://reader034.fdocuments.us/reader034/viewer/2022052619/5555e95dd8b42a8a5f8b47ce/html5/thumbnails/33.jpg)
CODE BREAKS EXAMPLES
![Page 34: SOCIAL NETWORK SECURITY](https://reader034.fdocuments.us/reader034/viewer/2022052619/5555e95dd8b42a8a5f8b47ce/html5/thumbnails/34.jpg)
• In Pinterest, a cross-site scripting
vulnerability and an iframe injection issue
had been identified that could allow
hackers to hijack user accounts and
perform other malicious operations.
• It had been found a URL redirection flaw
that could redirect the site’s visitors to
other potentially malicious domains.
![Page 35: SOCIAL NETWORK SECURITY](https://reader034.fdocuments.us/reader034/viewer/2022052619/5555e95dd8b42a8a5f8b47ce/html5/thumbnails/35.jpg)
CODE BREAKS EXAMPLES
![Page 36: SOCIAL NETWORK SECURITY](https://reader034.fdocuments.us/reader034/viewer/2022052619/5555e95dd8b42a8a5f8b47ce/html5/thumbnails/36.jpg)
• There have been instances of security flaws
on Facebook that allowed anybody to access
the “basic information” data of any user, no
matter what their security settings were.
• This attack was released by casual users after
Facebook ignored the users’ warnings for a
few days. No great knowledge was needed in
this case to exploit a security weakness.
![Page 37: SOCIAL NETWORK SECURITY](https://reader034.fdocuments.us/reader034/viewer/2022052619/5555e95dd8b42a8a5f8b47ce/html5/thumbnails/37.jpg)
CODE BREAKS EXAMPLES
![Page 38: SOCIAL NETWORK SECURITY](https://reader034.fdocuments.us/reader034/viewer/2022052619/5555e95dd8b42a8a5f8b47ce/html5/thumbnails/38.jpg)
• Twitter had “cross-site scripting” attacks
performed against it. In these attacks, the
attackers could change the Twitter status
of any user accessing the attacker’s
account.
• This meant that the bad guys could make
you tweet bad links so your Twitter
followers would be at risk of being
infected.
![Page 39: SOCIAL NETWORK SECURITY](https://reader034.fdocuments.us/reader034/viewer/2022052619/5555e95dd8b42a8a5f8b47ce/html5/thumbnails/39.jpg)
CODE BREAKS EXAMPLES
![Page 40: SOCIAL NETWORK SECURITY](https://reader034.fdocuments.us/reader034/viewer/2022052619/5555e95dd8b42a8a5f8b47ce/html5/thumbnails/40.jpg)
• MySpace was attacked in 2007 by a JavaScript
that would copy itself to the viewer’s profile
along with a piece of text—“Samy is my hero.”
This was caused by a security flaw that could
have caused the victim to run any other
command like redirecting the page to a
malicious website.
• Thankfully, the young man who discovered the
flaw and created the worm only wanted to have
more friends added to his profile.
MySpace
![Page 41: SOCIAL NETWORK SECURITY](https://reader034.fdocuments.us/reader034/viewer/2022052619/5555e95dd8b42a8a5f8b47ce/html5/thumbnails/41.jpg)
• These Four examples are not the only cases of security flaws on social networking sites.
• In fact, such flaws are identified frequently.
• News about such security holes are released every month and are a concern for all affected web-sites and their users.
• Since their solution is out of the user’s hands, it is difficult or impossible to do anything about them.
WHEN CODE BREAKS:
EXAMPLES
![Page 42: SOCIAL NETWORK SECURITY](https://reader034.fdocuments.us/reader034/viewer/2022052619/5555e95dd8b42a8a5f8b47ce/html5/thumbnails/42.jpg)
• There are some simple steps and points
that we should consider to protect our
privacy in social networks such as:
– Keep your information as general as possible.
– Read the privacy policy of social networking
sites.
– Do not add people that you don’t Know or
trust.
SUMMARY
![Page 43: SOCIAL NETWORK SECURITY](https://reader034.fdocuments.us/reader034/viewer/2022052619/5555e95dd8b42a8a5f8b47ce/html5/thumbnails/43.jpg)
– If you are using social networks to meet new
people you should create a special account
for that.
– Do not click any unknown or suspicious
hyperlinks.
– Remember that any data you publish in the
Internet it will be there forever and anyone
could use and share it.
SUMMARY
![Page 44: SOCIAL NETWORK SECURITY](https://reader034.fdocuments.us/reader034/viewer/2022052619/5555e95dd8b42a8a5f8b47ce/html5/thumbnails/44.jpg)
![Page 45: SOCIAL NETWORK SECURITY](https://reader034.fdocuments.us/reader034/viewer/2022052619/5555e95dd8b42a8a5f8b47ce/html5/thumbnails/45.jpg)
REFERENCES [1] http://www.hausarbeiten.de/faecher/vorschau/147360.html
[2] http://us.trendmicro.com/us/trendwatch/current-threat activity/undergroundeconomy/index.html
[3] http://www.w3.org/2008/09/msnws/papers/NETWORKS_LEGAL_PROBLEMS.PDF
[4] http://www.dailymail.co.uk/news/article-1197562/MI6-chief-blows-cover-wifes-Facebook-account-revealsfamily-holidays-showbiz-friends-links-David-Irving.html
[5] http://www.onrec.com/newsstories/17612.asp
[6] http://www.scmagazineus.com/Facebook-bloggers-reveal-way-to-peek-at-private-profiles/article/138867/
[7] http://blogs.computerworld.com/twitter_stalkdaily_mikeyy_xss_worm
[8] http://www.betanews.com/article/CrossSite-Scripting-Worm-Hits-MySpace/1129232391
![Page 46: SOCIAL NETWORK SECURITY](https://reader034.fdocuments.us/reader034/viewer/2022052619/5555e95dd8b42a8a5f8b47ce/html5/thumbnails/46.jpg)