Social Network Are We Secure Enough?

decisioncrunchNetworking and Communications

Nov 20, 2013 (3 years and 4 months ago)

50 views

Social Network

Are We Secure Enough?

By

Arwa Binsaleh

Outline

*
OSN
overview

*
Threats and
attacks

*
Solutions and
advises

*
Conclusion: are
we secure enough
?

1

Online Social Networking (OSN)

*
Enable

people

to

connect

with

each

other,

share

information

*
Common

friends,

interests,

personal

info


*
Post

photos,

videos,

etc
.

for

others

to

see

*
Communicate

via

email,

instant

message,

etc
.

2

3

OSN T
ypes

*
Facebook

&

MySpace



free

access

social

networking

websites

*
Twitter



“micro”

blog



140

characters

or

less

*
YouTube



Video

Sharing

Sites

*
Blog



shared

on
-
line

journal



4

5

6

7

OSN Popularity

*
Over 900 million Facebook users worldwide

*
Over 140 million
Twitter
users

*
Over 175 million LinkedIn


members
in
over


200 countries*

*Source: Canadian social media survey, 2009

8

Which Social Network Do You Think
Poses The Biggest Risk To Security?**

**Source: Sophos
2010 Security Threat
Report

9

Threats

and Attacks


*
OSN

Variants

of

Traditional

Network

and

Information

Security

Threats

*
Identity

Related

Threats

*
Privacy

Related

Threats

*
Social

Threats

10

OSN Variants
of Traditional Network
and Information Security Threats

Trojans

*
Social

networks

have

become

a

great

vector

for

Trojans

--

"click

here"

and

you

get
:

*

Zeus

--

a

potent

and

popular

banking

Trojan

in

social






networks

in

2009

*

URL

Zone

--

calculates

the

value

of

the

victim's














accounts

12

Malware

*
Spread

viruses

and

Trojan

horses

*
Ex
:

a

malicious

link

prompt

a

file

download

to

view

a

news

article

or

video

*
If

a

user

complies,

malware

installs

on

his

device

and

quickly

spreads

throughout

network

*
Best
-
known

example
:

Koobface

13

URL
Shortening

*
Due

to

the

small

space

allotted

by

the

network

sites,

third
-
party

services

such

as
:


http
:
//tinyurl
.
com
/

or

http
:
//bit
.
ly
/


will

“encode”

the

URL

into

a

much

shorter

version


Risks
:

*
URL

really

does

not

tell

you

the

true

destination

of

the

link

*
May

contain

drive
-
by

malware

14

OSN 3rd Party Applications

*
Games,

quizzes,

“cute”

stuff

*
Untested

by

Facebook



anyone

can

write

one
...


*
No

Terms

and

Conditions



either

allow

or

deny

*
Installation

gives

developers

rights

to

look

at

your

profile

and

overrides

your

privacy

settings!

15

Identity Related
Threats

16

Profile Squatting Through Identity
Theft

*
vulnerabilities
:

A

malicious

attacker

can

create

a

fake

profile

to

a

person

causing

all

sorts

of

problems

for

the

victim

*
Risks
:

a

significant

damage

to

the

reputation

of

a

person

which

may

in

turn

lead

to

the

financial

and

social

embarrassment

17

Identity
Theft Example

18

Phishing Attacks

*
Gain

sensitive

information

such

as

usernames,

passwords,

and

credit

card

details

by

posing

as

a

trustworthy

entity


*
After

they

gather

a

large

number

of

friends

by

using

a

fake

OSN

profile,

they

send

a

link

to

this

Phishing

site

19

Phishing
Attack Example

20

Data
leakage

*
Share

too

much

about

the

organization’s

sensitive

information

*
Spouses

over
-
share

how

much

their

partner

is

working

late

on

top
-
secret

project

*
Risks
:

embarrassing,

damaging

and

legal

21

Privacy Related Threats

OSN Information
Privacy

*
Information

posted

on

OSNs

is

generally

public

*
Unless

you

set

privacy

settings

appropriately

*
“I’ll

be

on

vacation”

post

plus

geolocation

invites

burglars,

i
.
e
.
,

“Please

Rob

Me”


*
The

dangers

of

posting

Credit

Cards,

IDs

on

OSNs

23



Credit Cards Posting on OSNs

24

ID Posting
on OSNs

25

Geo
-
tagging

*
process

of

adding

geographical

identification

metadata

to

various

media

such

as

photographs,

video,

or

websites

*
Ex
:

Facebook


*
Risks
:

can

give

someone

intent

on

causing

you

harm

the

opportunity

to

know

your

exact

location




26

Social Threats

Stalking

*
The

ability

for

malicious

users

to

figure

out

where

a

target

is

physically

is

very

dangerous


*
Risks
:

it

opens

up

opportunities

for

burglary,

assault

and

kidnapping

28

Cyber
Bullying
& Harassment

*
Cyber

bullying

can

range

from

embarrassing

or

cruel

online

posts

or

digital

pictures,

to

online

threats,

harassment,

and

negative

comments,

to

stalking

through

emails,

websites,

and

social

networks


29

Solutions and Advises

“Do’s”

*
Use

strong,

unique

passwords

*
Provide

minimal

personal

information
:

avoid

entering

birthdate,

address,

etc
.

*
Review

privacy

settings,

set

them

to

“maximum

privacy”


Friends

of

friends”

includes

far

more

people

than

“friends

only”

*
Be

wary

of

3
rd

party

apps,

ads,

etc
.

*
Use

browser

security

tools

for

protection
:

Anti
-
phishing

filters

(IE,

Firefox)


*
Supervise

children’s

OSN

activity

31

“Don’ts”

*
Don’t
:

Discuss

Details

*
Never

post

anything

you

would

not

tell

directly

to

the

enemy


*
Never

post

private

or

personal

information

*
Assume

the

information

you

share

will

be

made

public

*
Details

make

you

vulnerable

32

Social Network

Are We Secure Enough?

Conclusion

*
No,

we

are

not

secured

enough!

*
Social

networking

sites

can

be

valuable

and

useful

tools


*
However,

these

sites

have

security

risks

that

can

put

the

individual

or

a

company

in

a

compromising

position

or

at

serious

risk

34

References

[
1
]

Al

Hasib
,

Abdullah
.

"Threats

of

online

social

networks
.
"

IJCSNS

International

Journal


of

Computer

Science

and

Network

Security

9
.
11

(
2009
)
:

288
-
93
.

[
2
]

Ghari
,

Wajeb
,

and

Maha

Shaabi
.

"Cyber

Threats

In

Social

Networking

Websites
.
"


International

Journal

3
.

[
3
]

Internet

Social

Networking

Risks

by

FBI

on


https
:
//www
.
fbi
.
gov/about
-
us/investigate/counterintelligence/internet
-
social
-
networking
-
risks

[
4
]

Rosenblum
,

David
.

"What

anyone

can

know
:

The

privacy

risks

of

social

networking


sites
.


Security

&

Privacy,

IEEE

5
.
3

(
2007
)
:

40
-
49
.

[
5
]

Shin
,

Dong
-
Hee
.

"The

effects

of

trust,

security

and

privacy

in

social

networking
:

a


security
-
based

approach

to

understand

the

pattern

of

adoption
.
"

Interacting

with


Computers

22
.
5

(
2010
)
:

428
-
438
.

[
6
]

http
:
//www
.
youtube
.
com/watch?v=
ej
7
afkypUsc

35

The End

Thank You!