Your SlideShare is downloading. ×
SOCIAL NETWORK SECURITY
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

SOCIAL NETWORK SECURITY

1,007
views

Published on

Mohammad Al Hamami presented "SOCIAL NETWORK SECURITY" at #SMMF2012 #Bahrain

Mohammad Al Hamami presented "SOCIAL NETWORK SECURITY" at #SMMF2012 #Bahrain

Published in: Business, Technology

0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,007
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
85
Comments
0
Likes
2
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. THE SECURITY AWARNESS OFSOCIAL NETWORKING SITES USAGE DR. MOHAMMAD ALAA AL-HAMAMI DELMON UNIVERSITY FOR SCIENCE AND TECHNOLOGY
  • 2. INTRODUCTION
  • 3. INTRODUCTION• Social networking sites enhance our life, we can’t count the advantages that we could get if we use them in a good manner.• But at the same time these sites could be a main security threat if we don’t have the awareness to use them in a safety way.
  • 4. THE DANGER OF SOCIAL NETWORKS
  • 5. THE DANGER OF SOCIALNETWORKS• Social networking sites can be: – A source of personal & business information leaks. – A malware attack vector when not used carefully.• Users trust their contacts to: – Not send bad links. – Not trying to infect their computers. – And take good care of their personal data.• URL shorteners are a security concern and should be taken very seriously in social networks.
  • 6. SOCIAL NETWORKS PROBLEMSFROM A LEGAL POINT OF VIEW
  • 7. SOCIAL NETWORKS PROBLEMSFROM A LEGAL POINT OF VIEW • Violation user’s data protection rights. • Identity Fraud. • Absence of uniform rule at the international level.
  • 8. WHAT COULD GO WRONG INSOCIAL NETWORKING SITES?
  • 9. WHAT COULD GO WRONG?• Your contact’s account is compromised and somebody else is using it.• You added somebody to your network that you thought you knew but, in fact, you did not.• You added somebody you thought was trustworthy but he/she turns out not to be.• Insufficient use of privacy controls caused you to share data with people you never intended.
  • 10. WHAT DATA THAT COULD BEMINED IN SOCIAL NETWORKS?
  • 11. Social networks contain a wealth of information like:
  • 12. DATA THAT COULD BE MINED INSOCIAL NETWORKS • USER IDENTIFIERS AND ATTRIBUTES. • CONTACT INFORMATION . • WORK. • EDUCATION. • PERSONAL INFORMATION AND INTERESTS . • CONNECTION AND USAGE INFORMATION .
  • 13. These informationare treasure forAttackers andCriminals !
  • 14. SO WHAT ATTACKERS WILLDO WITH THE MINED DATA?
  • 15. SO WHAT ATTACKERS WILL DOWITH THE MINED DATA?• Underground forums sell information: – Your data can be mined and stored somewhere in the dark corners of the Internet waiting for a criminal to pay the right price for it. – Criminals can use this information to obtain birth certificates/passports and other documents.
  • 16. MOST IMPORTANT DATA FOR ATTACKERS
  • 17. MOST IMPORTANT DATA FORATTACKERS• Email addresses: – Used for spam campaigns. – Can be categorized to improve the impact of the campaign like age, country and other factors so that its market price is higher than just any normal email address. – Can also be a great value for phishing campaigns.
  • 18. MOST IMPORTANT DATA FORATTACKERS• Real-life addresses: – Often shared in social networking sites. – They can be used to collect mailing databases for advertising purposes in a similar way as described above.
  • 19. MOST IMPORTANT DATA FORATTACKERS• Date of birth: – Used by different companies to confirm people’s identities over the telephone. – Criminals have tools to automate “date of birth” searches in social networking sites.
  • 20. MOST IMPORTANT DATA FORATTACKERS• Public Profile: – A potential massive data-leak-age. – Social networking search engines can search all available data about any name in a certain region. – Public profile makes the lives of stalkers, fraudsters, or any other attackers much easier.
  • 21. PRIVACY IN A CONNECTED WORLD: A STORY
  • 22. PRIVACY IN A CONNECTED WORLD:A STORY • In July 2009, the wife of a high-level government executive in the UK published personal data in a social networking site. • This had get a lot of attention: – Not for the confidentiality of the content, – But for the lack of awareness about the accessibility of your online content. – There is also another issue to play here, the fact that once you publish anything online, you will lose the control over it, people leech and republish it on places you do not even know !
  • 23. HOW CAN ATTACKERS FOOLSOCIAL NETWORKS USERS?
  • 24. HOW CAN ATTACKERS FOOL SOCIALNETWORKS USERS? • Creating a fake celebrity profile. • Creating a duplicate of somebody’s profile. • Creating a profile, adding themselves to a medium-sized group or community. Then joining a second group and starting again. • Creating a female profile and publishing a pretty picture of “herself”.
  • 25. WHY ATTACKERS SUCCESS IN FOOLING SOCIAL NETWORKS USERS?
  • 26. WHY ATTACKERS SUCCESS IN FOOLINGSOCIAL NETWORKS USERS? - A lot of users don’t realize that: - Their contact lists is a circle of trust. - And by adding somebody they don’t know they are opening their data to untrusted parties. - Some sites don’t have privacy controls in place, or the ones they have do not protect all user data.
  • 27. WHY ATTACKERS SUCCESS IN FOOLINGSOCIAL NETWORKS USERS? - The user is often not concern to select who can access his/her data. - The user don’t use the available controls because they appear too complex or time- consuming (laziness or lack of knowledge).
  • 28. WHAT CAN AN ATTACKER DO WITH LARGE NETWORK OF USERS?
  • 29. WHAT CAN AN ATTACKER DO ?• Advertise.• Collect Contact Information.• Phishing.• Malware Installation.
  • 30. WHEN SOCIAL NETWORKING SITES CODE BREAKS !
  • 31. WHEN CODE BREAKS• Attack vector is the exploitation of programming flaws in websites.• These Web pages have been made by humans and they can have errors that could compromise the site’s security measures.• Poor security, weak administration practices, or badly written code can all help attackers to gather your data or help them stage a bigger attack against any number of users.
  • 32. WHEN CODE BREAKS• Social networking sites keep adding to their security controls and refining their existing ones.• But as in any development project, they also continue to innovate on their platforms and add exciting new features.• These new options need to keep up with the security features or they too will suffer from security weaknesses.
  • 33. CODE BREAKS EXAMPLES
  • 34. Pinterest• In Pinterest, a cross-site scripting vulnerability and an iframe injection issue had been identified that could allow hackers to hijack user accounts and perform other malicious operations.• It had been found a URL redirection flaw that could redirect the site’s visitors to other potentially malicious domains.
  • 35. CODE BREAKS EXAMPLES
  • 36. Facebook• There have been instances of security flaws on Facebook that allowed anybody to access the “basic information” data of any user, no matter what their security settings were.• This attack was released by casual users after Facebook ignored the users’ warnings for a few days. No great knowledge was needed in this case to exploit a security weakness.
  • 37. CODE BREAKS EXAMPLES
  • 38. Twitter• Twitter had “cross-site scripting” attacks performed against it. In these attacks, the attackers could change the Twitter status of any user accessing the attacker’s account.• This meant that the bad guys could make you tweet bad links so your Twitter followers would be at risk of being infected.
  • 39. CODE BREAKS EXAMPLES
  • 40. MySpace• MySpace was attacked in 2007 by a JavaScript that would copy itself to the viewer’s profile along with a piece of text—“Samy is my hero.” This was caused by a security flaw that could have caused the victim to run any other command like redirecting the page to a malicious website.• Thankfully, the young man who discovered the flaw and created the worm only wanted to have more friends added to his profile.
  • 41. WHEN CODE BREAKS:EXAMPLES• These Four examples are not the only cases of security flaws on social networking sites.• In fact, such flaws are identified frequently.• News about such security holes are released every month and are a concern for all affected web-sites and their users.• Since their solution is out of the user’s hands, it is difficult or impossible to do anything about them.
  • 42. SUMMARY• There are some simple steps and points that we should consider to protect our privacy in social networks such as: – Keep your information as general as possible. – Read the privacy policy of social networking sites. – Do not add people that you don’t Know or trust.
  • 43. SUMMARY – If you are using social networks to meet new people you should create a special account for that. – Do not click any unknown or suspicious hyperlinks. – Remember that any data you publish in the Internet it will be there forever and anyone could use and share it.
  • 44. REFERENCES[1] http://www.hausarbeiten.de/faecher/vorschau/147360.html[2] http://us.trendmicro.com/us/trendwatch/current-threat activity/undergroundeconomy/index.html[3] http://www.w3.org/2008/09/msnws/papers/NETWORKS_LEGAL_PROBLEMS.PDF[4] http://www.dailymail.co.uk/news/article-1197562/MI6-chief-blows-cover-wifes-Facebook- account-revealsfamily-holidays-showbiz-friends-links-David-Irving.html[5] http://www.onrec.com/newsstories/17612.asp[6] http://www.scmagazineus.com/Facebook-bloggers-reveal-way-to-peek-at-private- profiles/article/138867/[7] http://blogs.computerworld.com/twitter_stalkdaily_mikeyy_xss_worm[8] http://www.betanews.com/article/CrossSite-Scripting-Worm-Hits-MySpace/1129232391