Your SlideShare is downloading. ×
Facebook security
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Facebook security

164
views

Published on

Prezentacija studenta sa Računarskog fakulteta u Beogradu

Prezentacija studenta sa Računarskog fakulteta u Beogradu


0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
164
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
11
Comments
0
Likes
2
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Social Networking Security  Milos Stankovic
  • 2. Social Networking Security Secure your Social environment.  Facebook, MySpace, My Life, Google + Privacy and Security Settings  Do not leave settings as default  Go through the custom settings  87% of Facebook users have Friends of Friends set.  Settings change when Facebook changes  need to check these as we all know how often Facebook changes
  • 3. Social Networking Security To whom is your information available?  Friends, groups, friends of friends, everyone  Applications – privacy policies What’s available?  Where you are and long you will be there  “Checking in”  Vacations – I’m going to be away, so I’m not HOME!  Confidential Information Useful for:  ID Theft or answers to your secret questions  Posing as friend
  • 4. Table of Contents Definition of social networking sites Potential threats Real life examples Related work A proposed model
  • 5. Fig. 1 Fast growing number of patent applications in social network
  • 6. Social Network Sites/Services (SNS)continued Mimicking in-person interactions Storing large amount of personal information  Violating the principle of least privilege  Users inclined to reveal private info/activities to someone they know Bringing security issues
  • 7. Security issues from SNS Accidental data release Intentional use of private data for marketing purposes Identity theft Worms and viruses And many more
  • 8. A recent famous case: M16 chief’s wife blows his cover on Facebook Details on where they live and work, their friends’ identities Sir John Sawer on the beach in one of the family photos
  • 9. Another case US Marines prohibits Twitter, MySpace, Facebook. Effective immediately. (As of Aug 03, 2009 ) Will last a year. A waiver is possible.
  • 10. Facebook’s new featuresFacebook: change in geographynetworks and new privacy features.
  • 11. Facebook Options Facebook User Facebook Page Facebook Group  Open: All content is public  Closed: Limited public content; members can see all content.  Secret: Members and content are private.
  • 12. Facebook Group Problems1. Members can add friends  Friends could add you to the new group2. When Facebook group administrators step down, anyone else can take over  For small groups, administrators can edit  group name or info  moderate discussion  message group members
  • 13. Are there other risks? “Checking In” shares your current location on…  Foursquare and Facebook Places Benefits: Discounts and Offers Risks: Confrontations and Break-ins
  • 14. Cyberbullying vs. TraditionalBullying  The perpetrator can be anonymous  The size of the audience is enormous  The perpetrator has finer access to the target  There are no non-verbal cues (gestures, tone of voice, etc.) to clarify communication  The perpetrator does not witness the harm directly – no opportunity for empathy
  • 15. Why don’t young people report it? Adults are incapable of Technology Young people are digital natives while adults are digital immigrants They expected solution - “just don’t use the device or site” Misunderstanding the importance of technology to young people
  • 16. Minimize chances of being avictim  Setting privacy settings carefully  Do NOT share passwords  Avoid websites that are designed for malicious  Be vigilant  Report abuse on websites when it occurs  Save “cyber-footprints”  Block or de-friend offenders.
  • 17. Facebook – the newbackground check  Employers are using social networks to screen job applicants – 91%  Screening is done early on  Facebook, Twitter, Flickr, YouTube give employers a personal view of candidates  Social Intelligence Corp., scours the Internet
  • 18. Work that is being done Matthew M. Lucas - flyByNight Encrypts private information separates sensitive data from Facebook servers and public access Users must install a javascript client The vulnerability of the flyByNight server is unknown
  • 19. Work that is being done, cont’d Andrew Besmer - user-to-application policy, in addition to existing user-to- user policy and default application policy Effectively limits the applications’ access to users private information Complex, time-consuming settings for applications may impel users to skip applying proper policies
  • 20. Facebook Security Facebook provides easy tools to help you:  Keep track of your activity  Keep track of your logins  Control the information you share  Prove your identity if you ever lose access to your account
  • 21. Facebook Security Tips
  • 22. A User-Server-Agent Model View Audition Log USER SERVER INDEPENDENT INVESTIGATOR (AGENT)
  • 23. A User-Server-Agent Model Audits all access Server audits users’ activities information  Log in time, duration, IP addresses, access information Users can view activities SERVER related to their own accounts Provides log upon Agents can view all activities request of specified accounts
  • 24. A User-Server-Agent ModelWhat a user sees What an agent sees Kevin’s visit Kevin visits Sara Bella’s visit Kevin visits Mike Sara’s visit Kevin visits Dave Mike’s visit Kevin visits Alice Dave’s visit . .USER INDEPENDENT . . INVESTIGATOR . . (AGENT)
  • 25. A User-Server-Agent Model Accepts Investigation Step I Requests Step III Provides Results to User Step II INDEPENDENT INVESTGATOR (AGENT) Analyze Information On server
  • 26. A User-Server-Agent Model Agent receives decrypted request from user  Alice sends request for concern about Kevin’s activities  Agent will see “03tn90a” and “01ad53h” in stead of “Alice” and “Kevin”, in the request Agent connects to server, asks for information on account 01ad53h After decryption server recognizes account name is Kevin
  • 27. A User-Server-Agent Model What action can an agent perform?  Use combined policies to detect unusual activities: IP address, multiple profiles access in a short term, inactive socializing activities How can an agent help a user?  Simplest: suggest revoking “friend” label of malicious users  Suggest server take action on malicious accounts  Report to authorities when necessary
  • 28. Conclusion Increasing use of SNS Security/privacy is a big issue User-Server-Agent model
  • 29. Future work Investigate/watch privacy frequently Other functions will be added
  • 30. Thank you! Any questions..