Facebook security


Published on

Prezentacija studenta sa Računarskog fakulteta u Beogradu

  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Facebook security

  1. 1. Social Networking Security  Milos Stankovic
  2. 2. Social Networking Security Secure your Social environment.  Facebook, MySpace, My Life, Google + Privacy and Security Settings  Do not leave settings as default  Go through the custom settings  87% of Facebook users have Friends of Friends set.  Settings change when Facebook changes  need to check these as we all know how often Facebook changes
  3. 3. Social Networking Security To whom is your information available?  Friends, groups, friends of friends, everyone  Applications – privacy policies What’s available?  Where you are and long you will be there  “Checking in”  Vacations – I’m going to be away, so I’m not HOME!  Confidential Information Useful for:  ID Theft or answers to your secret questions  Posing as friend
  4. 4. Table of Contents Definition of social networking sites Potential threats Real life examples Related work A proposed model
  5. 5. Fig. 1 Fast growing number of patent applications in social network
  6. 6. Social Network Sites/Services (SNS)continued Mimicking in-person interactions Storing large amount of personal information  Violating the principle of least privilege  Users inclined to reveal private info/activities to someone they know Bringing security issues
  7. 7. Security issues from SNS Accidental data release Intentional use of private data for marketing purposes Identity theft Worms and viruses And many more
  8. 8. A recent famous case: M16 chief’s wife blows his cover on Facebook Details on where they live and work, their friends’ identities Sir John Sawer on the beach in one of the family photos
  9. 9. Another case US Marines prohibits Twitter, MySpace, Facebook. Effective immediately. (As of Aug 03, 2009 ) Will last a year. A waiver is possible.
  10. 10. Facebook’s new featuresFacebook: change in geographynetworks and new privacy features.
  11. 11. Facebook Options Facebook User Facebook Page Facebook Group  Open: All content is public  Closed: Limited public content; members can see all content.  Secret: Members and content are private.
  12. 12. Facebook Group Problems1. Members can add friends  Friends could add you to the new group2. When Facebook group administrators step down, anyone else can take over  For small groups, administrators can edit  group name or info  moderate discussion  message group members
  13. 13. Are there other risks? “Checking In” shares your current location on…  Foursquare and Facebook Places Benefits: Discounts and Offers Risks: Confrontations and Break-ins
  14. 14. Cyberbullying vs. TraditionalBullying  The perpetrator can be anonymous  The size of the audience is enormous  The perpetrator has finer access to the target  There are no non-verbal cues (gestures, tone of voice, etc.) to clarify communication  The perpetrator does not witness the harm directly – no opportunity for empathy
  15. 15. Why don’t young people report it? Adults are incapable of Technology Young people are digital natives while adults are digital immigrants They expected solution - “just don’t use the device or site” Misunderstanding the importance of technology to young people
  16. 16. Minimize chances of being avictim  Setting privacy settings carefully  Do NOT share passwords  Avoid websites that are designed for malicious  Be vigilant  Report abuse on websites when it occurs  Save “cyber-footprints”  Block or de-friend offenders.
  17. 17. Facebook – the newbackground check  Employers are using social networks to screen job applicants – 91%  Screening is done early on  Facebook, Twitter, Flickr, YouTube give employers a personal view of candidates  Social Intelligence Corp., scours the Internet
  18. 18. Work that is being done Matthew M. Lucas - flyByNight Encrypts private information separates sensitive data from Facebook servers and public access Users must install a javascript client The vulnerability of the flyByNight server is unknown
  19. 19. Work that is being done, cont’d Andrew Besmer - user-to-application policy, in addition to existing user-to- user policy and default application policy Effectively limits the applications’ access to users private information Complex, time-consuming settings for applications may impel users to skip applying proper policies
  20. 20. Facebook Security Facebook provides easy tools to help you:  Keep track of your activity  Keep track of your logins  Control the information you share  Prove your identity if you ever lose access to your account
  21. 21. Facebook Security Tips
  22. 22. A User-Server-Agent Model View Audition Log USER SERVER INDEPENDENT INVESTIGATOR (AGENT)
  23. 23. A User-Server-Agent Model Audits all access Server audits users’ activities information  Log in time, duration, IP addresses, access information Users can view activities SERVER related to their own accounts Provides log upon Agents can view all activities request of specified accounts
  24. 24. A User-Server-Agent ModelWhat a user sees What an agent sees Kevin’s visit Kevin visits Sara Bella’s visit Kevin visits Mike Sara’s visit Kevin visits Dave Mike’s visit Kevin visits Alice Dave’s visit . .USER INDEPENDENT . . INVESTIGATOR . . (AGENT)
  25. 25. A User-Server-Agent Model Accepts Investigation Step I Requests Step III Provides Results to User Step II INDEPENDENT INVESTGATOR (AGENT) Analyze Information On server
  26. 26. A User-Server-Agent Model Agent receives decrypted request from user  Alice sends request for concern about Kevin’s activities  Agent will see “03tn90a” and “01ad53h” in stead of “Alice” and “Kevin”, in the request Agent connects to server, asks for information on account 01ad53h After decryption server recognizes account name is Kevin
  27. 27. A User-Server-Agent Model What action can an agent perform?  Use combined policies to detect unusual activities: IP address, multiple profiles access in a short term, inactive socializing activities How can an agent help a user?  Simplest: suggest revoking “friend” label of malicious users  Suggest server take action on malicious accounts  Report to authorities when necessary
  28. 28. Conclusion Increasing use of SNS Security/privacy is a big issue User-Server-Agent model
  29. 29. Future work Investigate/watch privacy frequently Other functions will be added
  30. 30. Thank you! Any questions..