SlideShare a Scribd company logo

Facebook security

Download as PPT, PDF
P
PRESENTATIONSFORESL

This document discusses social networking security and privacy issues. It recommends users carefully adjust their privacy settings on social networks as the default settings often reveal too much information. It also advises users to be aware of what information is visible to friends, friends of friends, and public viewers. The document provides examples of security issues like identity theft and discusses some proposed models for improving social network security and privacy, including one that uses an independent agent to analyze user account activity logs while preserving user privacy.

1 of 30
Social Networking Security  Milos Stankovic
Social Networking Security  Secure your Social environment.  Facebook, MySpace, My Life, Google +  Privacy and Security Settings  Do not leave settings as default  Go through the custom settings  87% of Facebook users have Friends of Friends set.  Settings change when Facebook changes  need to check these as we all know how often Facebook changes
Social Networking Security  To whom is your information available?  Friends, groups, friends of friends, everyone  Applications – privacy policies  What’s available?  Where you are and long you will be there  “Checking in”  Vacations – I’m going to be away, so I’m not HOME!  Confidential Information Useful for:  ID Theft or answers to your secret questions  Posing as friend
Table of Contents  Definition of social networking sites  Potential threats  Real life examples  Related work  A proposed model
Fig. 1 Fast growing number of patent applications in social network
Social Network Sites/Services (SNS) continued  Mimicking in-person interactions  Storing large amount of personal information  Violating the principle of least privilege  Users inclined to reveal private info/activities to someone they know  Bringing security issues
Security issues from SNS  Accidental data release  Intentional use of private data for marketing purposes  Identity theft  Worms and viruses  And many more
A recent famous case:  M16 chief’s wife blows his cover on Facebook  Details on where they live and work, their friends’ identities Sir John Sawer on the beach in one of the family photos
Another case  US Marines prohibits Twitter, MySpace, Facebook. Effective immediately. (As of Aug 03, 2009 )  Will last a year.  A waiver is possible.
Facebook’s new features Facebook: change in geography networks and new privacy features.
Facebook Options  Facebook User  Facebook Page  Facebook Group  Open: All content is public  Closed: Limited public content; members can see all content.  Secret: Members and content are private.
Facebook Group Problems 1. Members can add friends  Friends could add you to the new group 2. When Facebook group administrators step down, anyone else can take over  For small groups, administrators can edit  group name or info  moderate discussion  message group members
Are there other risks?  “Checking In” shares your current location on…  Foursquare and Facebook Places  Benefits: Discounts and Offers  Risks: Confrontations and Break-ins
Cyberbullying vs. Traditional Bullying  The perpetrator can be anonymous  The size of the audience is enormous  The perpetrator has finer access to the target  There are no non-verbal cues (gestures, tone of voice, etc.) to clarify communication  The perpetrator does not witness the harm directly – no opportunity for empathy
Why don’t young people report it?  Adults are incapable of Technology  Young people are digital natives while adults are digital immigrants  They expected solution - “just don’t use the device or site”  Misunderstanding the importance of technology to young people
Minimize chances of being a victim  Setting privacy settings carefully  Do NOT share passwords  Avoid websites that are designed for malicious  Be vigilant  Report abuse on websites when it occurs  Save “cyber-footprints”  Block or de-friend offenders.
Facebook – the new background check  Employers are using social networks to screen job applicants – 91%  Screening is done early on  Facebook, Twitter, Flickr, YouTube give employers a personal view of candidates  Social Intelligence Corp., scours the Internet
Work that is being done  Matthew M. Lucas - flyByNight  Encrypts private information  separates sensitive data from Facebook servers and public access  Users must install a javascript client  The vulnerability of the flyByNight server is unknown
Work that is being done, cont’d  Andrew Besmer - user-to-application policy, in addition to existing user-to- user policy and default application policy  Effectively limits the applications’ access to users private information  Complex, time-consuming settings for applications may impel users to skip applying proper policies
Facebook Security  Facebook provides easy tools to help you:  Keep track of your activity  Keep track of your logins  Control the information you share  Prove your identity if you ever lose access to your account
Facebook Security Tips
A User-Server-Agent Model View Audition Log USER SERVER INDEPENDENT INVESTIGATOR (AGENT)
A User-Server-Agent Model Audits all access  Server audits users’ activities information  Log in time, duration, IP addresses, access information  Users can view activities SERVER related to their own accounts Provides log upon  Agents can view all activities request of specified accounts
A User-Server-Agent Model What a user sees What an agent sees Kevin’s visit Kevin visits Sara Bella’s visit Kevin visits Mike Sara’s visit Kevin visits Dave Mike’s visit Kevin visits Alice Dave’s visit . . USER INDEPENDENT . . INVESTIGATOR . . (AGENT)
A User-Server-Agent Model Accepts Investigation Step I Requests Step III Provides Results to User Step II INDEPENDENT INVESTGATOR (AGENT) Analyze Information On server
A User-Server-Agent Model  Agent receives decrypted request from user  Alice sends request for concern about Kevin’s activities  Agent will see “03tn90a” and “01ad53h” in stead of “Alice” and “Kevin”, in the request  Agent connects to server, asks for information on account 01ad53h  After decryption server recognizes account name is Kevin
A User-Server-Agent Model  What action can an agent perform?  Use combined policies to detect unusual activities: IP address, multiple profiles access in a short term, inactive socializing activities  How can an agent help a user?  Simplest: suggest revoking “friend” label of malicious users  Suggest server take action on malicious accounts  Report to authorities when necessary
Conclusion  Increasing use of SNS  Security/privacy is a big issue  User-Server-Agent model
Future work  Investigate/watch privacy frequently  Other functions will be added
Thank you!  Any questions..

Recommended

Van 231 safe
Van 231 safe Van 231 safe
Van 231 safeellenquilt
 
Social network and digital security
Social network and digital securitySocial network and digital security
Social network and digital securityMohammadBanjar
 
Lesson iii-security-and-data-protection
Lesson iii-security-and-data-protectionLesson iii-security-and-data-protection
Lesson iii-security-and-data-protectionHannah323676
 
Social Media Safety Tips
Social Media Safety TipsSocial Media Safety Tips
Social Media Safety TipsDepartment of Defense
 
Safe Internet Banking Cyber Security
Safe Internet Banking Cyber SecuritySafe Internet Banking Cyber Security
Safe Internet Banking Cyber SecurityKushantha Gunawardana
 
Cyber ethics
Cyber ethicsCyber ethics
Cyber ethicsMohit Dholakiya
 
The Corporate Web Security Landscape
The Corporate Web Security LandscapeThe Corporate Web Security Landscape
The Corporate Web Security LandscapePeter Wood
 
Giarritano concept paper 4
Giarritano concept paper 4Giarritano concept paper 4
Giarritano concept paper 4leahg118
 

Recommended

Van 231 safe
Van 231 safe Van 231 safe
Van 231 safeellenquilt
 
Social network and digital security
Social network and digital securitySocial network and digital security
Social network and digital securityMohammadBanjar
 
Lesson iii-security-and-data-protection
Lesson iii-security-and-data-protectionLesson iii-security-and-data-protection
Lesson iii-security-and-data-protectionHannah323676
 
Social Media Safety Tips
Social Media Safety TipsSocial Media Safety Tips
Social Media Safety TipsDepartment of Defense
 
Safe Internet Banking Cyber Security
Safe Internet Banking Cyber SecuritySafe Internet Banking Cyber Security
Safe Internet Banking Cyber SecurityKushantha Gunawardana
 
Cyber ethics
Cyber ethicsCyber ethics
Cyber ethicsMohit Dholakiya
 
The Corporate Web Security Landscape
The Corporate Web Security LandscapeThe Corporate Web Security Landscape
The Corporate Web Security LandscapePeter Wood
 
Giarritano concept paper 4
Giarritano concept paper 4Giarritano concept paper 4
Giarritano concept paper 4leahg118
 
Facebook and security settings settings
Facebook and security settings settingsFacebook and security settings settings
Facebook and security settings settingsAbhishek Gupta
 
facebook secrets by SHASHI
facebook secrets by SHASHIfacebook secrets by SHASHI
facebook secrets by SHASHIshashi patel
 
Facebook and Security Settings Report
Facebook and Security Settings ReportFacebook and Security Settings Report
Facebook and Security Settings ReportAbhishek Gupta
 
Facebook Security
Facebook SecurityFacebook Security
Facebook SecurityNicholas Davis
 
How to prevent Road Accidents, Road Safety tips, Road Safety Seminar, Road Sa...
How to prevent Road Accidents, Road Safety tips, Road Safety Seminar, Road Sa...How to prevent Road Accidents, Road Safety tips, Road Safety Seminar, Road Sa...
How to prevent Road Accidents, Road Safety tips, Road Safety Seminar, Road Sa...Road Safety
 
Road Safety PowerPoint Presentation
Road Safety PowerPoint PresentationRoad Safety PowerPoint Presentation
Road Safety PowerPoint PresentationRoad Safety
 
Motion sensing and detection
Motion sensing and detectionMotion sensing and detection
Motion sensing and detectionNirav Soni
 
Road Safety Presentation
Road Safety PresentationRoad Safety Presentation
Road Safety Presentationtohjingfenyv
 
motion sensing technology
motion sensing technologymotion sensing technology
motion sensing technologySantosh Kumar
 
Facebook ppt
Facebook pptFacebook ppt
Facebook pptArya KrishnaKanth
 
Facebook Powerpoint
Facebook PowerpointFacebook Powerpoint
Facebook Powerpointmyra14
 
Tony Nadalin' presentation at eComm 2008
Tony Nadalin' presentation at eComm 2008Tony Nadalin' presentation at eComm 2008
Tony Nadalin' presentation at eComm 2008eComm2008
 
You are the weakest link
You are the weakest linkYou are the weakest link
You are the weakest linkSergio Dutra
 
Faculty presentation 21 st december 2015
Faculty presentation 21 st december 2015Faculty presentation 21 st december 2015
Faculty presentation 21 st december 2015Kamoru Abiodun Balogun(Bsc,MIT,CCNA,OCA,PhD inview UPM)
 
Databasetheft 151120161435-lva1-app6891
Databasetheft 151120161435-lva1-app6891Databasetheft 151120161435-lva1-app6891
Databasetheft 151120161435-lva1-app6891Risk Crew
 
Attacking the Privacy of Social Network users (HITB 2011)
Attacking the Privacy of Social Network users (HITB 2011)Attacking the Privacy of Social Network users (HITB 2011)
Attacking the Privacy of Social Network users (HITB 2011)Marco Balduzzi
 
Insider threat webinar slides no cn
Insider threat webinar slides no cnInsider threat webinar slides no cn
Insider threat webinar slides no cnDevOps.com
 
Self-Sovereign Identity: Lightening Talk at RightsCon
Self-Sovereign Identity: Lightening Talk at RightsCon Self-Sovereign Identity: Lightening Talk at RightsCon
Self-Sovereign Identity: Lightening Talk at RightsCon Kaliya "Identity Woman" Young
 
Safe Use Of Social Networks Final Draft
Safe Use Of Social Networks Final DraftSafe Use Of Social Networks Final Draft
Safe Use Of Social Networks Final Draftravichar
 
Luncheon 2015-11-19 - Lessons Learned from Avid Life Media by Rob Davis
Luncheon 2015-11-19 - Lessons Learned from Avid Life Media by Rob DavisLuncheon 2015-11-19 - Lessons Learned from Avid Life Media by Rob Davis
Luncheon 2015-11-19 - Lessons Learned from Avid Life Media by Rob DavisNorth Texas Chapter of the ISSA
 
Security threats in social networks
Security threats in social networksSecurity threats in social networks
Security threats in social networksTannistho Ghosh
 
How to get deeper administration insights into your tenant
How to get deeper administration insights into your tenantHow to get deeper administration insights into your tenant
How to get deeper administration insights into your tenantRobert Crane
 

More Related Content

Viewers also liked

Facebook and security settings settings
Facebook and security settings settingsFacebook and security settings settings
Facebook and security settings settingsAbhishek Gupta
 
facebook secrets by SHASHI
facebook secrets by SHASHIfacebook secrets by SHASHI
facebook secrets by SHASHIshashi patel
 
Facebook and Security Settings Report
Facebook and Security Settings ReportFacebook and Security Settings Report
Facebook and Security Settings ReportAbhishek Gupta
 
How to prevent Road Accidents, Road Safety tips, Road Safety Seminar, Road Sa...
How to prevent Road Accidents, Road Safety tips, Road Safety Seminar, Road Sa...How to prevent Road Accidents, Road Safety tips, Road Safety Seminar, Road Sa...
How to prevent Road Accidents, Road Safety tips, Road Safety Seminar, Road Sa...Road Safety
 
Road Safety PowerPoint Presentation
Road Safety PowerPoint PresentationRoad Safety PowerPoint Presentation
Road Safety PowerPoint PresentationRoad Safety
 
Motion sensing and detection
Motion sensing and detectionMotion sensing and detection
Motion sensing and detectionNirav Soni
 
Road Safety Presentation
Road Safety PresentationRoad Safety Presentation
Road Safety Presentationtohjingfenyv
 
motion sensing technology
motion sensing technologymotion sensing technology
motion sensing technologySantosh Kumar
 
Facebook Powerpoint
Facebook PowerpointFacebook Powerpoint
Facebook Powerpointmyra14
 

Viewers also liked (11)

Facebook and security settings settings
Facebook and security settings settingsFacebook and security settings settings
Facebook and security settings settings
 
facebook secrets by SHASHI
facebook secrets by SHASHIfacebook secrets by SHASHI
facebook secrets by SHASHI
 
Facebook and Security Settings Report
Facebook and Security Settings ReportFacebook and Security Settings Report
Facebook and Security Settings Report
 
Facebook Security
Facebook SecurityFacebook Security
Facebook Security
 
How to prevent Road Accidents, Road Safety tips, Road Safety Seminar, Road Sa...
How to prevent Road Accidents, Road Safety tips, Road Safety Seminar, Road Sa...How to prevent Road Accidents, Road Safety tips, Road Safety Seminar, Road Sa...
How to prevent Road Accidents, Road Safety tips, Road Safety Seminar, Road Sa...
 
Road Safety PowerPoint Presentation
Road Safety PowerPoint PresentationRoad Safety PowerPoint Presentation
Road Safety PowerPoint Presentation
 
Motion sensing and detection
Motion sensing and detectionMotion sensing and detection
Motion sensing and detection
 
Road Safety Presentation
Road Safety PresentationRoad Safety Presentation
Road Safety Presentation
 
motion sensing technology
motion sensing technologymotion sensing technology
motion sensing technology
 
Facebook ppt
Facebook pptFacebook ppt
Facebook ppt
 
Facebook Powerpoint
Facebook PowerpointFacebook Powerpoint
Facebook Powerpoint
 

Similar to Facebook security

Tony Nadalin' presentation at eComm 2008
Tony Nadalin' presentation at eComm 2008Tony Nadalin' presentation at eComm 2008
Tony Nadalin' presentation at eComm 2008eComm2008
 
You are the weakest link
You are the weakest linkYou are the weakest link
You are the weakest linkSergio Dutra
 
Databasetheft 151120161435-lva1-app6891
Databasetheft 151120161435-lva1-app6891Databasetheft 151120161435-lva1-app6891
Databasetheft 151120161435-lva1-app6891Risk Crew
 
Attacking the Privacy of Social Network users (HITB 2011)
Attacking the Privacy of Social Network users (HITB 2011)Attacking the Privacy of Social Network users (HITB 2011)
Attacking the Privacy of Social Network users (HITB 2011)Marco Balduzzi
 
Insider threat webinar slides no cn
Insider threat webinar slides no cnInsider threat webinar slides no cn
Insider threat webinar slides no cnDevOps.com
 
Self-Sovereign Identity: Lightening Talk at RightsCon
Self-Sovereign Identity: Lightening Talk at RightsCon Self-Sovereign Identity: Lightening Talk at RightsCon
Self-Sovereign Identity: Lightening Talk at RightsCon Kaliya "Identity Woman" Young
 
Safe Use Of Social Networks Final Draft
Safe Use Of Social Networks Final DraftSafe Use Of Social Networks Final Draft
Safe Use Of Social Networks Final Draftravichar
 
Luncheon 2015-11-19 - Lessons Learned from Avid Life Media by Rob Davis
Luncheon 2015-11-19 - Lessons Learned from Avid Life Media by Rob DavisLuncheon 2015-11-19 - Lessons Learned from Avid Life Media by Rob Davis
Luncheon 2015-11-19 - Lessons Learned from Avid Life Media by Rob DavisNorth Texas Chapter of the ISSA
 
Security threats in social networks
Security threats in social networksSecurity threats in social networks
Security threats in social networksTannistho Ghosh
 
How to get deeper administration insights into your tenant
How to get deeper administration insights into your tenantHow to get deeper administration insights into your tenant
How to get deeper administration insights into your tenantRobert Crane
 
The Immune System of Internet
The Immune System of InternetThe Immune System of Internet
The Immune System of InternetMohit Kanwar
 
Vulnerabilidades en sitios web (english)
Vulnerabilidades en sitios web (english)Vulnerabilidades en sitios web (english)
Vulnerabilidades en sitios web (english)Miguel de la Cruz
 
Your digital identity - are you feeling lucky?
Your digital identity - are you feeling lucky?Your digital identity - are you feeling lucky?
Your digital identity - are you feeling lucky?Kirsten Thompson
 
Data mining in security: Ja'far Alqatawna
Data mining in security: Ja'far AlqatawnaData mining in security: Ja'far Alqatawna
Data mining in security: Ja'far AlqatawnaMaribel García Arenas
 
Insecure Trends in Web 2.0
Insecure Trends in Web 2.0Insecure Trends in Web 2.0
Insecure Trends in Web 2.0Ferruh Mavituna
 
Security and privacy in web
Security and privacy in webSecurity and privacy in web
Security and privacy in webMaher Alshammari
 
Info Session on Cybersecurity & Cybersecurity Study Jams
Info Session on Cybersecurity & Cybersecurity Study JamsInfo Session on Cybersecurity & Cybersecurity Study Jams
Info Session on Cybersecurity & Cybersecurity Study JamsGDSCCVR
 

Similar to Facebook security (20)

Tony Nadalin' presentation at eComm 2008
Tony Nadalin' presentation at eComm 2008Tony Nadalin' presentation at eComm 2008
Tony Nadalin' presentation at eComm 2008
 
You are the weakest link
You are the weakest linkYou are the weakest link
You are the weakest link
 
Faculty presentation 21 st december 2015
Faculty presentation 21 st december 2015Faculty presentation 21 st december 2015
Faculty presentation 21 st december 2015
 
Databasetheft 151120161435-lva1-app6891
Databasetheft 151120161435-lva1-app6891Databasetheft 151120161435-lva1-app6891
Databasetheft 151120161435-lva1-app6891
 
Attacking the Privacy of Social Network users (HITB 2011)
Attacking the Privacy of Social Network users (HITB 2011)Attacking the Privacy of Social Network users (HITB 2011)
Attacking the Privacy of Social Network users (HITB 2011)
 
Insider threat webinar slides no cn
Insider threat webinar slides no cnInsider threat webinar slides no cn
Insider threat webinar slides no cn
 
Self-Sovereign Identity: Lightening Talk at RightsCon
Self-Sovereign Identity: Lightening Talk at RightsCon Self-Sovereign Identity: Lightening Talk at RightsCon
Self-Sovereign Identity: Lightening Talk at RightsCon
 
Safe Use Of Social Networks Final Draft
Safe Use Of Social Networks Final DraftSafe Use Of Social Networks Final Draft
Safe Use Of Social Networks Final Draft
 
Luncheon 2015-11-19 - Lessons Learned from Avid Life Media by Rob Davis
Luncheon 2015-11-19 - Lessons Learned from Avid Life Media by Rob DavisLuncheon 2015-11-19 - Lessons Learned from Avid Life Media by Rob Davis
Luncheon 2015-11-19 - Lessons Learned from Avid Life Media by Rob Davis
 
Security threats in social networks
Security threats in social networksSecurity threats in social networks
Security threats in social networks
 
How to get deeper administration insights into your tenant
How to get deeper administration insights into your tenantHow to get deeper administration insights into your tenant
How to get deeper administration insights into your tenant
 
The Immune System of Internet
The Immune System of InternetThe Immune System of Internet
The Immune System of Internet
 
Security & Compliance for Startups
Security & Compliance for StartupsSecurity & Compliance for Startups
Security & Compliance for Startups
 
Vulnerabilidades en sitios web (english)
Vulnerabilidades en sitios web (english)Vulnerabilidades en sitios web (english)
Vulnerabilidades en sitios web (english)
 
Your digital identity - are you feeling lucky?
Your digital identity - are you feeling lucky?Your digital identity - are you feeling lucky?
Your digital identity - are you feeling lucky?
 
Identity Managment
Identity ManagmentIdentity Managment
Identity Managment
 
Data mining in security: Ja'far Alqatawna
Data mining in security: Ja'far AlqatawnaData mining in security: Ja'far Alqatawna
Data mining in security: Ja'far Alqatawna
 
Insecure Trends in Web 2.0
Insecure Trends in Web 2.0Insecure Trends in Web 2.0
Insecure Trends in Web 2.0
 
Security and privacy in web
Security and privacy in webSecurity and privacy in web
Security and privacy in web
 
Info Session on Cybersecurity & Cybersecurity Study Jams
Info Session on Cybersecurity & Cybersecurity Study JamsInfo Session on Cybersecurity & Cybersecurity Study Jams
Info Session on Cybersecurity & Cybersecurity Study Jams
 

More from PRESENTATIONSFORESL

More from PRESENTATIONSFORESL (20)

Filoloska edward de bono 6 hats
Filoloska edward de bono 6 hatsFiloloska edward de bono 6 hats
Filoloska edward de bono 6 hats
 
Shoes
ShoesShoes
Shoes
 
Beyonce
BeyonceBeyonce
Beyonce
 
Academy awards 2013
Academy awards 2013Academy awards 2013
Academy awards 2013
 
Japanese mythology
Japanese mythologyJapanese mythology
Japanese mythology
 
Cloud
CloudCloud
Cloud
 
Korean culture
Korean cultureKorean culture
Korean culture
 
History of cosmetics and makeup
History of cosmetics and makeupHistory of cosmetics and makeup
History of cosmetics and makeup
 
Witches
WitchesWitches
Witches
 
Women in musilm society
Women in musilm societyWomen in musilm society
Women in musilm society
 
Pablo picasso
Pablo picassoPablo picasso
Pablo picasso
 
Shoes03
Shoes03Shoes03
Shoes03
 
Beowulf
BeowulfBeowulf
Beowulf
 
Sport in serbia
Sport in serbiaSport in serbia
Sport in serbia
 
The mistery of bermuda triangle
The mistery of bermuda triangleThe mistery of bermuda triangle
The mistery of bermuda triangle
 
Beethoven
BeethovenBeethoven
Beethoven
 
Computer assisted neurosurgery
Computer assisted neurosurgeryComputer assisted neurosurgery
Computer assisted neurosurgery
 
The immune system
The immune systemThe immune system
The immune system
 
Google earth
Google earthGoogle earth
Google earth
 
Hackers
HackersHackers
Hackers
 

Facebook security

  • 1. Social Networking Security  Milos Stankovic
  • 2. Social Networking Security  Secure your Social environment.  Facebook, MySpace, My Life, Google +  Privacy and Security Settings  Do not leave settings as default  Go through the custom settings  87% of Facebook users have Friends of Friends set.  Settings change when Facebook changes  need to check these as we all know how often Facebook changes
  • 3. Social Networking Security  To whom is your information available?  Friends, groups, friends of friends, everyone  Applications – privacy policies  What’s available?  Where you are and long you will be there  “Checking in”  Vacations – I’m going to be away, so I’m not HOME!  Confidential Information Useful for:  ID Theft or answers to your secret questions  Posing as friend
  • 4. Table of Contents  Definition of social networking sites  Potential threats  Real life examples  Related work  A proposed model
  • 5. Fig. 1 Fast growing number of patent applications in social network
  • 6. Social Network Sites/Services (SNS) continued  Mimicking in-person interactions  Storing large amount of personal information  Violating the principle of least privilege  Users inclined to reveal private info/activities to someone they know  Bringing security issues
  • 7. Security issues from SNS  Accidental data release  Intentional use of private data for marketing purposes  Identity theft  Worms and viruses  And many more
  • 8. A recent famous case:  M16 chief’s wife blows his cover on Facebook  Details on where they live and work, their friends’ identities Sir John Sawer on the beach in one of the family photos
  • 9. Another case  US Marines prohibits Twitter, MySpace, Facebook. Effective immediately. (As of Aug 03, 2009 )  Will last a year.  A waiver is possible.
  • 10. Facebook’s new features Facebook: change in geography networks and new privacy features.
  • 11. Facebook Options  Facebook User  Facebook Page  Facebook Group  Open: All content is public  Closed: Limited public content; members can see all content.  Secret: Members and content are private.
  • 12. Facebook Group Problems 1. Members can add friends  Friends could add you to the new group 2. When Facebook group administrators step down, anyone else can take over  For small groups, administrators can edit  group name or info  moderate discussion  message group members
  • 13. Are there other risks?  “Checking In” shares your current location on…  Foursquare and Facebook Places  Benefits: Discounts and Offers  Risks: Confrontations and Break-ins
  • 14. Cyberbullying vs. Traditional Bullying  The perpetrator can be anonymous  The size of the audience is enormous  The perpetrator has finer access to the target  There are no non-verbal cues (gestures, tone of voice, etc.) to clarify communication  The perpetrator does not witness the harm directly – no opportunity for empathy
  • 15. Why don’t young people report it?  Adults are incapable of Technology  Young people are digital natives while adults are digital immigrants  They expected solution - “just don’t use the device or site”  Misunderstanding the importance of technology to young people
  • 16. Minimize chances of being a victim  Setting privacy settings carefully  Do NOT share passwords  Avoid websites that are designed for malicious  Be vigilant  Report abuse on websites when it occurs  Save “cyber-footprints”  Block or de-friend offenders.
  • 17. Facebook – the new background check  Employers are using social networks to screen job applicants – 91%  Screening is done early on  Facebook, Twitter, Flickr, YouTube give employers a personal view of candidates  Social Intelligence Corp., scours the Internet
  • 18. Work that is being done  Matthew M. Lucas - flyByNight  Encrypts private information  separates sensitive data from Facebook servers and public access  Users must install a javascript client  The vulnerability of the flyByNight server is unknown
  • 19. Work that is being done, cont’d  Andrew Besmer - user-to-application policy, in addition to existing user-to- user policy and default application policy  Effectively limits the applications’ access to users private information  Complex, time-consuming settings for applications may impel users to skip applying proper policies
  • 20. Facebook Security  Facebook provides easy tools to help you:  Keep track of your activity  Keep track of your logins  Control the information you share  Prove your identity if you ever lose access to your account
  • 22. A User-Server-Agent Model View Audition Log USER SERVER INDEPENDENT INVESTIGATOR (AGENT)
  • 23. A User-Server-Agent Model Audits all access  Server audits users’ activities information  Log in time, duration, IP addresses, access information  Users can view activities SERVER related to their own accounts Provides log upon  Agents can view all activities request of specified accounts
  • 24. A User-Server-Agent Model What a user sees What an agent sees Kevin’s visit Kevin visits Sara Bella’s visit Kevin visits Mike Sara’s visit Kevin visits Dave Mike’s visit Kevin visits Alice Dave’s visit . . USER INDEPENDENT . . INVESTIGATOR . . (AGENT)
  • 25. A User-Server-Agent Model Accepts Investigation Step I Requests Step III Provides Results to User Step II INDEPENDENT INVESTGATOR (AGENT) Analyze Information On server
  • 26. A User-Server-Agent Model  Agent receives decrypted request from user  Alice sends request for concern about Kevin’s activities  Agent will see “03tn90a” and “01ad53h” in stead of “Alice” and “Kevin”, in the request  Agent connects to server, asks for information on account 01ad53h  After decryption server recognizes account name is Kevin
  • 27. A User-Server-Agent Model  What action can an agent perform?  Use combined policies to detect unusual activities: IP address, multiple profiles access in a short term, inactive socializing activities  How can an agent help a user?  Simplest: suggest revoking “friend” label of malicious users  Suggest server take action on malicious accounts  Report to authorities when necessary
  • 28. Conclusion  Increasing use of SNS  Security/privacy is a big issue  User-Server-Agent model
  • 29. Future work  Investigate/watch privacy frequently  Other functions will be added
  • 30. Thank you!  Any questions..