Your SlideShare is downloading. ×
Facebook security
Upcoming SlideShare
Loading in...5

Thanks for flagging this SlideShare!

Oops! An error has occurred.

Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Facebook security


Published on

Prezentacija studenta sa Računarskog fakulteta u Beogradu

Prezentacija studenta sa Računarskog fakulteta u Beogradu

  • Be the first to comment

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

No notes for slide


  • 1. Social Networking Security  Milos Stankovic
  • 2. Social Networking Security Secure your Social environment.  Facebook, MySpace, My Life, Google + Privacy and Security Settings  Do not leave settings as default  Go through the custom settings  87% of Facebook users have Friends of Friends set.  Settings change when Facebook changes  need to check these as we all know how often Facebook changes
  • 3. Social Networking Security To whom is your information available?  Friends, groups, friends of friends, everyone  Applications – privacy policies What’s available?  Where you are and long you will be there  “Checking in”  Vacations – I’m going to be away, so I’m not HOME!  Confidential Information Useful for:  ID Theft or answers to your secret questions  Posing as friend
  • 4. Table of Contents Definition of social networking sites Potential threats Real life examples Related work A proposed model
  • 5. Fig. 1 Fast growing number of patent applications in social network
  • 6. Social Network Sites/Services (SNS)continued Mimicking in-person interactions Storing large amount of personal information  Violating the principle of least privilege  Users inclined to reveal private info/activities to someone they know Bringing security issues
  • 7. Security issues from SNS Accidental data release Intentional use of private data for marketing purposes Identity theft Worms and viruses And many more
  • 8. A recent famous case: M16 chief’s wife blows his cover on Facebook Details on where they live and work, their friends’ identities Sir John Sawer on the beach in one of the family photos
  • 9. Another case US Marines prohibits Twitter, MySpace, Facebook. Effective immediately. (As of Aug 03, 2009 ) Will last a year. A waiver is possible.
  • 10. Facebook’s new featuresFacebook: change in geographynetworks and new privacy features.
  • 11. Facebook Options Facebook User Facebook Page Facebook Group  Open: All content is public  Closed: Limited public content; members can see all content.  Secret: Members and content are private.
  • 12. Facebook Group Problems1. Members can add friends  Friends could add you to the new group2. When Facebook group administrators step down, anyone else can take over  For small groups, administrators can edit  group name or info  moderate discussion  message group members
  • 13. Are there other risks? “Checking In” shares your current location on…  Foursquare and Facebook Places Benefits: Discounts and Offers Risks: Confrontations and Break-ins
  • 14. Cyberbullying vs. TraditionalBullying  The perpetrator can be anonymous  The size of the audience is enormous  The perpetrator has finer access to the target  There are no non-verbal cues (gestures, tone of voice, etc.) to clarify communication  The perpetrator does not witness the harm directly – no opportunity for empathy
  • 15. Why don’t young people report it? Adults are incapable of Technology Young people are digital natives while adults are digital immigrants They expected solution - “just don’t use the device or site” Misunderstanding the importance of technology to young people
  • 16. Minimize chances of being avictim  Setting privacy settings carefully  Do NOT share passwords  Avoid websites that are designed for malicious  Be vigilant  Report abuse on websites when it occurs  Save “cyber-footprints”  Block or de-friend offenders.
  • 17. Facebook – the newbackground check  Employers are using social networks to screen job applicants – 91%  Screening is done early on  Facebook, Twitter, Flickr, YouTube give employers a personal view of candidates  Social Intelligence Corp., scours the Internet
  • 18. Work that is being done Matthew M. Lucas - flyByNight Encrypts private information separates sensitive data from Facebook servers and public access Users must install a javascript client The vulnerability of the flyByNight server is unknown
  • 19. Work that is being done, cont’d Andrew Besmer - user-to-application policy, in addition to existing user-to- user policy and default application policy Effectively limits the applications’ access to users private information Complex, time-consuming settings for applications may impel users to skip applying proper policies
  • 20. Facebook Security Facebook provides easy tools to help you:  Keep track of your activity  Keep track of your logins  Control the information you share  Prove your identity if you ever lose access to your account
  • 21. Facebook Security Tips
  • 22. A User-Server-Agent Model View Audition Log USER SERVER INDEPENDENT INVESTIGATOR (AGENT)
  • 23. A User-Server-Agent Model Audits all access Server audits users’ activities information  Log in time, duration, IP addresses, access information Users can view activities SERVER related to their own accounts Provides log upon Agents can view all activities request of specified accounts
  • 24. A User-Server-Agent ModelWhat a user sees What an agent sees Kevin’s visit Kevin visits Sara Bella’s visit Kevin visits Mike Sara’s visit Kevin visits Dave Mike’s visit Kevin visits Alice Dave’s visit . .USER INDEPENDENT . . INVESTIGATOR . . (AGENT)
  • 25. A User-Server-Agent Model Accepts Investigation Step I Requests Step III Provides Results to User Step II INDEPENDENT INVESTGATOR (AGENT) Analyze Information On server
  • 26. A User-Server-Agent Model Agent receives decrypted request from user  Alice sends request for concern about Kevin’s activities  Agent will see “03tn90a” and “01ad53h” in stead of “Alice” and “Kevin”, in the request Agent connects to server, asks for information on account 01ad53h After decryption server recognizes account name is Kevin
  • 27. A User-Server-Agent Model What action can an agent perform?  Use combined policies to detect unusual activities: IP address, multiple profiles access in a short term, inactive socializing activities How can an agent help a user?  Simplest: suggest revoking “friend” label of malicious users  Suggest server take action on malicious accounts  Report to authorities when necessary
  • 28. Conclusion Increasing use of SNS Security/privacy is a big issue User-Server-Agent model
  • 29. Future work Investigate/watch privacy frequently Other functions will be added
  • 30. Thank you! Any questions..