Sharing Information Risks Unsecured links Viruses Tools Third-party applications Social engineering attacks Identity assumption
Sharing Information Risks Unsecured links Shared unsecured links that may contain viruses malware or just impropriate content This problem evolved with the URL shorteningSolutions Stopping spam is not easy. Most sites have a “report spam/abuse” addresses. Spammers, however, frequently change their address from one throw-away account to another. In order to fight spam within URL shortened links ,most social networks perform checks by its servers and warn the user if the link is spam before directing to it
Sharing Information Risks Viruses Social networks are the ideal targets for attackers who want to have the most impact with the least effort. By creating a virus and embedding it in a website or a third-party application, an attacker can potentially infect millions of computers.Example On Jan 2012 Twitter users were tricked into clicking a link and sent to a website designed to download malware called System Security which is a fake antivirus product that is designed to trick the user into buying it by using scare tactics such as fake scanning results.Solutions Facebook and Twitter are trying to protect their users by implementing defense mechanisms and shutting down pages, apps and accounts that can be deemed as harmful to user computer . Facebook also teamed up with security firms to offer five anti-virus software that users can download associated with their accounts with offers up to six months of free security coverage. Users are still responsible for keeping their ant viruses up-to-date.
Sharing Information Risks Tools Attackers may use tools that allow them to take control of a user’s account. pose as that user and post malicious content.Example Facebook tools also known as cheat engines are used to grant illegal access to the hacker so that they can act on user behalf.Solutions Proactive defense mechanisms should be set on computers and file servers to detect and block suspicious activity caused by emerging malware No high security level achieved as more tools are developed everyday
Sharing Information Risks Third-party applications Some social networking services may allow adding third-party applications. Even if an application does not contain malicious code, it might access information in profiles without permission. This information could then be used in a variety of ways, such as tailoring advertisements, performing market research, sending spam email, or accessing user contactsSolutions Most social networks manage third party applications permission or ask user to permit the application to access their information on their own responsibility , for example unofficial twitter and Facebook mobile applications needs to authenticate before it can deal with user accounts. connecting with a middle interface that delivers a unique key for each username and password allowing the third party application to see only a generated key by the social network itself rather than the actual username and password keeping them safe.
Sharing Information Risks Social engineering attacks Attackers may send an email or post a comment that appears to originate from a trusted social networking service or user. The message may contain a malicious URL or a request for personal information.Example For example a page that looks exactly like Facebook or twitter settings page asking the user to confirm a setting by providing secure information such as passwords SEA Recommendation Demographic Visitor Tracking
Social engineering attacksStrong Ties:Show a potential connection between two users only if there is a strong connectionbetween them such as the fact that user already have some friends in common.Monitor new accounts:Closely monitor friendships that have been established newly .For example benign usermay be contacted by people and also actively search and add friends on the network.However in contrast the attacker only receive friend requests from other users , it may bepossible to indentify the attackers automatically.CAPTCHA:CAPTCHA usage also needs to be extended to incoming friend requests. By requiring tosolve a CAPTCHA challenge before being able to accept suspicious incoming friend requestor message raise the difficulty bar for attackers.
Sharing Information Risks Identity assumption Attackers may be able to gather enough personal information from social Networking services to assume user and guess password reminder questions for email, credit card, or bank accountsSolutions These type of threats are the responsibility of the user more than the social network service provider (Behavioral Solutions), for example the social network may require a password with certain number of characters , but in the end the social network cannot control the user behavior and permissions granted by user and consequently cannot fight identity assumption or abusing of public data. Its recommended that users implement security measures and take general security precautions to reduce the risk of compromise
Identity assumptionSolutions cont’d •Use strong passwords, and use a unique password for each service. •Keep anti-virus software up to date. •Install software updates in a timely manner, particularly updates that affect web browsers. •Use strong privacy and security settings and remember that these services may change their options periodically, so regularly evaluate your security and privacy settings, looking for changes and ensuring that your selections are still appropriate. •Avoid suspicious third-party applications •Treat everything as public .This recommendation applies not only to information in your user profile, but also to any comments or photos you post.
Identity theftPublic figures identity theft is very serious as it may influence their audiencein a bad way.Facebook focused on unique names , for example it doesn’t allow a user tohave the exact name of a public figure (ie: mahmod darwesh)Twitter began offering verified accounts back in 2009, guaranteeing theauthenticity of its well known users. 2012 Facebook will soon provide verified celebrity accounts.However Public figures are not safe onSocial networks from posting on theirBehalf and spreading rumors .
Take Care Business data Posting sensitive information intended only for internal company use on a social networking service can have serious consequences. Professional reputation Inappropriate photos or content on a social networking service may threaten a user’s educational and career prospects. Personal relationships According to a survey conducted by Retrevo, ―32 percent of people who post on a social networking site regret they shared information so openly Personal safety You may compromise your personal security and safety by posting certain types of information on social networking services. For example, revealing that you will be away from home
Take CareEnable SSL EncryptionIn the past, Facebook used HTTPS--Hypertext Transfer Protocol Secure--only whenyou entered your password. Facebook now applies Secure Socket Layer encryption, and it is strongly recommended if you use public computers or access points,such as at coffee shops, airports or libraries.Be Wary of Information You Shareits recommended to opt out of the feature that lets you--and your friends--check you into places. Heres how to find this setting.
Take CareBe Wary of Information You Shareits recommended to opt out of the feature that lets you--and your friends--check you into places. Heres how to find this setting.hackers use your location data notjust for physical-world attackssuch as stalking and robbery, butfor social-engineering attacks,too. One example of this:messaging you to say, "Hey, I metyou at XYZ conference last week,"in order to obtain moreinformation or promote amalicious link.
Take CareUse Applications and Games SparinglyFacebook has since put a number of safety protocols, such as AppPasswords, in place to better vet their apps and ensure security.also recommends carefully reviewing the permissions granted toFacebook apps before you install and use them.
Take CareLog Out of Facebook When Youre DoneWhen youre finished browsing Facebook, be sure you log out, to preventthreats, such as Like jacking, that leverage logged-in sessions to Facebook,"Like jacking is a form of click jacking, or the malicious technique of trickingusers into posting a status update for a site they did not intentionally meanto "like.“ If you have forgotten to log out of Facebook from a computer or mobile device, you can do so remotely. From your Account Settings page, click the "Security" tab on the left. Select "Edit" next to Active Sessions.
Take Care1. Choose a Strong password2. Know where you’re typing your password3. Use Twitter’s HTTPS option