SlideShare a Scribd company logo

Security Aspects of Social Networks at Campus Party 2010

Anchises Moraes
Anchises Moraes

Presentation that discuss the general security aspects and threats to social networking users. A brief overview of Social Network history amd statistics is also provided. This presentation took place at Campus Party Brasil, on January 2010.

Technology
1 of 22
Download to read offline
Security Aspects of Social Networks Anchises M. G. De Paula Security Intelligence Analyst iDefense, VeriSign February 25, 2010
Agenda Motivation History Future of Social Networking Current Problems Security aspects of Social Networking Source: XKCD - http://xkcd.com
Why Social Networks? Country Population (in millions) Global and cultural phenomenon 1600 1400 1200 Facebook: 400 million 1000 800 users 600 400 3th largest “country” in 200 0 the world A il a a ok sia az in di US bo In Ch ne Br ce do Fa In New attack vector for Source: Facebook, CIA phishers, fraudsters and sexual predators
Why Social Networks? New organization: “egocentric” approach Digital Identities Profiles Fakesters Source: Google
Why Security? “It’s the great irony of the Information Age that the very technologies that empower us to create and to build also empower those who would disrupt and destroy” (Barack Obama) Source: Whitehouse
History
Demographics Dominant social network vary greatly between different geographic regions Majority of the online connections between real-life friends Source: oxyweb
Future of Social Networking Virtual Currency Mobile Social Networking Sensor Networks Social TV Source: Wired
Current Problems Decentralization and Interoperability Managing Social Identities Trust and Reputation Management
Current Problems Privacy Personal data Pictures Professional information
Current Problems Privacy Personal data Pictures Professional information Content Overload
Current Problems Offense, Hate and Discrimination Child Safety and Sexual Crimes Defamation Stalking Cyber bullying Sexting
Security aspects of Social Networking Current Security Threats Identity/Password Theft Fake profiles Targeted attacks
Security aspects of Social Networking Current Security Threats Malicious Code, Viruses and Worms Spam, Phishing and Financial Fraud Malicious Programs Targeting Social Networking Sites
Security aspects of Social Networking Current Security Threats URL Shortening Hide malicious sites Source: tweetmeme
Security aspects of Social Networking Social Networks under Attack Exploit of Social Network Gadgets Security vulnerabilities Cross-site scripting (XSS) SQL injection DDoS Worms Koobface
Security aspects of Social Networking Malicious Actors Individuals Spammers and phishers Fraudsters and cyber criminals Hacktivists and terrorist groups Sexual predators
Security aspects of Social Networking Malicious Actors Terrorism Using Social Networks and Online Communities
Security aspects of Social Networking Malicious Actors Hacking communities Recruitment Information exchange Marketplace Hacker for hire
References Data Privacy Day: http://dataprivacyday2010.org Social Media Security: http://socialmediasecurity.com http://twitter.com/SocialMediaSec SocialNetworkingWatch: http://www.socialnetworkingwatch.com Security and Privacy in Social Networks Bibliography: http://www.cl.cam.ac.uk/~jcb82/sns_bib/main.html iDefense: www.idefense.com
Thank you :) Anchises M. G. De Paula http://anchisesbr.blogspot.com Twitter: @anchisesbr
Non-commercial Share Alike (by-nc-sa) This work is licensed under the Creative Commons Attribution-NonCommercial-ShareAlike 2.5 License. To view a copy of this license, visit http://creativecommons.org/licenses/by-nc-sa/2.5/ or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA

Recommended

Pr 2 presentation
Pr 2 presentationPr 2 presentation
Pr 2 presentation
Justin Davies
 
Social networks security
Social networks securitySocial networks security
Social networks security
Roman Osidach
 
A Batch-authenticated And Key Agreement Framework For P2p-based Online Social...
A Batch-authenticated And Key Agreement Framework For P2p-based Online Social...A Batch-authenticated And Key Agreement Framework For P2p-based Online Social...
A Batch-authenticated And Key Agreement Framework For P2p-based Online Social...Sahithi Naraparaju
 
Social networks and security
Social networks and securitySocial networks and security
Social networks and securityARICT
 
Interop 2011 las vegas - session se31 - rothke
Interop 2011 las vegas - session se31 - rothkeInterop 2011 las vegas - session se31 - rothke
Interop 2011 las vegas - session se31 - rothke
Ben Rothke
 
LibreSocial - P2P Framework for Social Networks - Overview
LibreSocial - P2P Framework for Social Networks - OverviewLibreSocial - P2P Framework for Social Networks - Overview
LibreSocial - P2P Framework for Social Networks - Overview
Kalman Graffi
 
Security and Trust in social media networks
Security and Trust in social media networksSecurity and Trust in social media networks
Security and Trust in social media networks
Touradj Ebrahimi
 
Social networks security risks
Social networks security risksSocial networks security risks
Social networks security risksosuhaibany
 

Recommended

Pr 2 presentation
Pr 2 presentationPr 2 presentation
Pr 2 presentation
Justin Davies
 
Social networks security
Social networks securitySocial networks security
Social networks security
Roman Osidach
 
A Batch-authenticated And Key Agreement Framework For P2p-based Online Social...
A Batch-authenticated And Key Agreement Framework For P2p-based Online Social...A Batch-authenticated And Key Agreement Framework For P2p-based Online Social...
A Batch-authenticated And Key Agreement Framework For P2p-based Online Social...Sahithi Naraparaju
 
Social networks and security
Social networks and securitySocial networks and security
Social networks and securityARICT
 
Interop 2011 las vegas - session se31 - rothke
Interop 2011 las vegas - session se31 - rothkeInterop 2011 las vegas - session se31 - rothke
Interop 2011 las vegas - session se31 - rothke
Ben Rothke
 
LibreSocial - P2P Framework for Social Networks - Overview
LibreSocial - P2P Framework for Social Networks - OverviewLibreSocial - P2P Framework for Social Networks - Overview
LibreSocial - P2P Framework for Social Networks - Overview
Kalman Graffi
 
Security and Trust in social media networks
Security and Trust in social media networksSecurity and Trust in social media networks
Security and Trust in social media networks
Touradj Ebrahimi
 
Social networks security risks
Social networks security risksSocial networks security risks
Social networks security risksosuhaibany
 
Security threats in social networks
Security threats in social networksSecurity threats in social networks
Security threats in social networks
Tannistho Ghosh
 
Security on social networks AVAST
Security on social networks AVASTSecurity on social networks AVAST
Security on social networks AVAST
Julia Szymańska
 
Utilizing Social Networks for User Model Priming: User Attitudes
Utilizing Social Networks for User Model Priming: User AttitudesUtilizing Social Networks for User Model Priming: User Attitudes
Utilizing Social Networks for User Model Priming: User AttitudesAdam Moore
 
Multiparty Access Control For Online Social Networks : Model and Mechanisms.
Multiparty Access Control For Online Social Networks : Model and Mechanisms.Multiparty Access Control For Online Social Networks : Model and Mechanisms.
Multiparty Access Control For Online Social Networks : Model and Mechanisms.
Kiran K.V.S.
 
Twitter in Disaster Mode: Security Architecture
Twitter in Disaster Mode: Security ArchitectureTwitter in Disaster Mode: Security Architecture
Twitter in Disaster Mode: Security Architecture
Theus Hossmann
 
QQ Overview
QQ OverviewQQ Overview
QQ Overview
Tien Huynh
 
DETECTION AND RECTIFICATION OF DISTORTED FINGERPRINTS
DETECTION AND RECTIFICATION OF DISTORTED FINGERPRINTS DETECTION AND RECTIFICATION OF DISTORTED FINGERPRINTS
DETECTION AND RECTIFICATION OF DISTORTED FINGERPRINTS
Nexgen Technology
 
Twitter Search Architecture
Twitter Search Architecture Twitter Search Architecture
Twitter Search Architecture
Ramez Al-Fayez
 
Facebook architecture
Facebook architectureFacebook architecture
Facebook architecture
mysqlops
 
Technology stack of social networks [MTS]
Technology stack of social networks [MTS]Technology stack of social networks [MTS]
Technology stack of social networks [MTS]
philmaweb
 
Mobile application architecture
Mobile application architectureMobile application architecture
Mobile application architecture
Christos Matskas
 
2 Security Architecture+Design
2 Security Architecture+Design2 Security Architecture+Design
2 Security Architecture+Design
Alfred Ouyang
 
TOGAF 9 - Security Architecture Ver1 0
TOGAF 9 - Security Architecture Ver1 0TOGAF 9 - Security Architecture Ver1 0
TOGAF 9 - Security Architecture Ver1 0
Maganathin Veeraragaloo
 
Building Secure Open & Distributed Social Networks
Building Secure Open & Distributed Social NetworksBuilding Secure Open & Distributed Social Networks
Building Secure Open & Distributed Social Networks
Henry Story
 
Risk-driven and Business-outcome-focused Enterprise Security Architecture Fra...
Risk-driven and Business-outcome-focused Enterprise Security Architecture Fra...Risk-driven and Business-outcome-focused Enterprise Security Architecture Fra...
Risk-driven and Business-outcome-focused Enterprise Security Architecture Fra...
Craig Martin
 
Scaling Twitter
Scaling TwitterScaling Twitter
Scaling Twitter
Blaine
 
Facebook Architecture - Breaking it Open
Facebook Architecture - Breaking it OpenFacebook Architecture - Breaking it Open
Facebook Architecture - Breaking it Open
HARMAN Services
 
Enterprise Security Architecture
Enterprise Security ArchitectureEnterprise Security Architecture
Enterprise Security Architecture
Kris Kimmerle
 
Post pandemics threat scenario
Post pandemics threat scenarioPost pandemics threat scenario
Post pandemics threat scenario
Anchises Moraes
 
Como se proteger na internet
Como se proteger na internetComo se proteger na internet
Como se proteger na internet
Anchises Moraes
 
Fatos, mitos e palpites do cenário de segurança pós-pandemia
Fatos, mitos e palpites do cenário de segurança pós-pandemiaFatos, mitos e palpites do cenário de segurança pós-pandemia
Fatos, mitos e palpites do cenário de segurança pós-pandemia
Anchises Moraes
 
A Case Study of the Capital One Data Breach
A Case Study of the Capital One Data BreachA Case Study of the Capital One Data Breach
A Case Study of the Capital One Data Breach
Anchises Moraes
 

More Related Content

Viewers also liked

Security threats in social networks
Security threats in social networksSecurity threats in social networks
Security threats in social networks
Tannistho Ghosh
 
Security on social networks AVAST
Security on social networks AVASTSecurity on social networks AVAST
Security on social networks AVAST
Julia Szymańska
 
Utilizing Social Networks for User Model Priming: User Attitudes
Utilizing Social Networks for User Model Priming: User AttitudesUtilizing Social Networks for User Model Priming: User Attitudes
Utilizing Social Networks for User Model Priming: User AttitudesAdam Moore
 
Multiparty Access Control For Online Social Networks : Model and Mechanisms.
Multiparty Access Control For Online Social Networks : Model and Mechanisms.Multiparty Access Control For Online Social Networks : Model and Mechanisms.
Multiparty Access Control For Online Social Networks : Model and Mechanisms.
Kiran K.V.S.
 
Twitter in Disaster Mode: Security Architecture
Twitter in Disaster Mode: Security ArchitectureTwitter in Disaster Mode: Security Architecture
Twitter in Disaster Mode: Security Architecture
Theus Hossmann
 
QQ Overview
QQ OverviewQQ Overview
QQ Overview
Tien Huynh
 
DETECTION AND RECTIFICATION OF DISTORTED FINGERPRINTS
DETECTION AND RECTIFICATION OF DISTORTED FINGERPRINTS DETECTION AND RECTIFICATION OF DISTORTED FINGERPRINTS
DETECTION AND RECTIFICATION OF DISTORTED FINGERPRINTS
Nexgen Technology
 
Twitter Search Architecture
Twitter Search Architecture Twitter Search Architecture
Twitter Search Architecture
Ramez Al-Fayez
 
Facebook architecture
Facebook architectureFacebook architecture
Facebook architecture
mysqlops
 
Technology stack of social networks [MTS]
Technology stack of social networks [MTS]Technology stack of social networks [MTS]
Technology stack of social networks [MTS]
philmaweb
 
Mobile application architecture
Mobile application architectureMobile application architecture
Mobile application architecture
Christos Matskas
 
2 Security Architecture+Design
2 Security Architecture+Design2 Security Architecture+Design
2 Security Architecture+Design
Alfred Ouyang
 
TOGAF 9 - Security Architecture Ver1 0
TOGAF 9 - Security Architecture Ver1 0TOGAF 9 - Security Architecture Ver1 0
TOGAF 9 - Security Architecture Ver1 0
Maganathin Veeraragaloo
 
Building Secure Open & Distributed Social Networks
Building Secure Open & Distributed Social NetworksBuilding Secure Open & Distributed Social Networks
Building Secure Open & Distributed Social Networks
Henry Story
 
Risk-driven and Business-outcome-focused Enterprise Security Architecture Fra...
Risk-driven and Business-outcome-focused Enterprise Security Architecture Fra...Risk-driven and Business-outcome-focused Enterprise Security Architecture Fra...
Risk-driven and Business-outcome-focused Enterprise Security Architecture Fra...
Craig Martin
 
Scaling Twitter
Scaling TwitterScaling Twitter
Scaling Twitter
Blaine
 
Facebook Architecture - Breaking it Open
Facebook Architecture - Breaking it OpenFacebook Architecture - Breaking it Open
Facebook Architecture - Breaking it Open
HARMAN Services
 
Enterprise Security Architecture
Enterprise Security ArchitectureEnterprise Security Architecture
Enterprise Security Architecture
Kris Kimmerle
 

Viewers also liked (18)

Security threats in social networks
Security threats in social networksSecurity threats in social networks
Security threats in social networks
 
Security on social networks AVAST
Security on social networks AVASTSecurity on social networks AVAST
Security on social networks AVAST
 
Utilizing Social Networks for User Model Priming: User Attitudes
Utilizing Social Networks for User Model Priming: User AttitudesUtilizing Social Networks for User Model Priming: User Attitudes
Utilizing Social Networks for User Model Priming: User Attitudes
 
Multiparty Access Control For Online Social Networks : Model and Mechanisms.
Multiparty Access Control For Online Social Networks : Model and Mechanisms.Multiparty Access Control For Online Social Networks : Model and Mechanisms.
Multiparty Access Control For Online Social Networks : Model and Mechanisms.
 
Twitter in Disaster Mode: Security Architecture
Twitter in Disaster Mode: Security ArchitectureTwitter in Disaster Mode: Security Architecture
Twitter in Disaster Mode: Security Architecture
 
QQ Overview
QQ OverviewQQ Overview
QQ Overview
 
DETECTION AND RECTIFICATION OF DISTORTED FINGERPRINTS
DETECTION AND RECTIFICATION OF DISTORTED FINGERPRINTS DETECTION AND RECTIFICATION OF DISTORTED FINGERPRINTS
DETECTION AND RECTIFICATION OF DISTORTED FINGERPRINTS
 
Twitter Search Architecture
Twitter Search Architecture Twitter Search Architecture
Twitter Search Architecture
 
Facebook architecture
Facebook architectureFacebook architecture
Facebook architecture
 
Technology stack of social networks [MTS]
Technology stack of social networks [MTS]Technology stack of social networks [MTS]
Technology stack of social networks [MTS]
 
Mobile application architecture
Mobile application architectureMobile application architecture
Mobile application architecture
 
2 Security Architecture+Design
2 Security Architecture+Design2 Security Architecture+Design
2 Security Architecture+Design
 
TOGAF 9 - Security Architecture Ver1 0
TOGAF 9 - Security Architecture Ver1 0TOGAF 9 - Security Architecture Ver1 0
TOGAF 9 - Security Architecture Ver1 0
 
Building Secure Open & Distributed Social Networks
Building Secure Open & Distributed Social NetworksBuilding Secure Open & Distributed Social Networks
Building Secure Open & Distributed Social Networks
 
Risk-driven and Business-outcome-focused Enterprise Security Architecture Fra...
Risk-driven and Business-outcome-focused Enterprise Security Architecture Fra...Risk-driven and Business-outcome-focused Enterprise Security Architecture Fra...
Risk-driven and Business-outcome-focused Enterprise Security Architecture Fra...
 
Scaling Twitter
Scaling TwitterScaling Twitter
Scaling Twitter
 
Facebook Architecture - Breaking it Open
Facebook Architecture - Breaking it OpenFacebook Architecture - Breaking it Open
Facebook Architecture - Breaking it Open
 
Enterprise Security Architecture
Enterprise Security ArchitectureEnterprise Security Architecture
Enterprise Security Architecture
 

More from Anchises Moraes

Post pandemics threat scenario
Post pandemics threat scenarioPost pandemics threat scenario
Post pandemics threat scenario
Anchises Moraes
 
Como se proteger na internet
Como se proteger na internetComo se proteger na internet
Como se proteger na internet
Anchises Moraes
 
Fatos, mitos e palpites do cenário de segurança pós-pandemia
Fatos, mitos e palpites do cenário de segurança pós-pandemiaFatos, mitos e palpites do cenário de segurança pós-pandemia
Fatos, mitos e palpites do cenário de segurança pós-pandemia
Anchises Moraes
 
A Case Study of the Capital One Data Breach
A Case Study of the Capital One Data BreachA Case Study of the Capital One Data Breach
A Case Study of the Capital One Data Breach
Anchises Moraes
 
Vamos caçar bugs!?
Vamos caçar bugs!?Vamos caçar bugs!?
Vamos caçar bugs!?
Anchises Moraes
 
Praticas de gestão de segurança
Praticas de gestão de segurançaPraticas de gestão de segurança
Praticas de gestão de segurança
Anchises Moraes
 
Ciber crime e desafios de segurança durante uma pandemia e home office
Ciber crime e desafios de segurança durante uma pandemia e home officeCiber crime e desafios de segurança durante uma pandemia e home office
Ciber crime e desafios de segurança durante uma pandemia e home office
Anchises Moraes
 
Cyber Cultura em tempos de Coronavírus
Cyber Cultura em tempos de CoronavírusCyber Cultura em tempos de Coronavírus
Cyber Cultura em tempos de Coronavírus
Anchises Moraes
 
Hunting bugs - C0r0n4con
Hunting bugs - C0r0n4conHunting bugs - C0r0n4con
Hunting bugs - C0r0n4con
Anchises Moraes
 
Fintechs e os desafios de segurança
Fintechs e os desafios de segurançaFintechs e os desafios de segurança
Fintechs e os desafios de segurança
Anchises Moraes
 
5 passos para a Lei Geral de Proteção de Dados (LGPD) - CryptoRave 2019
5 passos para a Lei Geral de Proteção de Dados (LGPD) - CryptoRave 20195 passos para a Lei Geral de Proteção de Dados (LGPD) - CryptoRave 2019
5 passos para a Lei Geral de Proteção de Dados (LGPD) - CryptoRave 2019
Anchises Moraes
 
Segurança além do Pentest
Segurança além do PentestSegurança além do Pentest
Segurança além do Pentest
Anchises Moraes
 
Só o Pentest não resolve!
Só o Pentest não resolve!Só o Pentest não resolve!
Só o Pentest não resolve!
Anchises Moraes
 
Carreira em Segurança da Informação
Carreira em Segurança da InformaçãoCarreira em Segurança da Informação
Carreira em Segurança da Informação
Anchises Moraes
 
IoT Fofoqueiro
IoT FofoqueiroIoT Fofoqueiro
IoT Fofoqueiro
Anchises Moraes
 
Carta de oposição ao Sindpd 2018
Carta de oposição ao Sindpd 2018Carta de oposição ao Sindpd 2018
Carta de oposição ao Sindpd 2018
Anchises Moraes
 
Segurança na Internet
Segurança na InternetSegurança na Internet
Segurança na Internet
Anchises Moraes
 
Como se tornar um Jedi na área de Segurança
Como se tornar um Jedi na área de SegurançaComo se tornar um Jedi na área de Segurança
Como se tornar um Jedi na área de Segurança
Anchises Moraes
 
Deep Web e Ciber Crime
Deep Web e Ciber CrimeDeep Web e Ciber Crime
Deep Web e Ciber Crime
Anchises Moraes
 
É possível existir segurança para IoT?
É possível existir segurança para IoT?É possível existir segurança para IoT?
É possível existir segurança para IoT?
Anchises Moraes
 

More from Anchises Moraes (20)

Post pandemics threat scenario
Post pandemics threat scenarioPost pandemics threat scenario
Post pandemics threat scenario
 
Como se proteger na internet
Como se proteger na internetComo se proteger na internet
Como se proteger na internet
 
Fatos, mitos e palpites do cenário de segurança pós-pandemia
Fatos, mitos e palpites do cenário de segurança pós-pandemiaFatos, mitos e palpites do cenário de segurança pós-pandemia
Fatos, mitos e palpites do cenário de segurança pós-pandemia
 
A Case Study of the Capital One Data Breach
A Case Study of the Capital One Data BreachA Case Study of the Capital One Data Breach
A Case Study of the Capital One Data Breach
 
Vamos caçar bugs!?
Vamos caçar bugs!?Vamos caçar bugs!?
Vamos caçar bugs!?
 
Praticas de gestão de segurança
Praticas de gestão de segurançaPraticas de gestão de segurança
Praticas de gestão de segurança
 
Ciber crime e desafios de segurança durante uma pandemia e home office
Ciber crime e desafios de segurança durante uma pandemia e home officeCiber crime e desafios de segurança durante uma pandemia e home office
Ciber crime e desafios de segurança durante uma pandemia e home office
 
Cyber Cultura em tempos de Coronavírus
Cyber Cultura em tempos de CoronavírusCyber Cultura em tempos de Coronavírus
Cyber Cultura em tempos de Coronavírus
 
Hunting bugs - C0r0n4con
Hunting bugs - C0r0n4conHunting bugs - C0r0n4con
Hunting bugs - C0r0n4con
 
Fintechs e os desafios de segurança
Fintechs e os desafios de segurançaFintechs e os desafios de segurança
Fintechs e os desafios de segurança
 
5 passos para a Lei Geral de Proteção de Dados (LGPD) - CryptoRave 2019
5 passos para a Lei Geral de Proteção de Dados (LGPD) - CryptoRave 20195 passos para a Lei Geral de Proteção de Dados (LGPD) - CryptoRave 2019
5 passos para a Lei Geral de Proteção de Dados (LGPD) - CryptoRave 2019
 
Segurança além do Pentest
Segurança além do PentestSegurança além do Pentest
Segurança além do Pentest
 
Só o Pentest não resolve!
Só o Pentest não resolve!Só o Pentest não resolve!
Só o Pentest não resolve!
 
Carreira em Segurança da Informação
Carreira em Segurança da InformaçãoCarreira em Segurança da Informação
Carreira em Segurança da Informação
 
IoT Fofoqueiro
IoT FofoqueiroIoT Fofoqueiro
IoT Fofoqueiro
 
Carta de oposição ao Sindpd 2018
Carta de oposição ao Sindpd 2018Carta de oposição ao Sindpd 2018
Carta de oposição ao Sindpd 2018
 
Segurança na Internet
Segurança na InternetSegurança na Internet
Segurança na Internet
 
Como se tornar um Jedi na área de Segurança
Como se tornar um Jedi na área de SegurançaComo se tornar um Jedi na área de Segurança
Como se tornar um Jedi na área de Segurança
 
Deep Web e Ciber Crime
Deep Web e Ciber CrimeDeep Web e Ciber Crime
Deep Web e Ciber Crime
 
É possível existir segurança para IoT?
É possível existir segurança para IoT?É possível existir segurança para IoT?
É possível existir segurança para IoT?
 

Recently uploaded

The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
Jemma Hussein Allen
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
BookNet Canada
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance
 
Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical Futures
Bhaskar Mitra
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
Elena Simperl
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi
Fwdays
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
Laura Byrne
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
DianaGray10
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
Thijs Feryn
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Thierry Lestable
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Product School
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
Product School
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 
ODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User Group
CatarinaPereira64715
 

Recently uploaded (20)

The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
 
Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical Futures
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
ODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User Group
 

Security Aspects of Social Networks at Campus Party 2010

  • 1. Security Aspects of Social Networks Anchises M. G. De Paula Security Intelligence Analyst iDefense, VeriSign February 25, 2010
  • 2. Agenda Motivation History Future of Social Networking Current Problems Security aspects of Social Networking Source: XKCD - http://xkcd.com
  • 3. Why Social Networks? Country Population (in millions) Global and cultural phenomenon 1600 1400 1200 Facebook: 400 million 1000 800 users 600 400 3th largest “country” in 200 0 the world A il a a ok sia az in di US bo In Ch ne Br ce do Fa In New attack vector for Source: Facebook, CIA phishers, fraudsters and sexual predators
  • 4. Why Social Networks? New organization: “egocentric” approach Digital Identities Profiles Fakesters Source: Google
  • 5. Why Security? “It’s the great irony of the Information Age that the very technologies that empower us to create and to build also empower those who would disrupt and destroy” (Barack Obama) Source: Whitehouse
  • 7. Demographics Dominant social network vary greatly between different geographic regions Majority of the online connections between real-life friends Source: oxyweb
  • 8. Future of Social Networking Virtual Currency Mobile Social Networking Sensor Networks Social TV Source: Wired
  • 9. Current Problems Decentralization and Interoperability Managing Social Identities Trust and Reputation Management
  • 10. Current Problems Privacy Personal data Pictures Professional information
  • 11. Current Problems Privacy Personal data Pictures Professional information Content Overload
  • 12. Current Problems Offense, Hate and Discrimination Child Safety and Sexual Crimes Defamation Stalking Cyber bullying Sexting
  • 13. Security aspects of Social Networking Current Security Threats Identity/Password Theft Fake profiles Targeted attacks
  • 14. Security aspects of Social Networking Current Security Threats Malicious Code, Viruses and Worms Spam, Phishing and Financial Fraud Malicious Programs Targeting Social Networking Sites
  • 15. Security aspects of Social Networking Current Security Threats URL Shortening Hide malicious sites Source: tweetmeme
  • 16. Security aspects of Social Networking Social Networks under Attack Exploit of Social Network Gadgets Security vulnerabilities Cross-site scripting (XSS) SQL injection DDoS Worms Koobface
  • 17. Security aspects of Social Networking Malicious Actors Individuals Spammers and phishers Fraudsters and cyber criminals Hacktivists and terrorist groups Sexual predators
  • 18. Security aspects of Social Networking Malicious Actors Terrorism Using Social Networks and Online Communities
  • 19. Security aspects of Social Networking Malicious Actors Hacking communities Recruitment Information exchange Marketplace Hacker for hire
  • 20. References Data Privacy Day: http://dataprivacyday2010.org Social Media Security: http://socialmediasecurity.com http://twitter.com/SocialMediaSec SocialNetworkingWatch: http://www.socialnetworkingwatch.com Security and Privacy in Social Networks Bibliography: http://www.cl.cam.ac.uk/~jcb82/sns_bib/main.html iDefense: www.idefense.com
  • 21. Thank you :) Anchises M. G. De Paula http://anchisesbr.blogspot.com Twitter: @anchisesbr
  • 22. Non-commercial Share Alike (by-nc-sa) This work is licensed under the Creative Commons Attribution-NonCommercial-ShareAlike 2.5 License. To view a copy of this license, visit http://creativecommons.org/licenses/by-nc-sa/2.5/ or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA