SlideShare a Scribd company logo

Social Networks - The Good and the Bad

Xavier Mertens
Xavier Mertens

This presentation gives an overview of how social networks are used in companies and what are the risks associated with them. Some actions points are proposed to mitigate those risks.

1 of 40
Social Networks The Good and The Bad Beltug Security SIG 2012 - Xavier Mertens
$ whoami • Xavier Mertens (@xme) • Security Consultant • CISSP, CISA, CeH • Security Blogger • Volunteer for security projects:
$ cat disclaimer.txt “The opinions expressed in this presentation are those of the speaker and do not reflect those of past, present or future employers, partners or customers”
Agenda • Definitions & Common Usages • Nightmare Stories • Risks • Actions!
Definition & Common Usages
Some Facts • Technology changed the way people communicate • “Usage of social networks by the Fortune 500 companies has seen an explosive growth in 2010 with 83% of the companies using at least one of the social media sites” • The usage of blogs has also increased by 50% (corporate blogs) • Around 34% have developed policies to govern blogging by their employees (Source: socialtimes.com)
Nothing New! (Source: idfive.com)
Do You Know Them?
In Belgium? (Source: google.com/addplanner)
Definition? “Social network sites are defined as web- based services that allow individuals or organizations to construct a public or semi- public profile within a bounded system, articulate a list of other users with whom they share a connection, and view and traverse their list of connections and those made by others within the system. ”
Common Usages • Communication about company & brands (marketing) • Live support • Technology & competition follow-up • Human Resources
Marketing • Social Networks give a sense of “dynamic” company • Direct Reach / Close to customers. • Extended circle of contacts at low costs • Personal touch
Live Support • Close contact with customers • Low Costs • Give a sense of “Real time”
Follow Up • What are doing my competitors? • What’s new in my field of activity? • Almost real-time news trending
Human Resources • “Hire” & “Fire” • Online recruiting • Employees screening
And you as individual? • Split your personal and professional activities • Use a disclaimer: “My Tweets reflect my personal opinion”
Nightmare Stories
Barbara Streisand The “Streisand Effect” is a primarily online phenomenon in which an attempt to hide or remove a piece of information has the unintended consequence of publicizing the information more widely.
The Belgian Jeweler In 2009, a Belgian Jeweler made a buzz with Belgian Twitter users with a complete misunderstanding of the social networks impacts.
Domino’s Pizza A Domino’s Pizza employee inserted nasal mucus on pizza’s. He was fired but video was posted on Youtube. 250.000+ views!
Koobface • Multi-platform worm that targeted Facebook users • First reported in 2009 • Botnet, DNS filter, Proxy feature
Risks
Malware & Viruses • Corporate devices used to access Social Networks • They are based on Web technologies. All known attacks are usable (see the OWASP Top-10) • URL shorteners / QRcodes (“click”- generation)
Wasted Resources • In big companies, usage of Social Network can waste a lot of bandwidth! Example: Facebook on a network of 10000+ users: 200GB/day • Waste of time by employees • Peak of wasted resources during popular events
“Users” • Users remain the weakest link • Facebook password same as Active Directory password? • Attackers use breaking news • How many “friends” are really friends?
Mobiles & Apps • People use mobile devices to access Social Networks • Suspicious browser extensions or 3rd party apps
Data Leak • People might post confidential information • Intentional or not! • Data Extrusion • Bypass regular communication channels (Skype)
Fake Accounts • Typo-squatting • Cyber-squatting
Social Engineering • All information to conduct a social engineering attack is already online • Google is your best friend • Tools like Maltego are gold mines
Degraded Brand Image • It takes years to build a brand image • It takes minutes to kill it!
Data Resilience • Once posted, it’s indexed! • Are removed data really deleted?
Reputation & Legal Liability • Disgruntled employees • “My boss is a bastard!” • “I’m pissed off by this f*cking job...” • Employers could be held responsible for failing to protect employees from accessing “sensitive” material.
Actions!
Official Support • Information can’t be published by employee self-initiative • Social Media must be defined as a regular communication channel with rules & guidelines
Monitor Your Brand • Even if not used immediately, register your account (if not too late!) • Google Alerts • Commercial services (buzzcapture.com) • Monitoring tools
Local Policies • No Social Networks access from business critical environments. • Restrict Social Networks access (“read-only”). • Modern firewalls may filter based on domains
Remote Policies • Read carefully the Social Networks policies • Follow updates & fix your profiles (Ex: LinkedIn can use your profile picture) • Similarities with cloud services
Security Awareness • Add Social Networks to your existing security awareness program. • “What employers and employees need to know.”
pastebin.com • pastebin.com is a website where people can anonymously post “pasties” (data) • Track monitoring about your company (Example: IP’s, domain names)
Thank You! Q&A? http://blog.rootshell.be http://twitter.com/xme

Recommended

Social networking ... Boon or a Bane
Social networking ... Boon or a Bane Social networking ... Boon or a Bane
Social networking ... Boon or a Bane
Nivesh Yadav
 
Social networking boon or a bane
Social networking boon or a baneSocial networking boon or a bane
Social networking boon or a bane
Abhishek Sharma
 
Social Media for Job Searching
Social Media for Job SearchingSocial Media for Job Searching
Social Media for Job Searching
University of Sussex, Careers & Employability Centre
 
Social media
Social mediaSocial media
Social media
loveleen lekh
 
social media
social mediasocial media
social mediaAkhil Kumar
 
Social Media & Networking - Boon or Bane?
Social Media & Networking - Boon or Bane?Social Media & Networking - Boon or Bane?
Social Media & Networking - Boon or Bane?
Yash Mittal
 
SOCIAL NETWORK - BOON OR BANE?
SOCIAL NETWORK - BOON OR BANE?SOCIAL NETWORK - BOON OR BANE?
SOCIAL NETWORK - BOON OR BANE?
Sudip Ghose
 
Social Media Boon or curse?
Social Media Boon or curse?Social Media Boon or curse?
Social Media Boon or curse?
Mayur Tank
 

Recommended

Social networking ... Boon or a Bane
Social networking ... Boon or a Bane Social networking ... Boon or a Bane
Social networking ... Boon or a Bane
Nivesh Yadav
 
Social networking boon or a bane
Social networking boon or a baneSocial networking boon or a bane
Social networking boon or a bane
Abhishek Sharma
 
Social Media for Job Searching
Social Media for Job SearchingSocial Media for Job Searching
Social Media for Job Searching
University of Sussex, Careers & Employability Centre
 
Social media
Social mediaSocial media
Social media
loveleen lekh
 
social media
social mediasocial media
social mediaAkhil Kumar
 
Social Media & Networking - Boon or Bane?
Social Media & Networking - Boon or Bane?Social Media & Networking - Boon or Bane?
Social Media & Networking - Boon or Bane?
Yash Mittal
 
SOCIAL NETWORK - BOON OR BANE?
SOCIAL NETWORK - BOON OR BANE?SOCIAL NETWORK - BOON OR BANE?
SOCIAL NETWORK - BOON OR BANE?
Sudip Ghose
 
Social Media Boon or curse?
Social Media Boon or curse?Social Media Boon or curse?
Social Media Boon or curse?
Mayur Tank
 
Effects of social media on youth
Effects of social media on youthEffects of social media on youth
Effects of social media on youth
Sukriti Singh
 
Social media
Social mediaSocial media
Social media
Amina Moussa
 
Imagine Your Life Without the Internet
Imagine Your Life Without the InternetImagine Your Life Without the Internet
Imagine Your Life Without the Internet
Reflections Design and Print
 
Social media
Social mediaSocial media
Social media
Fasiha Nilofar
 
SOCIAL MEDIA
SOCIAL MEDIASOCIAL MEDIA
SOCIAL MEDIA
Nagapushpa1
 
Negative side of Social meadia
Negative side of Social meadia Negative side of Social meadia
Negative side of Social meadia
Sarath Mathew
 
Social Media & it's Impact in Today's World
Social Media & it's Impact in Today's WorldSocial Media & it's Impact in Today's World
Social Media & it's Impact in Today's World
Stephen Mokiwa
 
Social media
Social mediaSocial media
Social media
Madushan Sandaruwan
 
Brief history of social media
Brief history of social mediaBrief history of social media
Brief history of social media
Kent State University
 
Is Social Network Boon or Curse
Is Social Network Boon or CurseIs Social Network Boon or Curse
Is Social Network Boon or Curse
gurugomathi akshaya
 
Social media for career development
Social media for career developmentSocial media for career development
Social media for career development
Newcastle University Library
 
The negative impact of social media
The negative impact of social mediaThe negative impact of social media
The negative impact of social mediaProe24
 
Misuse of Internet
Misuse of InternetMisuse of Internet
Misuse of InternetAreeb Khan
 
Social Media Awareness
Social Media AwarenessSocial Media Awareness
Social Media Awareness
Dr Raghu Khimani
 
Social Media
Social MediaSocial Media
Social Media
nekka casinto
 
Side Effects of Social Media
Side Effects of Social MediaSide Effects of Social Media
Side Effects of Social Media
Aniket Maithani
 
Work from home job a rising trend
Work from home job a rising trendWork from home job a rising trend
Work from home job a rising trend
Balamurugan Bagavathy
 
A Brief History Of Social Media
A Brief History Of Social MediaA Brief History Of Social Media
A Brief History Of Social Media
Connie Piggott
 
Social media group project
Social media group projectSocial media group project
Social media group projectSukhvinder Singh
 
EFFECT OF SOCIAL MEDIA ON US
EFFECT OF SOCIAL MEDIA ON USEFFECT OF SOCIAL MEDIA ON US
EFFECT OF SOCIAL MEDIA ON US
Manish Kumar
 
Lost in Cultural Translation
Lost in Cultural TranslationLost in Cultural Translation
Lost in Cultural Translation
Vanessa Vela
 
The Business of Social Media
The Business of Social Media The Business of Social Media
The Business of Social Media
Dave Kerpen
 

More Related Content

What's hot

Effects of social media on youth
Effects of social media on youthEffects of social media on youth
Effects of social media on youth
Sukriti Singh
 
Social media
Social mediaSocial media
Social media
Amina Moussa
 
Imagine Your Life Without the Internet
Imagine Your Life Without the InternetImagine Your Life Without the Internet
Imagine Your Life Without the Internet
Reflections Design and Print
 
Social media
Social mediaSocial media
Social media
Fasiha Nilofar
 
SOCIAL MEDIA
SOCIAL MEDIASOCIAL MEDIA
SOCIAL MEDIA
Nagapushpa1
 
Negative side of Social meadia
Negative side of Social meadia Negative side of Social meadia
Negative side of Social meadia
Sarath Mathew
 
Social Media & it's Impact in Today's World
Social Media & it's Impact in Today's WorldSocial Media & it's Impact in Today's World
Social Media & it's Impact in Today's World
Stephen Mokiwa
 
Social media
Social mediaSocial media
Social media
Madushan Sandaruwan
 
Brief history of social media
Brief history of social mediaBrief history of social media
Brief history of social media
Kent State University
 
Is Social Network Boon or Curse
Is Social Network Boon or CurseIs Social Network Boon or Curse
Is Social Network Boon or Curse
gurugomathi akshaya
 
Social media for career development
Social media for career developmentSocial media for career development
Social media for career development
Newcastle University Library
 
The negative impact of social media
The negative impact of social mediaThe negative impact of social media
The negative impact of social mediaProe24
 
Misuse of Internet
Misuse of InternetMisuse of Internet
Misuse of InternetAreeb Khan
 
Social Media Awareness
Social Media AwarenessSocial Media Awareness
Social Media Awareness
Dr Raghu Khimani
 
Social Media
Social MediaSocial Media
Social Media
nekka casinto
 
Side Effects of Social Media
Side Effects of Social MediaSide Effects of Social Media
Side Effects of Social Media
Aniket Maithani
 
Work from home job a rising trend
Work from home job a rising trendWork from home job a rising trend
Work from home job a rising trend
Balamurugan Bagavathy
 
A Brief History Of Social Media
A Brief History Of Social MediaA Brief History Of Social Media
A Brief History Of Social Media
Connie Piggott
 
Social media group project
Social media group projectSocial media group project
Social media group projectSukhvinder Singh
 
EFFECT OF SOCIAL MEDIA ON US
EFFECT OF SOCIAL MEDIA ON USEFFECT OF SOCIAL MEDIA ON US
EFFECT OF SOCIAL MEDIA ON US
Manish Kumar
 

What's hot (20)

Effects of social media on youth
Effects of social media on youthEffects of social media on youth
Effects of social media on youth
 
Social media
Social mediaSocial media
Social media
 
Imagine Your Life Without the Internet
Imagine Your Life Without the InternetImagine Your Life Without the Internet
Imagine Your Life Without the Internet
 
Social media
Social mediaSocial media
Social media
 
SOCIAL MEDIA
SOCIAL MEDIASOCIAL MEDIA
SOCIAL MEDIA
 
Negative side of Social meadia
Negative side of Social meadia Negative side of Social meadia
Negative side of Social meadia
 
Social Media & it's Impact in Today's World
Social Media & it's Impact in Today's WorldSocial Media & it's Impact in Today's World
Social Media & it's Impact in Today's World
 
Social media
Social mediaSocial media
Social media
 
Brief history of social media
Brief history of social mediaBrief history of social media
Brief history of social media
 
Is Social Network Boon or Curse
Is Social Network Boon or CurseIs Social Network Boon or Curse
Is Social Network Boon or Curse
 
Social media for career development
Social media for career developmentSocial media for career development
Social media for career development
 
The negative impact of social media
The negative impact of social mediaThe negative impact of social media
The negative impact of social media
 
Misuse of Internet
Misuse of InternetMisuse of Internet
Misuse of Internet
 
Social Media Awareness
Social Media AwarenessSocial Media Awareness
Social Media Awareness
 
Social Media
Social MediaSocial Media
Social Media
 
Side Effects of Social Media
Side Effects of Social MediaSide Effects of Social Media
Side Effects of Social Media
 
Work from home job a rising trend
Work from home job a rising trendWork from home job a rising trend
Work from home job a rising trend
 
A Brief History Of Social Media
A Brief History Of Social MediaA Brief History Of Social Media
A Brief History Of Social Media
 
Social media group project
Social media group projectSocial media group project
Social media group project
 
EFFECT OF SOCIAL MEDIA ON US
EFFECT OF SOCIAL MEDIA ON USEFFECT OF SOCIAL MEDIA ON US
EFFECT OF SOCIAL MEDIA ON US
 

Viewers also liked

Lost in Cultural Translation
Lost in Cultural TranslationLost in Cultural Translation
Lost in Cultural Translation
Vanessa Vela
 
The Business of Social Media
The Business of Social Media The Business of Social Media
The Business of Social Media
Dave Kerpen
 
10 Steps of Project Management in Digital Agencies
10 Steps of Project Management in Digital Agencies 10 Steps of Project Management in Digital Agencies
10 Steps of Project Management in Digital Agencies
Alemsah Ozturk
 
The hottest analysis tools for startups
The hottest analysis tools for startupsThe hottest analysis tools for startups
The hottest analysis tools for startups
Liane Siebenhaar
 
All About Beer
All About Beer All About Beer
All About Beer
Ethos3
 
Displaying Data
Displaying DataDisplaying Data
Displaying Data
Bipul Deb Nath
 

Viewers also liked (7)

Lost in Cultural Translation
Lost in Cultural TranslationLost in Cultural Translation
Lost in Cultural Translation
 
The Business of Social Media
The Business of Social Media The Business of Social Media
The Business of Social Media
 
Flyer
FlyerFlyer
Flyer
 
10 Steps of Project Management in Digital Agencies
10 Steps of Project Management in Digital Agencies 10 Steps of Project Management in Digital Agencies
10 Steps of Project Management in Digital Agencies
 
The hottest analysis tools for startups
The hottest analysis tools for startupsThe hottest analysis tools for startups
The hottest analysis tools for startups
 
All About Beer
All About Beer All About Beer
All About Beer
 
Displaying Data
Displaying DataDisplaying Data
Displaying Data
 

Similar to Social Networks - The Good and the Bad

Skillteam workshop social media final v1.0 05.10.2011
Skillteam workshop social media final v1.0 05.10.2011Skillteam workshop social media final v1.0 05.10.2011
Skillteam workshop social media final v1.0 05.10.2011
Fishtank
 
Social Media for Internal Company Communications by @JoeyShepp
Social Media for Internal Company Communications by @JoeySheppSocial Media for Internal Company Communications by @JoeyShepp
Social Media for Internal Company Communications by @JoeyShepp
Earthsite
 
Final social media in business is 460
Final social media in business is 460Final social media in business is 460
Final social media in business is 460msiakpere
 
GovLoop Training Webinar: Social Media Basics Part 2
GovLoop Training Webinar: Social Media Basics Part 2GovLoop Training Webinar: Social Media Basics Part 2
GovLoop Training Webinar: Social Media Basics Part 2GovLoop
 
GovLoop Training Webinar: Social Media Basics Part 2
GovLoop Training Webinar: Social Media Basics Part 2GovLoop Training Webinar: Social Media Basics Part 2
GovLoop Training Webinar: Social Media Basics Part 2GovLoop
 
Social networks and social media analysis in the context of the enterprise
Social networks and social media analysis in the context of the enterpriseSocial networks and social media analysis in the context of the enterprise
Social networks and social media analysis in the context of the enterpriseRamez Al-Fayez
 
Social engineering
Social engineeringSocial engineering
Social engineering
Robert Hood
 
Enterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence GatheringEnterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence Gathering
Tom Eston
 
Building your online professional profile
Building your online professional profileBuilding your online professional profile
Building your online professional profile
Lisa Harris
 
Digital mindset for Social HR
Digital mindset for Social HRDigital mindset for Social HR
Digital mindset for Social HR
Ruchi Bhatia
 
online identity & employability feb 2015
online identity & employability feb 2015online identity & employability feb 2015
online identity & employability feb 2015
Lisa Harris
 
Exploring social theory through enterprise social media (muller, ibm research)
Exploring social theory through enterprise social media (muller, ibm research)Exploring social theory through enterprise social media (muller, ibm research)
Exploring social theory through enterprise social media (muller, ibm research)
Michael Muller
 
Social Media: Infiltrating The Enterprise
Social Media: Infiltrating The EnterpriseSocial Media: Infiltrating The Enterprise
Social Media: Infiltrating The Enterprise
Jay McLaughlin
 
WSA 031215
WSA 031215WSA 031215
WSA 031215
Lisa Harris
 
Effective Training and Policy Takes the Fear out of Social Networking - Shawn...
Effective Training and Policy Takes the Fear out of Social Networking - Shawn...Effective Training and Policy Takes the Fear out of Social Networking - Shawn...
Effective Training and Policy Takes the Fear out of Social Networking - Shawn...sdavis532
 
SocialSafe for SMEs/SMBs - V1
SocialSafe for SMEs/SMBs - V1SocialSafe for SMEs/SMBs - V1
SocialSafe for SMEs/SMBs - V1
Julian Ranger
 
Intranet 2.0 Webinar Oct 2008
Intranet 2.0 Webinar Oct 2008Intranet 2.0 Webinar Oct 2008
Intranet 2.0 Webinar Oct 2008
Prescient Digital Media
 
Top 10 Social Media Management Tools - October 2011
Top 10 Social Media Management Tools - October 2011Top 10 Social Media Management Tools - October 2011
Top 10 Social Media Management Tools - October 2011
C.Miro Consulting | Claudia Miro
 

Similar to Social Networks - The Good and the Bad (20)

Skillteam workshop social media final v1.0 05.10.2011
Skillteam workshop social media final v1.0 05.10.2011Skillteam workshop social media final v1.0 05.10.2011
Skillteam workshop social media final v1.0 05.10.2011
 
Social Media for Internal Company Communications by @JoeyShepp
Social Media for Internal Company Communications by @JoeySheppSocial Media for Internal Company Communications by @JoeyShepp
Social Media for Internal Company Communications by @JoeyShepp
 
Final social media in business is 460
Final social media in business is 460Final social media in business is 460
Final social media in business is 460
 
GovLoop Training Webinar: Social Media Basics Part 2
GovLoop Training Webinar: Social Media Basics Part 2GovLoop Training Webinar: Social Media Basics Part 2
GovLoop Training Webinar: Social Media Basics Part 2
 
GovLoop Training Webinar: Social Media Basics Part 2
GovLoop Training Webinar: Social Media Basics Part 2GovLoop Training Webinar: Social Media Basics Part 2
GovLoop Training Webinar: Social Media Basics Part 2
 
Social networks and social media analysis in the context of the enterprise
Social networks and social media analysis in the context of the enterpriseSocial networks and social media analysis in the context of the enterprise
Social networks and social media analysis in the context of the enterprise
 
Twitter for Business webinar
Twitter for Business webinarTwitter for Business webinar
Twitter for Business webinar
 
Social engineering
Social engineeringSocial engineering
Social engineering
 
Enterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence GatheringEnterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence Gathering
 
Building your online professional profile
Building your online professional profileBuilding your online professional profile
Building your online professional profile
 
Digital mindset for Social HR
Digital mindset for Social HRDigital mindset for Social HR
Digital mindset for Social HR
 
online identity & employability feb 2015
online identity & employability feb 2015online identity & employability feb 2015
online identity & employability feb 2015
 
Why Should Big Law do Social Media
Why Should Big Law do Social MediaWhy Should Big Law do Social Media
Why Should Big Law do Social Media
 
Exploring social theory through enterprise social media (muller, ibm research)
Exploring social theory through enterprise social media (muller, ibm research)Exploring social theory through enterprise social media (muller, ibm research)
Exploring social theory through enterprise social media (muller, ibm research)
 
Social Media: Infiltrating The Enterprise
Social Media: Infiltrating The EnterpriseSocial Media: Infiltrating The Enterprise
Social Media: Infiltrating The Enterprise
 
WSA 031215
WSA 031215WSA 031215
WSA 031215
 
Effective Training and Policy Takes the Fear out of Social Networking - Shawn...
Effective Training and Policy Takes the Fear out of Social Networking - Shawn...Effective Training and Policy Takes the Fear out of Social Networking - Shawn...
Effective Training and Policy Takes the Fear out of Social Networking - Shawn...
 
SocialSafe for SMEs/SMBs - V1
SocialSafe for SMEs/SMBs - V1SocialSafe for SMEs/SMBs - V1
SocialSafe for SMEs/SMBs - V1
 
Intranet 2.0 Webinar Oct 2008
Intranet 2.0 Webinar Oct 2008Intranet 2.0 Webinar Oct 2008
Intranet 2.0 Webinar Oct 2008
 
Top 10 Social Media Management Tools - October 2011
Top 10 Social Media Management Tools - October 2011Top 10 Social Media Management Tools - October 2011
Top 10 Social Media Management Tools - October 2011
 

More from Xavier Mertens

FPC for the Masses (SANSFire Edition)
FPC for the Masses (SANSFire Edition)FPC for the Masses (SANSFire Edition)
FPC for the Masses (SANSFire Edition)
Xavier Mertens
 
FPC for the Masses - CoRIIN 2018
FPC for the Masses - CoRIIN 2018FPC for the Masses - CoRIIN 2018
FPC for the Masses - CoRIIN 2018
Xavier Mertens
 
HTTP For the Good or the Bad - FSEC Edition
HTTP For the Good or the Bad - FSEC EditionHTTP For the Good or the Bad - FSEC Edition
HTTP For the Good or the Bad - FSEC Edition
Xavier Mertens
 
Unity Makes Strength
Unity Makes StrengthUnity Makes Strength
Unity Makes Strength
Xavier Mertens
 
HTTP For the Good or the Bad
HTTP For the Good or the BadHTTP For the Good or the Bad
HTTP For the Good or the Bad
Xavier Mertens
 
Developers are from Mars, Security guys are from Venus
Developers are from Mars, Security guys are from VenusDevelopers are from Mars, Security guys are from Venus
Developers are from Mars, Security guys are from Venus
Xavier Mertens
 
Building A Poor man’s Fir3Ey3 Mail Scanner
Building A Poor man’s Fir3Ey3 Mail ScannerBuilding A Poor man’s Fir3Ey3 Mail Scanner
Building A Poor man’s Fir3Ey3 Mail Scanner
Xavier Mertens
 
$HOME Sweet $HOME SANSFIRE Edition
$HOME Sweet $HOME SANSFIRE Edition$HOME Sweet $HOME SANSFIRE Edition
$HOME Sweet $HOME SANSFIRE Edition
Xavier Mertens
 
Automatic MIME Attachments Triage
Automatic MIME Attachments TriageAutomatic MIME Attachments Triage
Automatic MIME Attachments Triage
Xavier Mertens
 
$HOME Sweet $HOME Devoxx 2015
$HOME Sweet $HOME Devoxx 2015$HOME Sweet $HOME Devoxx 2015
$HOME Sweet $HOME Devoxx 2015
Xavier Mertens
 
Secure Web Coding
Secure Web CodingSecure Web Coding
Secure Web Coding
Xavier Mertens
 
Malware Analysis Using Free Software
Malware Analysis Using Free SoftwareMalware Analysis Using Free Software
Malware Analysis Using Free Software
Xavier Mertens
 
Because we are just humans
Because we are just humansBecause we are just humans
Because we are just humans
Xavier Mertens
 
You have a SIEM! And now?
You have a SIEM! And now?You have a SIEM! And now?
You have a SIEM! And now?
Xavier Mertens
 
What are-you-investigate-today? (version 2.0)
What are-you-investigate-today? (version 2.0)What are-you-investigate-today? (version 2.0)
What are-you-investigate-today? (version 2.0)
Xavier Mertens
 
The BruCO"NSA" Network
The BruCO"NSA" NetworkThe BruCO"NSA" Network
The BruCO"NSA" Network
Xavier Mertens
 
What Will You Investigate Today?
What Will You Investigate Today?What Will You Investigate Today?
What Will You Investigate Today?Xavier Mertens
 
Unity Makes Strength SOURCE Dublin 2013
Unity Makes Strength SOURCE Dublin 2013Unity Makes Strength SOURCE Dublin 2013
Unity Makes Strength SOURCE Dublin 2013
Xavier Mertens
 
Mobile Apps Security
Mobile Apps SecurityMobile Apps Security
Mobile Apps Security
Xavier Mertens
 

More from Xavier Mertens (20)

FPC for the Masses (SANSFire Edition)
FPC for the Masses (SANSFire Edition)FPC for the Masses (SANSFire Edition)
FPC for the Masses (SANSFire Edition)
 
FPC for the Masses - CoRIIN 2018
FPC for the Masses - CoRIIN 2018FPC for the Masses - CoRIIN 2018
FPC for the Masses - CoRIIN 2018
 
HTTP For the Good or the Bad - FSEC Edition
HTTP For the Good or the Bad - FSEC EditionHTTP For the Good or the Bad - FSEC Edition
HTTP For the Good or the Bad - FSEC Edition
 
Unity Makes Strength
Unity Makes StrengthUnity Makes Strength
Unity Makes Strength
 
HTTP For the Good or the Bad
HTTP For the Good or the BadHTTP For the Good or the Bad
HTTP For the Good or the Bad
 
Developers are from Mars, Security guys are from Venus
Developers are from Mars, Security guys are from VenusDevelopers are from Mars, Security guys are from Venus
Developers are from Mars, Security guys are from Venus
 
Building A Poor man’s Fir3Ey3 Mail Scanner
Building A Poor man’s Fir3Ey3 Mail ScannerBuilding A Poor man’s Fir3Ey3 Mail Scanner
Building A Poor man’s Fir3Ey3 Mail Scanner
 
$HOME Sweet $HOME SANSFIRE Edition
$HOME Sweet $HOME SANSFIRE Edition$HOME Sweet $HOME SANSFIRE Edition
$HOME Sweet $HOME SANSFIRE Edition
 
Automatic MIME Attachments Triage
Automatic MIME Attachments TriageAutomatic MIME Attachments Triage
Automatic MIME Attachments Triage
 
$HOME Sweet $HOME Devoxx 2015
$HOME Sweet $HOME Devoxx 2015$HOME Sweet $HOME Devoxx 2015
$HOME Sweet $HOME Devoxx 2015
 
$HOME Sweet $HOME
$HOME Sweet $HOME$HOME Sweet $HOME
$HOME Sweet $HOME
 
Secure Web Coding
Secure Web CodingSecure Web Coding
Secure Web Coding
 
Malware Analysis Using Free Software
Malware Analysis Using Free SoftwareMalware Analysis Using Free Software
Malware Analysis Using Free Software
 
Because we are just humans
Because we are just humansBecause we are just humans
Because we are just humans
 
You have a SIEM! And now?
You have a SIEM! And now?You have a SIEM! And now?
You have a SIEM! And now?
 
What are-you-investigate-today? (version 2.0)
What are-you-investigate-today? (version 2.0)What are-you-investigate-today? (version 2.0)
What are-you-investigate-today? (version 2.0)
 
The BruCO"NSA" Network
The BruCO"NSA" NetworkThe BruCO"NSA" Network
The BruCO"NSA" Network
 
What Will You Investigate Today?
What Will You Investigate Today?What Will You Investigate Today?
What Will You Investigate Today?
 
Unity Makes Strength SOURCE Dublin 2013
Unity Makes Strength SOURCE Dublin 2013Unity Makes Strength SOURCE Dublin 2013
Unity Makes Strength SOURCE Dublin 2013
 
Mobile Apps Security
Mobile Apps SecurityMobile Apps Security
Mobile Apps Security
 

Recently uploaded

Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
Dorra BARTAGUIZ
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Product School
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Product School
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
Ana-Maria Mihalceanu
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
Product School
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
Elena Simperl
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
DianaGray10
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Jeffrey Haguewood
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
Product School
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
Jemma Hussein Allen
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
Paul Groth
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
ControlCase
 
Generating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using SmithyGenerating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using Smithy
g2nightmarescribd
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
Frank van Harmelen
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
RTTS
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Ramesh Iyer
 

Recently uploaded (20)

Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
 
Generating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using SmithyGenerating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using Smithy
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
 

Social Networks - The Good and the Bad

  • 1. Social Networks The Good and The Bad Beltug Security SIG 2012 - Xavier Mertens
  • 2. $ whoami • Xavier Mertens (@xme) • Security Consultant • CISSP, CISA, CeH • Security Blogger • Volunteer for security projects:
  • 3. $ cat disclaimer.txt “The opinions expressed in this presentation are those of the speaker and do not reflect those of past, present or future employers, partners or customers”
  • 4. Agenda • Definitions & Common Usages • Nightmare Stories • Risks • Actions!
  • 5. Definition & Common Usages
  • 6. Some Facts • Technology changed the way people communicate • “Usage of social networks by the Fortune 500 companies has seen an explosive growth in 2010 with 83% of the companies using at least one of the social media sites” • The usage of blogs has also increased by 50% (corporate blogs) • Around 34% have developed policies to govern blogging by their employees (Source: socialtimes.com)
  • 7. Nothing New! (Source: idfive.com)
  • 8. Do You Know Them?
  • 9. In Belgium? (Source: google.com/addplanner)
  • 10. Definition? “Social network sites are defined as web- based services that allow individuals or organizations to construct a public or semi- public profile within a bounded system, articulate a list of other users with whom they share a connection, and view and traverse their list of connections and those made by others within the system. ”
  • 11. Common Usages • Communication about company & brands (marketing) • Live support • Technology & competition follow-up • Human Resources
  • 12. Marketing • Social Networks give a sense of “dynamic” company • Direct Reach / Close to customers. • Extended circle of contacts at low costs • Personal touch
  • 13. Live Support • Close contact with customers • Low Costs • Give a sense of “Real time”
  • 14. Follow Up • What are doing my competitors? • What’s new in my field of activity? • Almost real-time news trending
  • 15. Human Resources • “Hire” & “Fire” • Online recruiting • Employees screening
  • 16. And you as individual? • Split your personal and professional activities • Use a disclaimer: “My Tweets reflect my personal opinion”
  • 18. Barbara Streisand The “Streisand Effect” is a primarily online phenomenon in which an attempt to hide or remove a piece of information has the unintended consequence of publicizing the information more widely.
  • 19. The Belgian Jeweler In 2009, a Belgian Jeweler made a buzz with Belgian Twitter users with a complete misunderstanding of the social networks impacts.
  • 20. Domino’s Pizza A Domino’s Pizza employee inserted nasal mucus on pizza’s. He was fired but video was posted on Youtube. 250.000+ views!
  • 21. Koobface • Multi-platform worm that targeted Facebook users • First reported in 2009 • Botnet, DNS filter, Proxy feature
  • 22. Risks
  • 23. Malware & Viruses • Corporate devices used to access Social Networks • They are based on Web technologies. All known attacks are usable (see the OWASP Top-10) • URL shorteners / QRcodes (“click”- generation)
  • 24. Wasted Resources • In big companies, usage of Social Network can waste a lot of bandwidth! Example: Facebook on a network of 10000+ users: 200GB/day • Waste of time by employees • Peak of wasted resources during popular events
  • 25. “Users” • Users remain the weakest link • Facebook password same as Active Directory password? • Attackers use breaking news • How many “friends” are really friends?
  • 26. Mobiles & Apps • People use mobile devices to access Social Networks • Suspicious browser extensions or 3rd party apps
  • 27. Data Leak • People might post confidential information • Intentional or not! • Data Extrusion • Bypass regular communication channels (Skype)
  • 29. Social Engineering • All information to conduct a social engineering attack is already online • Google is your best friend • Tools like Maltego are gold mines
  • 30. Degraded Brand Image • It takes years to build a brand image • It takes minutes to kill it!
  • 31. Data Resilience • Once posted, it’s indexed! • Are removed data really deleted?
  • 32. Reputation & Legal Liability • Disgruntled employees • “My boss is a bastard!” • “I’m pissed off by this f*cking job...” • Employers could be held responsible for failing to protect employees from accessing “sensitive” material.
  • 34. Official Support • Information can’t be published by employee self-initiative • Social Media must be defined as a regular communication channel with rules & guidelines
  • 35. Monitor Your Brand • Even if not used immediately, register your account (if not too late!) • Google Alerts • Commercial services (buzzcapture.com) • Monitoring tools
  • 36. Local Policies • No Social Networks access from business critical environments. • Restrict Social Networks access (“read-only”). • Modern firewalls may filter based on domains
  • 37. Remote Policies • Read carefully the Social Networks policies • Follow updates & fix your profiles (Ex: LinkedIn can use your profile picture) • Similarities with cloud services
  • 38. Security Awareness • Add Social Networks to your existing security awareness program. • “What employers and employees need to know.”
  • 39. pastebin.com • pastebin.com is a website where people can anonymously post “pasties” (data) • Track monitoring about your company (Example: IP’s, domain names)
  • 40. Thank You! Q&A? http://blog.rootshell.be http://twitter.com/xme

Editor's Notes

  1. \n
  2. \n
  3. \n
  4. \n
  5. \n
  6. \n
  7. \n
  8. \n
  9. \n
  10. \n
  11. \n
  12. \n
  13. \n
  14. \n
  15. \n
  16. \n
  17. \n
  18. \n
  19. \n
  20. \n
  21. \n
  22. \n
  23. \n
  24. \n
  25. \n
  26. \n
  27. \n
  28. \n
  29. \n
  30. \n
  31. \n
  32. \n
  33. \n
  34. \n
  35. \n
  36. \n
  37. \n
  38. \n
  39. \n
  40. \n