Professional Documents
Culture Documents
4471 Social Network Security Reading
4471 Social Network Security Reading
Based on material from H. Townsend (Kansas State U.), G. Bahadur et al. [1], NSA, and U.S. Dept. of State.
Outline
Overview of Online Social Networking Threats and Attacks Defense Measures
MySpace is a place for friends. MySpace is Your Space. MySpace keeps you connected.
Giving people the power to share and make the world more open and connected.
Twitter is a service for friends, family, and co-workers to communicate and stay connected through the exchange of quick frequent answers to one simple question:
Your professional network of trusted contacts gives you an advantage in your career, and is one of your most valuable assets. LinkedIn exists to help you make better use of your professional network and help the people you trust in return.
Delicious is a Social Bookmarking service, which means you can save all your bookmarks online, share them with other people, and see what other people are bookmarking.
OSN Popularity
Over 900 million Facebook users worldwide [6]
Over 150 million in U.S. [5] Over 450 million access via mobile [6] 300 million pictures uploaded to Facebook daily [6]
Over 140 million Twitter users; over 340 million Tweets sent daily [7] Over 175 million LinkedIn members in over 200 countries [8]
OSNs provide communal forum for expression (self, group, mass), collaboration, etc.
Connect with old friends, find new friends and connect Play games with friends, e.g., Mafia Wars, Scrabulous Commerce in virtual items
But using OSNs poses security issues for orgs as well as individuals
Outline
Overview of Online Social Networking Threats and Attacks Defense Measures
Information posted on OSNs impacts unemployment, insurance, etc. Organizations concerns: brand, laws, regulations
Other third-party apps on OSNs like Facebook may contain malware (if not vetted) Not to mention hoaxes, chain letters, and other cons
OSNs (and their members) have played similar roles in mistreating people
only add, to your privacy settings orand (ii) commercialize, enable a user to in Post , including by remove, retain, process, analyze, use any way now known or in the futurea discovered, any information you provide, directly or your name, offering Share Link on your website and (b) to use indirectly to LinkedIn, not limited to any user generatedor content, likeness andincluding image forbut any purpose, including commercial advertising, each ideas, concepts, techniques or data to the services, you submit to LinkedIn, of (a) and (b) on or in connection with the Facebook Service or the promotion without any furtherYou consent, notice and/or compensation to you to any third thereof. may remove your User Content from theor Site at any time. If you parties. Any information you your submit to us is at your risk of loss. choose to remove User Content, the own license granted above will automatically expire, however you acknowledge that the Company may retain archived copies of your User Content.
URL Shorteners
bit.ly, TinyUrl, ReadThisURL, NotLong Hides the true destination URL hard to tell where youre going until you click!
http://www.evil.com/badsite?%20infect-yourpc.html
is now
http://bit.ly/aaI9KV
Source: [17]
Outline
Overview of Online Social Networking Threats and Attacks Defense Measures
Be wary of 3rd party apps, ads, etc. (P.T. Barnums quote) Supervise childrens OSN activity
Extreme cases:
Cease using OSNs, delete accounts Contact law enforcement re. relentless online harassment
Some services have browser extensions Can unshorten URLs using cURL [18], [19]
Idea: follow Location: HTTP headers
Encompasses all parts of an org., not just IT dept! This usually entails: [1]
Crafting social media policy, disseminating to employees Hiring/training staff to manage org. presence on OSNs (with management oversight) Monitoring and reporting employee use of social media
Feedback loop: org. takes action to reach goals, assesses progress periodically (e.g., every 6 mo.)
Thank You
References (1)
1. G. Bahadur, J. Inasi, and A. de Carvalho, Securing the Clicks: Network Security in the Age of Social Media, McGraw-Hill, New York, 2012. 2. H. Townsend, 4 Jun. 2010, http://www.k-state.edu/its/security/training/roundtables/ presentations/SIRT_roundtable-RisksofSocialNetworking-Jun10.ppt 3. U.S. Dept. of State, Social Networking Cyber Security Awareness Briefing, http:// www.slideshare.net/DepartmentofDefense/social-media-cyber-security-awareness-briefing 4. National Security Agency, Social Networking Sites, http://www.nsa.gov/ia/_files/factsheets/I73-021R-2009.pdf 5. Consumer Reports, Jun. 2012, http://www.consumerreports.org/cro/magazine/2012/06/ facebook-your-privacy/index.htm 6. S. Sengupta, 14 May 2012, http://www.nytimes.com/2012/05/15/technology/facebook-needsto-turn-data-trove-into-investor-gold.html?_r=1&pagewanted=all 7. T. Wasserman, 21 Mar. 2012, http://mashable.com/2012/03/21/twitter-has-140-million-users/ 8. LinkedIn Corp., 2012, http://press.linkedin.com/about 9. R. Richmond, Web Gang Operating in the Open, 16 Jan. 2012, https://www.nytimes.com/ 2012/01/17/technology/koobface-gang-that-used-facebook-to-spread-worm-operates-in-theopen.html?_r=1
References (2)
10.
11. 12.
13.
14. 15.
16.
J. Drmer and D. Kollberg, The Koobface malware gang exposed!, 2012, http://nakedsecurity.sophos.com/koobface/ Wikipedia, https://en.wikipedia.org/wiki/Suicide_of_Megan_Meier M. Schwartz, The Trolls Among Us, 3 Aug. 2008, https://www.nytimes.com/2008/08/03/ magazine/03trolls-t.html?pagewanted=all M. Raymond, How Tweet It Is!: Library Acquires Entire Twitter Archive, 14 Apr. 2010, http://blogs.loc.gov/loc/2010/04/how-tweet-it-is-library-acquires-entire-twitter-archive/ B. Borsboom, B. van Amstel, and F. Groeneveld, Please Rob Me, http://pleaserobme.com D. Love, 13 People Who Got Fired for Tweeting, 16 May 2011, http://www.businessinsider.com/twitter-fired-2011-5?op=1 C. Smith and C. Kanalley, Fired Over Facebook: 13 Posts That Got People Canned, http://www.huffingtonpost.com/2010/07/26/fired-over-facebook-posts_n_659170.html https://twitter.com/BPglobalPR http://curl.haxx.se/ http://jonathonhill.net/2012-05-18/unshorten-urls-with-php-and-curl/ http://www.securingsocialmedia.com/resources/