You are on page 1of 18

Sarmiento, Chenny Grace Marie T.


ICT 200
What are the possible risks in using the social networks? Explain
each risk you identified.
Social networking sites allow someone to post information that thousands of
other users can read. But that's not at all. In this Q&A, information security
threats expert Ed Skoudis reveals how sites like MySpace and YouTube let the
bad guys post something more dangerous: malware.
Social network tools have changed the way we interact in our personal lives
and are in the process of transforming our professional lives. Increasingly,
they play a significant role in how business gets done. But they're also high
risk. With hundreds of millions of users, these tools have attracted attackers
more than any other target in recent years.
Here, according to Palo Alto Networks, are the top 10 social network
threats/risks that enterprises must consider when developing policies:
1. Social networking worms: Social networking worms include Koobface,
which has become, according to researchers, "the largest Web 2.0 botnet."
While a multi-faceted threat like Koobface challenges the definition of
"worm," it is specifically designed to propagate across social networks (e.g.,
Facebook, mySpace, Twitter, hi5, Friendster and Bebo), enlist more machines
into its botnet, and hijack more accounts to send more spam to enlist more
machines. All the while making money with the usual botnet business,
including scareware and Russian dating services.
2. Phishing bait: Remember FBAction? The e-mail that lured you to sign
into Facebook, hoping you don't pick up on the URL in the
browser? Many Facebook users had their accounts compromised, and
although it was only a "tiny fraction of a percent," when you realize Facebook

Trojans: Social networks have become a great vector for trojans -. These shortened links are easy to use and ubiquitous. bit. but even smarter. organizational changes. Facebook acted quickly. fbstarter. Shortened links: People use URL shortening services (e.has over 350 million users. it's still a significant and tinyurl) to fit long URLs into tight spaces.projects.g. or other sensitive information. 5. Data leaks: Social networks are all about a similar banking Trojan. notably the Duanesburg Central School district in New York State late in 2009. The . Even spouses sometimes over-share how much their significant other is working late on top-secret project. the damaging and the legal. 3. 6. and a few too many of the details associated with said project. financials. Many of the Twitter clients will automatically shorten any link. many users share a bit too much about the organization -. working to blacklist that domain. not a CNN Facebook has since gotten rather adept at Whack-A-Mole. scandals. * URL Zone -. And folks are used to seeing them.. Unfortunately. but lots of copycat efforts ensued (e. it can calculate the value of the victim's accounts to help decide the priority for the thief."click here" and you get: * Zeus -.a potent and popular banking Trojan that has been given new life by social networks. To its credit. There have been several recent high-profile thefts blamed on Zeus. Botnets: Late last year.g. products. The resulting issues include the embarrassing. 4. security researchers uncovered Twitter accounts being used as a command and control channel for a few botnets.. They also do a nice job of obfuscating the link so it isn't immediately apparent to victims that they're clicking on a malware install.

and then gaining access to sensitive systems. social networks are a data source. high-net-worth individuals). Less exotic.. Twitter is shutting these accounts down. executives. officers. and the Dalai Lama). but some have used other applications -.placing more intelligence gathering (e. Furthermore.g. for which social networks can be a treasure trove of data. this will continue. Twitter. Jonathan Ive. CNN. So Twitter will become expert at Whack-A-Mole too… 7.P2P file sharing in the case of Storm -.more like a technique used to spread a sophisticated social networking worm. a handful of British politicians). but given the ease of access of infected machines to Twitter.g. but no less important to individuals is the fact that information on your whereabouts and activities can give more run-of-the-mill criminals an opportunity 8. several impersonators have gathered hundreds and thousands of followers on Twitter -. Impersonation: The social network accounts of several prominent individuals with thousands of followers have been hacked (most recently. So as long as the social network application isn't checking the referrer header. 9. Steve Wozniak. Twitter will now shut down impersonators attempting to smear their victims. Advanced persistent threats: One of the key elements of advanced persistent threats (APT) is the gathering of intelligence of persons of interest (e. or worse.standard command and control channel is IRC.and then embarrassed the folks they impersonate (e. but at Twitter's discretion. . malware. So while not directly related to APTs. Perpetrators of APTs use this information to further their threats -. CSRF attacks exploit the trust a social networking application has in a logged-in user's browser.and now.g. cleverly. trojans)... it's easy for an attack to "share" an image in a user's event stream that other users might click on to catch/spread the attack. Cross-Site Request Forgery (CSRF): While it isn't a specific kind of threat -.

Guy Kawasaki). most of the impersonators aren't distributing malware. people trust links. http://goo. You create a social presence but no one is participating.a lot -. Like email. but some of the hacked accounts certainly have ('ll have to get burned a few more times. or instant messaging when it became ubiquitous. Is it a corporate secret. If the comments are from outside the organization they should be quickly judged to determine constructive criticism or inappropriate behavior and appropriate steps should be taken to deal with them in a timely manner. comments of a disgruntled employee or an upset customer because of a lack of customer service? If you don't already have one. . videos and executables when they come from "friends." until they get burned a few times. pictures. Trust: The common thread across almost all of these threats is the tremendous amount of trust users have in these social Something gets posted you don't want others to see. 10. The difference with social networks is that the entire purpose of them is to share -.which will result in a steeper learning curve for users.Admittedly. a brief internal social media policy should cover what can and can't be said along with how it could be said by those inside the organization.g. Social applications haven't burned enough people yet. It should be flexible enough to encourage passion for customers and the brand but should also make sure the brand remains an asset. Translation -. when it hit the mainstream.

As your social media community grows and expands its reach there is a possibility of alienating your core followers. If they are your target audience. Sometimes it's unavoidable. Simply ask. what about creating a core group just for them? Consider the impact on you resources and the benefits of keeping them happy while still addressing a larger potential community. The time you take working at establishing your social media standing can also be used as an ongoing case study to discuss what you've learned with your customers. your ability to influence the message increases. Or perhaps you can suggest covering the new topic in next week's discussions where you can research it further and get more input on it. You're trying to be social but the topic gets sidetracked or even hijacked. Some people don't tolerate change. Also remember. . One of the first rules of social media is that it's not about you. there are some people who just don't want to change. The point of social media is that you don't have direct control of the message but the more involved you are in social media and are aware of your business and customers. content and appropriate channel(s). You need to consider your core first before diluting your approach to please the masses you're not currently connected to. but if you include the core in your growth and choices for growth it's often easier for them to deal with change. "Why?" Perhaps there is something else more important you could or should be covering.Social media should start with a strategy and part of the strategy should include audience. It takes time to grow a community. You may think you're talking to yourself but really you can be honing your message to your customer while you also spend time listening to what is important to them and include it in your community content.

the theme. Social media enables conversation through on line communities. malware. The conversations you start or participate in can lead to so many great possibilities. In a small organization the worry is not enough resources to establish a social media strategy and be able to execute while in a larger organization it may mean a fight to control or influence the approach. research and development initiatives. strategy planning and so much more. Too much power wielded by an individual. identity and brand theft can all occur with or without the use of social media. Not everyone needs to be directly involved but all should be aware of the social media benefits as part of the marketing and sales strategies of the organization. You should consider good IT practices to avoid the possibility of software and hardware security breaches. Some recommend being vague with content to avoid brand or identity theft. Social media strategies that don't include the whole organization. Although many organizations believe social media should be managed from the marketing department to enable the acquisition and retention of customers.Social media channels and content can open up breaches of security. the content. Thinking social media is only for marketing. You need to consider the level of information you share and the possibility that information can be used against you. the budget and other resources. Viruses. But if you participate in social media and all you do is listen without giving there is a high probability your community will wonder if it's worth participating in your network. . other companies use social media as a critical enabler to their customer service efforts.

With more and more communication channels available to us it's very hard to keep up with it all. but it can also help balance the responsibility to create great content and manage the social media strategy. As you look to expand into a new audience you should evaluate tactics to localize your message to the audience.There is a risk if the social media "face" of the company is a particular individual and what if that individual leaves the organization or takes another role within the company? Their social media currency could leave with them. Not only will it help to balance the Should you still use social network? Why? good customer deserves. . Consider the impact of an individual and consider spreading the currency around to include others. Take the time to develop a solid social media monitoring plan that not only listens to what people are saying about you or your organization but also hears the smallest request and makes sure it gets the attention any http://goo. This could include translation services or evaluating the needs of a new layer of employees. But a simple business principle plays here – ignore your customer and eventually they will go away. Not having the ability to localize your message to a particular audience. What happens if your social media presence expands to another country or a customer base outside your typical one? Monitoring your social media strategy and reviewing the needs of a particular audience can help you plan for the needs of your existing and future audiences. Someone wants to have a conversation but they get ignored.

thus delivering a message that is relevant for the start of the day. as print advertising.Yes. You can communicate every day Through Social Media brands and organizations have the opportunity to communicate on a daily basis with their (potential) fans. . newsletter. It can differentiate its messages based upon the different days. These daily lightweight messages add up to form a more intense and loyal relationship. People who react extend the reach of your message to their friends. I would still love to use the social media but in limited information I guess because of the risk it involved. emails. Yet communicating everyday on Social Media requires short lightweight messages. For example: A message targeting Golf in the weekend can be posted on Thursday as a soft nudge or reminder and a message about an evening event can be posted in the late afternoon. It offers enormous potential for brands and organizations. Communicating every day increases the number of messages and relevance over the traditional media. 2. This is a huge benefit over the other media. In essence it’s a new way of reaching and communicating with your (potential) consumers. This makes it difficult to get your message across at the right time. By using Social Media a brand or organization can communicate every day making the messages more relevant for it’s followers or fans. Messages can also be timed to be delivered at a specific time of the day. a magazine. etc can be sent at intervals of 4 weeks or more. 1. Social Media is hot right now and rightly so.

With is they can communicate daily. A message can be targeted based on Age. http://goo. A message from a golf course about how inviting the course looks today may be liked by one of the golf course fans. Interests and brands they like. This offers a huge potential to effectively reach (potential) consumers with your message eliminating waste. etc. For Example: A Golf Course could target all men on Facebook between the age of 24 and 55 who live close to the Golf Course and have Golf as an interest. Brands and organizations can target specific groups with their . Family make up. One of the friends might react with a message asking his friends to play a round of golf. Education. This can be powerful because it increases the reach of your message.The added benefit is that the people who react to your messages share this with their friends and in essence start communicating and advertising for you. 3. extend the reach of their message through the people who interact with the message and target specific groups. This in turn might invite others to react and join the round of golf. Relationship status. Social Media offers huge potential to get your message across in an effective way and brands and organization need to start using this new communication tool. By liking this message it is passed on to the friends of the fan who liked the message. but can also use advertising to reach specific groups of (potential) customers. On other Social Media such as Twitter it is harder to target beyond keywords. Targeting specific groups By using Facebook. and your fans become advocates of your message. Location. For example. Added to that their friends may start reacting and thus increasing the power of your message exponentially.

To share photos or videos with others Because friends are already on them General networking with other people To meet new people To share details of our everyday life 36% of social media users are on them just because their friends were already there.We all use social media nowadays. most of us use them to stay in touch with others. Well. The question is no longer if we use it. What about you? To stay in touch with what friends are doing To stay up-to-date with news and current events To fill up spare time To find funny or entertaining content To share opinions 55% of people use social media to stay in touch with what friends are doing. but at least a huge amount of the population does. Twitter or any other social network? Apparently. So what is your main reason for being active on Facebook. And this is exactly what Global Web Index looked into. but why. It is very interesting how most of the top reasons are all linked to what we call “passive networking” – that means users who come to social media to consume content http://goo. but also to stay updated on what is going on in the world around us. . maybe not rather than actively contributing to the stories. Most of us use social networks to stay connected with others.

But is privacy really the issue? As Jeff Jarvis rightly points out. encouraging you to only share with your “real friends. our recommendations and our memorable moments with friends. We let others share in our passions and see the details of our daily lives. where the user is forced to choose between sharing everything or limiting their sharing to a personally selected group who apply for the privilege. not hiding. and Yelp. As the opportunities to share information have become more ubiquitous. there has been an increasingly hyped-up debate and concern around the topic of privacy. Has the notion of a ‘friend’ become too diluted by the many different definitions of ‘contact’ across social media networks? Path is trying to redefine this by limiting the number of friends you can add to 50. We have become the lifeblood of information for our friends and followers.Do you consider privacy exist in social networks? We are the connected generation. we want to be able to fine-tune our audience.” But then the question is whether this really solves the issue? Do we only want to share with our . the reason for using social services is for sharing. Twitter. Nonetheless. Thanks to our ever-present mobile devices we are always ‘on’ and connected. This challenges services like Facebook where you determine sharing settings in advance of your broadcast. and they have taken on the role of gatekeepers as we filter and pump information from network to network. We broadcast these moments out to the rest of the world. This allows us to capture a record of all the great things we do. through the medium of popular social networks like Facebook. Twitter and Instagram are prime examples of this. colleagues and the world at large. the fact is that although many of us want to share. and share our experiences.

And this platform needs to integrate all the social networks. their social media content can become spread across multiple services. allowing users to give third parties access to their content.close social circle. and it is a highly relevant and important issue that needs to be addressed. this would have allowed them greater control and continuity of how their content was shared beyond the confines of Facebook’s network. so there is significant ambiguity around how these settings translate when transferring content among services. We need a platform where you can manage and arrange all your connections into one simple structure. Now you can only view and add friends who are already signed up to that service. The continuation of Facebook Connect in its original form would have made Facebook the major organ of social media sharing. pumping content between networks and controlling the flow to new arteries of social circulation. Facebook Connect was a good first attempt at this. As social networks open up their APIs. Each social network has implemented their own interpretation as it applies to types of content shared on their platform. . allowing you to easily define the privacy layers for how. Every network defines their privacy and sharing settings differently. For users. but sadly they quickly closed down their API that allowed you to invite your Facebook Friends to join third-party services. If you try to inherit privacy settings from multiple services the level of complexity that results is enormously challenging both from a development and a user perspective. or do we (as I would argue) have things we want to share with other groups of contacts we would not classify as “friends”? The problem is that there is currently no universal standard for privacy settings. No one has solved this problem yet. you share your content online. and with whom.

but consistency and standards that are recognized across social networks. . Regulators. https://goo. Slowly privacy becomes harder to manage. there will continue to be great concern around the conflicting definitions of individual privacy. it delivers many advantages as well as disadvantages for personal and professional communication. What we need is not greater personal protection through legal limitations. The bottom line is that social media privacy does not exist – it is an oxymoron. This past week the Google+ platform was How safe is the information you share on social media? How well do you know the people in your social networks? Or do you know them at all? ANNA CAIRO exposes some stark truths about social media privacy and suggests how you can responsibly manage the risks as you engage online in social media. Their organizational model for privacy takes what Facebook has developed one step further by allowing the user to easily visualize their different spheres of contacts. ushering in a promising new chapter in the movement towards a universal standard of privacy. and determine which group they want to share updates with as the final step in broadcasting content. Google+’s ‘circles’ interface allows users to easily organize their network of contacts into spheres of association. As social media continues to grow. Wouldn’t it be great if I could link that structure to all of my other social networks? Let’s hope that Google+ hurdles past the point where Facebook Connect retreated from and becomes the new heart of social network sharing. are already discussing how to create barriers to protect the individual and simultaneously stifle social sharing. the privacy debate intensifies. in their efforts to protect internet users.Until we create a unified theory of sharing across social networks. Equally as more people utilise social media.

this means that social media is not private. Networks encourage this sharing of information and in most cases people willingly give it up without thinking. Regardless of what social media organisations say about privacy settings. Social networks are here to stay so not engaging with them is not a practical solution for most people. presume they do. The only way to have privacy on social media is not to use it at all. Each time a user relinquishes information. Your information is still mined and the data sold to advertising and marketing companies.The purpose of social media is to connect. their privacy is further diminished. What you do in your personal life is now public. . Further hackers are always trying to infiltrate networks and breaches occur time and again. So what can you do about it? A common sense approach is needed and education around understanding social media is important. At its core. these remain weak. Regardless of what networks say in that they don’t share content with third parties. stalking and bullying which are only a few of the concerns. and people’s lives become blurred. family and colleagues. identity theft. Why? Because most people choose to share what they do on social media where everyone can see it. A few key things to remember are: Users need to be aware of what personal information they share. Once you choose to engage with social media. This is a user driven collapse as more users put their lives online. the aim is to manage your risks. engage and share information with friends. among other things. remembering that privacy is tied to a number of core issues including misuse of your information. what you do in your professional life is now public.

Think about what you post before you post How is privacy be protected in social network or is there really a privacy in using social network? Justify your answers Social networking sites like Facebook and Twitter have exploded in popularity. Is this content something you will be comfortable with seeing in ten years’ time? Don’t add people if you don’t know them personally or if they aren’t friends of friends you have heard of. . too. what you post stays online forever regardless of whether you delete it or close your account. People love sharing their personal news and views about what’s going on in their lives. As individuals readily give up personal information. who else is viewing what you post? Spam bots. Remember. Therefore. vindictive acquaintances. it is to be vigilant with what you post! http://goo. social media is shifting the boundaries in the privacy debate. But stop and think for a moment. it is not a matter of not sharing. If people are concerned about their information. Outside of your trusted circle of friends and relatives. This information—some of which is very personal—is going up on the Internet. A culture of self-responsibility and education is the most proactive approach around social media particularly where teenagers are concerned who lack maturity and understanding of the consequences of disclosing information. the only safe way to keep it private is to not put it online. Content on platforms can be easily searched and can become accessible to any number of people who were not originally intended to see it. and even criminals may take an interest.

you ask? . you may be revealing too much in what appears to be a harmless photo. so the information is redundant. This same advice also applies to posting your children or grandchildren’s full names.Even if you don’t explicitly reveal a child’s name. Everyone in your trusted circle should know the children’s names anyway. Avoid being one of them. Make sure your permission choices are right for you. What’s wrong with this. including photos and names**.Consumer Reports reveals that 26% of social media users post sensitive information about their children. we’re here to present some helpful hints to keep your social networking a safer. And speaking of photos… Think twice about posting revealing photos . so why would you give away your privacy rights on social networking sites? Pay particular attention to what you are agreeing to share when you sign up or log into your account. Avoid posting such private details. Some of it may exceed your personal comfort limit.According to a 2009 report by Legal & General. over one-third of social media site users have posted when they’re going to be away from their home*. she’s standing in front of her school’s homecoming game. In the photo. a UK financial services group. Keep your full name and address to yourself . In a 2010 article. information is the new currency. Many sites push you to agree to terms that are best for them—not you.In the 21st century. You wouldn’t just hand out your banking account information. If this sounds like an open invitation for criminals. Consider this scenario: You want to post a digital photo of your 15-year-old granddaughter in her new cheerleader uniform. you’re right. Take a moment to wade through any legalese.With these caveats in mind. more rewarding experience: Read the social media site’s fine print .

a stranger wouldn’t have too much trouble tracking down her location and identity. it’s like water: It finds a way to run its course toward freedom. there’s a negative and positive effect of that to people and the society. just share your photos privately with a trusted few. Many employers now scan social media sites. or your family room full of gifts around the holidays? Advertising their whereabouts may needlessly paint a target on your house for criminals. Once information is out there. If you’re posting views they wouldn’t appreciate—like talking about how much you hate your boss—then you might want to step away from the keyboard. We know this statement may send a cold shiver down your back. either on uniforms or in the background. . Consider blurring or cropping such revealing details. maybe that isn’t the best photo to share. If not. Clever as it is but social networking can really help in doing things faster and better but sometimes. social networking is good and sometimes it’s bad. http://goo. And what about that picture of your new expensive flat screen TV.If the photo contains the school’s name. Finally. Social media sites can be a great way to stay connected to old friends and help you make new ones. it hold the most breakable moment because of the privacy and misconceptions in the area. Just keep your privacy shades drawn to the appropriate level. Don’t let what you share today come back to haunt you Sometimes. recognize that maintaining your privacy online isn’t easy There are people out there who want—and will do just about anything—to get your private information. Just like any other things in the world. The fact that we are living in the world of technology and all. if you know how. it’s really quite be careful in everything we post and publish. but the only way to keep information completely private is to lock it away—whether it’s stored securely or just kept in your head. When in doubt.