SlideShare ist ein Scribd-Unternehmen logo

Security Aspects of Social Networks at Campus Party 2010

Anchises Moraes
Anchises Moraes

Presentation that discuss the general security aspects and threats to social networking users. A brief overview of Social Network history amd statistics is also provided. This presentation took place at Campus Party Brasil, on January 2010.

Technologie
1 von 22
Downloaden Sie, um offline zu lesen
Security Aspects of Social Networks Anchises M. G. De Paula Security Intelligence Analyst iDefense, VeriSign February 25, 2010
Agenda Motivation History Future of Social Networking Current Problems Security aspects of Social Networking Source: XKCD - http://xkcd.com
Why Social Networks? Country Population (in millions) Global and cultural phenomenon 1600 1400 1200 Facebook: 400 million 1000 800 users 600 400 3th largest “country” in 200 0 the world A il a a ok sia az in di US bo In Ch ne Br ce do Fa In New attack vector for Source: Facebook, CIA phishers, fraudsters and sexual predators
Why Social Networks? New organization: “egocentric” approach Digital Identities Profiles Fakesters Source: Google
Why Security? “It’s the great irony of the Information Age that the very technologies that empower us to create and to build also empower those who would disrupt and destroy” (Barack Obama) Source: Whitehouse
History
Demographics Dominant social network vary greatly between different geographic regions Majority of the online connections between real-life friends Source: oxyweb
Future of Social Networking Virtual Currency Mobile Social Networking Sensor Networks Social TV Source: Wired
Current Problems Decentralization and Interoperability Managing Social Identities Trust and Reputation Management
Current Problems Privacy Personal data Pictures Professional information
Current Problems Privacy Personal data Pictures Professional information Content Overload
Current Problems Offense, Hate and Discrimination Child Safety and Sexual Crimes Defamation Stalking Cyber bullying Sexting
Security aspects of Social Networking Current Security Threats Identity/Password Theft Fake profiles Targeted attacks
Security aspects of Social Networking Current Security Threats Malicious Code, Viruses and Worms Spam, Phishing and Financial Fraud Malicious Programs Targeting Social Networking Sites
Security aspects of Social Networking Current Security Threats URL Shortening Hide malicious sites Source: tweetmeme
Security aspects of Social Networking Social Networks under Attack Exploit of Social Network Gadgets Security vulnerabilities Cross-site scripting (XSS) SQL injection DDoS Worms Koobface
Security aspects of Social Networking Malicious Actors Individuals Spammers and phishers Fraudsters and cyber criminals Hacktivists and terrorist groups Sexual predators
Security aspects of Social Networking Malicious Actors Terrorism Using Social Networks and Online Communities
Security aspects of Social Networking Malicious Actors Hacking communities Recruitment Information exchange Marketplace Hacker for hire
References Data Privacy Day: http://dataprivacyday2010.org Social Media Security: http://socialmediasecurity.com http://twitter.com/SocialMediaSec SocialNetworkingWatch: http://www.socialnetworkingwatch.com Security and Privacy in Social Networks Bibliography: http://www.cl.cam.ac.uk/~jcb82/sns_bib/main.html iDefense: www.idefense.com
Thank you :) Anchises M. G. De Paula http://anchisesbr.blogspot.com Twitter: @anchisesbr
Non-commercial Share Alike (by-nc-sa) This work is licensed under the Creative Commons Attribution-NonCommercial-ShareAlike 2.5 License. To view a copy of this license, visit http://creativecommons.org/licenses/by-nc-sa/2.5/ or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA

Empfohlen

Pr 2 presentation
Pr 2 presentationPr 2 presentation
Pr 2 presentationJustin Davies
 
Social networks security
Social networks securitySocial networks security
Social networks securityRoman Osidach
 
A Batch-authenticated And Key Agreement Framework For P2p-based Online Social...
A Batch-authenticated And Key Agreement Framework For P2p-based Online Social...A Batch-authenticated And Key Agreement Framework For P2p-based Online Social...
A Batch-authenticated And Key Agreement Framework For P2p-based Online Social...Sahithi Naraparaju
 
Social networks and security
Social networks and securitySocial networks and security
Social networks and securityARICT
 
Interop 2011 las vegas - session se31 - rothke
Interop 2011 las vegas - session se31 - rothkeInterop 2011 las vegas - session se31 - rothke
Interop 2011 las vegas - session se31 - rothkeBen Rothke
 
LibreSocial - P2P Framework for Social Networks - Overview
LibreSocial - P2P Framework for Social Networks - OverviewLibreSocial - P2P Framework for Social Networks - Overview
LibreSocial - P2P Framework for Social Networks - OverviewKalman Graffi
 
Security and Trust in social media networks
Security and Trust in social media networksSecurity and Trust in social media networks
Security and Trust in social media networksTouradj Ebrahimi
 
Social networks security risks
Social networks security risksSocial networks security risks
Social networks security risksosuhaibany
 

Empfohlen

Pr 2 presentation
Pr 2 presentationPr 2 presentation
Pr 2 presentationJustin Davies
 
Social networks security
Social networks securitySocial networks security
Social networks securityRoman Osidach
 
A Batch-authenticated And Key Agreement Framework For P2p-based Online Social...
A Batch-authenticated And Key Agreement Framework For P2p-based Online Social...A Batch-authenticated And Key Agreement Framework For P2p-based Online Social...
A Batch-authenticated And Key Agreement Framework For P2p-based Online Social...Sahithi Naraparaju
 
Social networks and security
Social networks and securitySocial networks and security
Social networks and securityARICT
 
Interop 2011 las vegas - session se31 - rothke
Interop 2011 las vegas - session se31 - rothkeInterop 2011 las vegas - session se31 - rothke
Interop 2011 las vegas - session se31 - rothkeBen Rothke
 
LibreSocial - P2P Framework for Social Networks - Overview
LibreSocial - P2P Framework for Social Networks - OverviewLibreSocial - P2P Framework for Social Networks - Overview
LibreSocial - P2P Framework for Social Networks - OverviewKalman Graffi
 
Security and Trust in social media networks
Security and Trust in social media networksSecurity and Trust in social media networks
Security and Trust in social media networksTouradj Ebrahimi
 
Social networks security risks
Social networks security risksSocial networks security risks
Social networks security risksosuhaibany
 
Security threats in social networks
Security threats in social networksSecurity threats in social networks
Security threats in social networksTannistho Ghosh
 
Security on social networks AVAST
Security on social networks AVASTSecurity on social networks AVAST
Security on social networks AVASTJulia Szymańska
 
Utilizing Social Networks for User Model Priming: User Attitudes
Utilizing Social Networks for User Model Priming: User AttitudesUtilizing Social Networks for User Model Priming: User Attitudes
Utilizing Social Networks for User Model Priming: User AttitudesAdam Moore
 
Multiparty Access Control For Online Social Networks : Model and Mechanisms.
Multiparty Access Control For Online Social Networks : Model and Mechanisms.Multiparty Access Control For Online Social Networks : Model and Mechanisms.
Multiparty Access Control For Online Social Networks : Model and Mechanisms.Kiran K.V.S.
 
Twitter in Disaster Mode: Security Architecture
Twitter in Disaster Mode: Security ArchitectureTwitter in Disaster Mode: Security Architecture
Twitter in Disaster Mode: Security ArchitectureTheus Hossmann
 
QQ Overview
QQ OverviewQQ Overview
QQ OverviewTien Huynh
 
DETECTION AND RECTIFICATION OF DISTORTED FINGERPRINTS
DETECTION AND RECTIFICATION OF DISTORTED FINGERPRINTS DETECTION AND RECTIFICATION OF DISTORTED FINGERPRINTS
DETECTION AND RECTIFICATION OF DISTORTED FINGERPRINTSNexgen Technology
 
Twitter Search Architecture
Twitter Search Architecture Twitter Search Architecture
Twitter Search Architecture Ramez Al-Fayez
 
Facebook architecture
Facebook architectureFacebook architecture
Facebook architecturemysqlops
 
Technology stack of social networks [MTS]
Technology stack of social networks [MTS]Technology stack of social networks [MTS]
Technology stack of social networks [MTS]philmaweb
 
Mobile application architecture
Mobile application architectureMobile application architecture
Mobile application architectureChristos Matskas
 
2 Security Architecture+Design
2 Security Architecture+Design2 Security Architecture+Design
2 Security Architecture+DesignAlfred Ouyang
 
TOGAF 9 - Security Architecture Ver1 0
TOGAF 9 - Security Architecture Ver1 0TOGAF 9 - Security Architecture Ver1 0
TOGAF 9 - Security Architecture Ver1 0Maganathin Veeraragaloo
 
Building Secure Open & Distributed Social Networks
Building Secure Open & Distributed Social NetworksBuilding Secure Open & Distributed Social Networks
Building Secure Open & Distributed Social NetworksHenry Story
 
Risk-driven and Business-outcome-focused Enterprise Security Architecture Fra...
Risk-driven and Business-outcome-focused Enterprise Security Architecture Fra...Risk-driven and Business-outcome-focused Enterprise Security Architecture Fra...
Risk-driven and Business-outcome-focused Enterprise Security Architecture Fra...Craig Martin
 
Scaling Twitter
Scaling TwitterScaling Twitter
Scaling TwitterBlaine
 
Facebook Architecture - Breaking it Open
Facebook Architecture - Breaking it OpenFacebook Architecture - Breaking it Open
Facebook Architecture - Breaking it OpenHARMAN Services
 
Enterprise Security Architecture
Enterprise Security ArchitectureEnterprise Security Architecture
Enterprise Security ArchitectureKris Kimmerle
 
Post pandemics threat scenario
Post pandemics threat scenarioPost pandemics threat scenario
Post pandemics threat scenarioAnchises Moraes
 
Como se proteger na internet
Como se proteger na internetComo se proteger na internet
Como se proteger na internetAnchises Moraes
 
Fatos, mitos e palpites do cenário de segurança pós-pandemia
Fatos, mitos e palpites do cenário de segurança pós-pandemiaFatos, mitos e palpites do cenário de segurança pós-pandemia
Fatos, mitos e palpites do cenário de segurança pós-pandemiaAnchises Moraes
 
A Case Study of the Capital One Data Breach
A Case Study of the Capital One Data BreachA Case Study of the Capital One Data Breach
A Case Study of the Capital One Data BreachAnchises Moraes
 

Weitere ähnliche Inhalte

Andere mochten auch

Security threats in social networks
Security threats in social networksSecurity threats in social networks
Security threats in social networksTannistho Ghosh
 
Security on social networks AVAST
Security on social networks AVASTSecurity on social networks AVAST
Security on social networks AVASTJulia Szymańska
 
Utilizing Social Networks for User Model Priming: User Attitudes
Utilizing Social Networks for User Model Priming: User AttitudesUtilizing Social Networks for User Model Priming: User Attitudes
Utilizing Social Networks for User Model Priming: User AttitudesAdam Moore
 
Multiparty Access Control For Online Social Networks : Model and Mechanisms.
Multiparty Access Control For Online Social Networks : Model and Mechanisms.Multiparty Access Control For Online Social Networks : Model and Mechanisms.
Multiparty Access Control For Online Social Networks : Model and Mechanisms.Kiran K.V.S.
 
Twitter in Disaster Mode: Security Architecture
Twitter in Disaster Mode: Security ArchitectureTwitter in Disaster Mode: Security Architecture
Twitter in Disaster Mode: Security ArchitectureTheus Hossmann
 
DETECTION AND RECTIFICATION OF DISTORTED FINGERPRINTS
DETECTION AND RECTIFICATION OF DISTORTED FINGERPRINTS DETECTION AND RECTIFICATION OF DISTORTED FINGERPRINTS
DETECTION AND RECTIFICATION OF DISTORTED FINGERPRINTSNexgen Technology
 
Twitter Search Architecture
Twitter Search Architecture Twitter Search Architecture
Twitter Search Architecture Ramez Al-Fayez
 
Facebook architecture
Facebook architectureFacebook architecture
Facebook architecturemysqlops
 
Technology stack of social networks [MTS]
Technology stack of social networks [MTS]Technology stack of social networks [MTS]
Technology stack of social networks [MTS]philmaweb
 
Mobile application architecture
Mobile application architectureMobile application architecture
Mobile application architectureChristos Matskas
 
2 Security Architecture+Design
2 Security Architecture+Design2 Security Architecture+Design
2 Security Architecture+DesignAlfred Ouyang
 
Building Secure Open & Distributed Social Networks
Building Secure Open & Distributed Social NetworksBuilding Secure Open & Distributed Social Networks
Building Secure Open & Distributed Social NetworksHenry Story
 
Risk-driven and Business-outcome-focused Enterprise Security Architecture Fra...
Risk-driven and Business-outcome-focused Enterprise Security Architecture Fra...Risk-driven and Business-outcome-focused Enterprise Security Architecture Fra...
Risk-driven and Business-outcome-focused Enterprise Security Architecture Fra...Craig Martin
 
Scaling Twitter
Scaling TwitterScaling Twitter
Scaling TwitterBlaine
 
Facebook Architecture - Breaking it Open
Facebook Architecture - Breaking it OpenFacebook Architecture - Breaking it Open
Facebook Architecture - Breaking it OpenHARMAN Services
 
Enterprise Security Architecture
Enterprise Security ArchitectureEnterprise Security Architecture
Enterprise Security ArchitectureKris Kimmerle
 

Andere mochten auch (18)

Security threats in social networks
Security threats in social networksSecurity threats in social networks
Security threats in social networks
 
Security on social networks AVAST
Security on social networks AVASTSecurity on social networks AVAST
Security on social networks AVAST
 
Utilizing Social Networks for User Model Priming: User Attitudes
Utilizing Social Networks for User Model Priming: User AttitudesUtilizing Social Networks for User Model Priming: User Attitudes
Utilizing Social Networks for User Model Priming: User Attitudes
 
Multiparty Access Control For Online Social Networks : Model and Mechanisms.
Multiparty Access Control For Online Social Networks : Model and Mechanisms.Multiparty Access Control For Online Social Networks : Model and Mechanisms.
Multiparty Access Control For Online Social Networks : Model and Mechanisms.
 
Twitter in Disaster Mode: Security Architecture
Twitter in Disaster Mode: Security ArchitectureTwitter in Disaster Mode: Security Architecture
Twitter in Disaster Mode: Security Architecture
 
QQ Overview
QQ OverviewQQ Overview
QQ Overview
 
DETECTION AND RECTIFICATION OF DISTORTED FINGERPRINTS
DETECTION AND RECTIFICATION OF DISTORTED FINGERPRINTS DETECTION AND RECTIFICATION OF DISTORTED FINGERPRINTS
DETECTION AND RECTIFICATION OF DISTORTED FINGERPRINTS
 
Twitter Search Architecture
Twitter Search Architecture Twitter Search Architecture
Twitter Search Architecture
 
Facebook architecture
Facebook architectureFacebook architecture
Facebook architecture
 
Technology stack of social networks [MTS]
Technology stack of social networks [MTS]Technology stack of social networks [MTS]
Technology stack of social networks [MTS]
 
Mobile application architecture
Mobile application architectureMobile application architecture
Mobile application architecture
 
2 Security Architecture+Design
2 Security Architecture+Design2 Security Architecture+Design
2 Security Architecture+Design
 
TOGAF 9 - Security Architecture Ver1 0
TOGAF 9 - Security Architecture Ver1 0TOGAF 9 - Security Architecture Ver1 0
TOGAF 9 - Security Architecture Ver1 0
 
Building Secure Open & Distributed Social Networks
Building Secure Open & Distributed Social NetworksBuilding Secure Open & Distributed Social Networks
Building Secure Open & Distributed Social Networks
 
Risk-driven and Business-outcome-focused Enterprise Security Architecture Fra...
Risk-driven and Business-outcome-focused Enterprise Security Architecture Fra...Risk-driven and Business-outcome-focused Enterprise Security Architecture Fra...
Risk-driven and Business-outcome-focused Enterprise Security Architecture Fra...
 
Scaling Twitter
Scaling TwitterScaling Twitter
Scaling Twitter
 
Facebook Architecture - Breaking it Open
Facebook Architecture - Breaking it OpenFacebook Architecture - Breaking it Open
Facebook Architecture - Breaking it Open
 
Enterprise Security Architecture
Enterprise Security ArchitectureEnterprise Security Architecture
Enterprise Security Architecture
 

Mehr von Anchises Moraes

Post pandemics threat scenario
Post pandemics threat scenarioPost pandemics threat scenario
Post pandemics threat scenarioAnchises Moraes
 
Como se proteger na internet
Como se proteger na internetComo se proteger na internet
Como se proteger na internetAnchises Moraes
 
Fatos, mitos e palpites do cenário de segurança pós-pandemia
Fatos, mitos e palpites do cenário de segurança pós-pandemiaFatos, mitos e palpites do cenário de segurança pós-pandemia
Fatos, mitos e palpites do cenário de segurança pós-pandemiaAnchises Moraes
 
A Case Study of the Capital One Data Breach
A Case Study of the Capital One Data BreachA Case Study of the Capital One Data Breach
A Case Study of the Capital One Data BreachAnchises Moraes
 
Praticas de gestão de segurança
Praticas de gestão de segurançaPraticas de gestão de segurança
Praticas de gestão de segurançaAnchises Moraes
 
Ciber crime e desafios de segurança durante uma pandemia e home office
Ciber crime e desafios de segurança durante uma pandemia e home officeCiber crime e desafios de segurança durante uma pandemia e home office
Ciber crime e desafios de segurança durante uma pandemia e home officeAnchises Moraes
 
Cyber Cultura em tempos de Coronavírus
Cyber Cultura em tempos de CoronavírusCyber Cultura em tempos de Coronavírus
Cyber Cultura em tempos de CoronavírusAnchises Moraes
 
Hunting bugs - C0r0n4con
Hunting bugs - C0r0n4conHunting bugs - C0r0n4con
Hunting bugs - C0r0n4conAnchises Moraes
 
Fintechs e os desafios de segurança
Fintechs e os desafios de segurançaFintechs e os desafios de segurança
Fintechs e os desafios de segurançaAnchises Moraes
 
5 passos para a Lei Geral de Proteção de Dados (LGPD) - CryptoRave 2019
5 passos para a Lei Geral de Proteção de Dados (LGPD) - CryptoRave 20195 passos para a Lei Geral de Proteção de Dados (LGPD) - CryptoRave 2019
5 passos para a Lei Geral de Proteção de Dados (LGPD) - CryptoRave 2019Anchises Moraes
 
Segurança além do Pentest
Segurança além do PentestSegurança além do Pentest
Segurança além do PentestAnchises Moraes
 
Só o Pentest não resolve!
Só o Pentest não resolve!Só o Pentest não resolve!
Só o Pentest não resolve!Anchises Moraes
 
Carreira em Segurança da Informação
Carreira em Segurança da InformaçãoCarreira em Segurança da Informação
Carreira em Segurança da InformaçãoAnchises Moraes
 
Carta de oposição ao Sindpd 2018
Carta de oposição ao Sindpd 2018Carta de oposição ao Sindpd 2018
Carta de oposição ao Sindpd 2018Anchises Moraes
 
Como se tornar um Jedi na área de Segurança
Como se tornar um Jedi na área de SegurançaComo se tornar um Jedi na área de Segurança
Como se tornar um Jedi na área de SegurançaAnchises Moraes
 
É possível existir segurança para IoT?
É possível existir segurança para IoT?É possível existir segurança para IoT?
É possível existir segurança para IoT?Anchises Moraes
 

Mehr von Anchises Moraes (20)

Post pandemics threat scenario
Post pandemics threat scenarioPost pandemics threat scenario
Post pandemics threat scenario
 
Como se proteger na internet
Como se proteger na internetComo se proteger na internet
Como se proteger na internet
 
Fatos, mitos e palpites do cenário de segurança pós-pandemia
Fatos, mitos e palpites do cenário de segurança pós-pandemiaFatos, mitos e palpites do cenário de segurança pós-pandemia
Fatos, mitos e palpites do cenário de segurança pós-pandemia
 
A Case Study of the Capital One Data Breach
A Case Study of the Capital One Data BreachA Case Study of the Capital One Data Breach
A Case Study of the Capital One Data Breach
 
Vamos caçar bugs!?
Vamos caçar bugs!?Vamos caçar bugs!?
Vamos caçar bugs!?
 
Praticas de gestão de segurança
Praticas de gestão de segurançaPraticas de gestão de segurança
Praticas de gestão de segurança
 
Ciber crime e desafios de segurança durante uma pandemia e home office
Ciber crime e desafios de segurança durante uma pandemia e home officeCiber crime e desafios de segurança durante uma pandemia e home office
Ciber crime e desafios de segurança durante uma pandemia e home office
 
Cyber Cultura em tempos de Coronavírus
Cyber Cultura em tempos de CoronavírusCyber Cultura em tempos de Coronavírus
Cyber Cultura em tempos de Coronavírus
 
Hunting bugs - C0r0n4con
Hunting bugs - C0r0n4conHunting bugs - C0r0n4con
Hunting bugs - C0r0n4con
 
Fintechs e os desafios de segurança
Fintechs e os desafios de segurançaFintechs e os desafios de segurança
Fintechs e os desafios de segurança
 
5 passos para a Lei Geral de Proteção de Dados (LGPD) - CryptoRave 2019
5 passos para a Lei Geral de Proteção de Dados (LGPD) - CryptoRave 20195 passos para a Lei Geral de Proteção de Dados (LGPD) - CryptoRave 2019
5 passos para a Lei Geral de Proteção de Dados (LGPD) - CryptoRave 2019
 
Segurança além do Pentest
Segurança além do PentestSegurança além do Pentest
Segurança além do Pentest
 
Só o Pentest não resolve!
Só o Pentest não resolve!Só o Pentest não resolve!
Só o Pentest não resolve!
 
Carreira em Segurança da Informação
Carreira em Segurança da InformaçãoCarreira em Segurança da Informação
Carreira em Segurança da Informação
 
IoT Fofoqueiro
IoT FofoqueiroIoT Fofoqueiro
IoT Fofoqueiro
 
Carta de oposição ao Sindpd 2018
Carta de oposição ao Sindpd 2018Carta de oposição ao Sindpd 2018
Carta de oposição ao Sindpd 2018
 
Segurança na Internet
Segurança na InternetSegurança na Internet
Segurança na Internet
 
Como se tornar um Jedi na área de Segurança
Como se tornar um Jedi na área de SegurançaComo se tornar um Jedi na área de Segurança
Como se tornar um Jedi na área de Segurança
 
Deep Web e Ciber Crime
Deep Web e Ciber CrimeDeep Web e Ciber Crime
Deep Web e Ciber Crime
 
É possível existir segurança para IoT?
É possível existir segurança para IoT?É possível existir segurança para IoT?
É possível existir segurança para IoT?
 

Kürzlich hochgeladen

How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DaySri Ambati
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 

Kürzlich hochgeladen (20)

How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 

Security Aspects of Social Networks at Campus Party 2010

  • 1. Security Aspects of Social Networks Anchises M. G. De Paula Security Intelligence Analyst iDefense, VeriSign February 25, 2010
  • 2. Agenda Motivation History Future of Social Networking Current Problems Security aspects of Social Networking Source: XKCD - http://xkcd.com
  • 3. Why Social Networks? Country Population (in millions) Global and cultural phenomenon 1600 1400 1200 Facebook: 400 million 1000 800 users 600 400 3th largest “country” in 200 0 the world A il a a ok sia az in di US bo In Ch ne Br ce do Fa In New attack vector for Source: Facebook, CIA phishers, fraudsters and sexual predators
  • 4. Why Social Networks? New organization: “egocentric” approach Digital Identities Profiles Fakesters Source: Google
  • 5. Why Security? “It’s the great irony of the Information Age that the very technologies that empower us to create and to build also empower those who would disrupt and destroy” (Barack Obama) Source: Whitehouse
  • 7. Demographics Dominant social network vary greatly between different geographic regions Majority of the online connections between real-life friends Source: oxyweb
  • 8. Future of Social Networking Virtual Currency Mobile Social Networking Sensor Networks Social TV Source: Wired
  • 9. Current Problems Decentralization and Interoperability Managing Social Identities Trust and Reputation Management
  • 10. Current Problems Privacy Personal data Pictures Professional information
  • 11. Current Problems Privacy Personal data Pictures Professional information Content Overload
  • 12. Current Problems Offense, Hate and Discrimination Child Safety and Sexual Crimes Defamation Stalking Cyber bullying Sexting
  • 13. Security aspects of Social Networking Current Security Threats Identity/Password Theft Fake profiles Targeted attacks
  • 14. Security aspects of Social Networking Current Security Threats Malicious Code, Viruses and Worms Spam, Phishing and Financial Fraud Malicious Programs Targeting Social Networking Sites
  • 15. Security aspects of Social Networking Current Security Threats URL Shortening Hide malicious sites Source: tweetmeme
  • 16. Security aspects of Social Networking Social Networks under Attack Exploit of Social Network Gadgets Security vulnerabilities Cross-site scripting (XSS) SQL injection DDoS Worms Koobface
  • 17. Security aspects of Social Networking Malicious Actors Individuals Spammers and phishers Fraudsters and cyber criminals Hacktivists and terrorist groups Sexual predators
  • 18. Security aspects of Social Networking Malicious Actors Terrorism Using Social Networks and Online Communities
  • 19. Security aspects of Social Networking Malicious Actors Hacking communities Recruitment Information exchange Marketplace Hacker for hire
  • 20. References Data Privacy Day: http://dataprivacyday2010.org Social Media Security: http://socialmediasecurity.com http://twitter.com/SocialMediaSec SocialNetworkingWatch: http://www.socialnetworkingwatch.com Security and Privacy in Social Networks Bibliography: http://www.cl.cam.ac.uk/~jcb82/sns_bib/main.html iDefense: www.idefense.com
  • 21. Thank you :) Anchises M. G. De Paula http://anchisesbr.blogspot.com Twitter: @anchisesbr
  • 22. Non-commercial Share Alike (by-nc-sa) This work is licensed under the Creative Commons Attribution-NonCommercial-ShareAlike 2.5 License. To view a copy of this license, visit http://creativecommons.org/licenses/by-nc-sa/2.5/ or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA