Presentation that discuss the general security aspects and threats to social networking users. A brief overview of Social Network history amd statistics is also provided. This presentation took place at Campus Party Brasil, on January 2010.
DevEX - reference for building teams, processes, and platforms
Security Aspects of Social Networks at Campus Party 2010
1. Security Aspects
of Social Networks
Anchises M. G. De Paula
Security Intelligence Analyst
iDefense, VeriSign
February 25, 2010
2. Agenda
Motivation
History
Future of Social
Networking
Current Problems
Security aspects of
Social Networking
Source: XKCD - http://xkcd.com
3. Why Social Networks?
Country Population (in millions)
Global and cultural
phenomenon 1600
1400
1200
Facebook: 400 million 1000
800
users 600
400
3th largest “country” in 200
0
the world
A
il
a
a
ok
sia
az
in
di
US
bo
In
Ch
ne
Br
ce
do
Fa
In
New attack vector for Source: Facebook, CIA
phishers, fraudsters
and sexual predators
4. Why Social Networks?
New organization:
“egocentric” approach
Digital Identities
Profiles
Fakesters
Source: Google
5. Why Security?
“It’s the great irony of
the Information
Age that the very
technologies that
empower us to
create and to build
also empower
those who would
disrupt and
destroy”
(Barack Obama)
Source: Whitehouse
7. Demographics
Dominant social network vary greatly between different geographic
regions
Majority of the online connections between real-life friends
Source: oxyweb
8. Future of Social Networking
Virtual Currency
Mobile Social
Networking
Sensor Networks
Social TV Source: Wired
12. Current Problems
Offense, Hate and Discrimination
Child Safety and Sexual Crimes
Defamation
Stalking
Cyber bullying
Sexting
13. Security aspects of Social
Networking
Current Security Threats
Identity/Password Theft
Fake profiles
Targeted attacks
14. Security aspects of Social
Networking
Current Security Threats
Malicious Code, Viruses
and Worms
Spam, Phishing and
Financial Fraud
Malicious Programs Targeting Social Networking Sites
15. Security aspects of Social
Networking
Current Security Threats
URL Shortening
Hide malicious sites
Source: tweetmeme
16. Security aspects of Social
Networking
Social Networks
under Attack
Exploit of Social
Network Gadgets
Security vulnerabilities
Cross-site scripting
(XSS)
SQL injection
DDoS
Worms
Koobface
17. Security aspects of Social
Networking
Malicious Actors
Individuals
Spammers and
phishers
Fraudsters and cyber
criminals
Hacktivists and
terrorist groups
Sexual predators
18. Security aspects of Social
Networking
Malicious Actors
Terrorism Using Social
Networks and Online
Communities
19. Security aspects of Social
Networking
Malicious Actors
Hacking communities
Recruitment
Information exchange
Marketplace
Hacker for hire
20. References
Data Privacy Day:
http://dataprivacyday2010.org
Social Media Security:
http://socialmediasecurity.com
http://twitter.com/SocialMediaSec
SocialNetworkingWatch:
http://www.socialnetworkingwatch.com
Security and Privacy in Social Networks Bibliography:
http://www.cl.cam.ac.uk/~jcb82/sns_bib/main.html
iDefense: www.idefense.com
21. Thank you :)
Anchises M. G. De Paula
http://anchisesbr.blogspot.com
Twitter: @anchisesbr
22. Non-commercial Share Alike (by-nc-sa)
This work is licensed under the Creative Commons
Attribution-NonCommercial-ShareAlike 2.5 License.
To view a copy of this license, visit
http://creativecommons.org/licenses/by-nc-sa/2.5/ or send
a letter to Creative Commons, 543 Howard Street, 5th
Floor, San Francisco, California, 94105, USA