SlideShare ist ein Scribd-Unternehmen logo

Social Media Security

•Als PPTX, PDF herunterladen•
•
scstatelibrary
scstatelibrary

Presentation by Jim McDougal at the November 10th 2009 Social Media in State Government Idea Exchange - held at the SC State Library

Technologie
1 von 13
Introduction to Social Networking Massive adoption in the consumer market MySpace, Facebook, LinkedIn, Friendster SecondLife Ning , etc. Statistics on Facebook Over 64,000,000 users Over 250,000 new registrations per day Over 200,000 developers have submitted some sort of Facebook application using basic programming skills and there are over 15,000 official apps Users can add up to 20 friends per day Facebook apps can be considered as XHTML snippets that inherit all the properties of web applications
Ideal Exploitation Platform? Social networks have intrinsic properties that make them ideal to be exploited by an adversary: Difficult to police: very large and distributed user base Trust network: clusters of users sharing the same social interests developing trust with each other Platform openness for developing applications that are attractive the general users who will install them
Other Precedents? One of the ways to think about the broader risks of social networking against critical infrastructure is related to the problems of state-sponsored attackers “People’s War” concept a la Dragon Bytes – many home computers used as soldiers Similar problem seen with Gnutella used as a DDOS platform A rogue social network app could be used in the same manner or worse
Two Social Networking Sites91 Percent of Phishing Attacks In an analysis of cyber crime activity in the 2nd half of 2007, security vendor Symantec Corp. found that two social networking sites together were the target of 91 percent of U.S.-based phishing Web sites. Social networking sites also were the leading targets of phishing sites located in four other countries listed by Symantec in its phishing Top 10. Source: Symantec Corp. Hijacked social networking pages often are used to host malicious software or "malware" directly or to host links phishing or malware sites that are then advertised in messages sent to all of the contacts in the victim's social network.
Top Targeted Phishing Sites
Why Don’t We Just Ban It All Banning public social networking sites from corporate use may help with the distraction factor and with some of the other technical issues, but.. In many cases, there is just too much personal information posted on these sites Information such as the full names of parents, pets, schools and other “keys” that are used to unlock personal and professional accounts Embarrassing or inappropriate pictures that could be used in blackmail scenarios (think Cold War) Lifestyle information that may create personal or professional problems
Taking It to the Extreme If an adversary were able to develop an application as successful as FunWall, for example, a victim host would have to cope with about 23 Mbit/sec of unsolicited traffic and nearly 248GB a day of unwanted data Of course, this assumes a lot about bandwidth and the lack of proper network and security management… But, adversaries don’t need all that bandwidth.
Here's a look at the seven most lethal social networks hacks: 1) Impersonation and targeted personal attacks 2) Spam and bot infections 3) WeaponizedOpenSocial and other social networking applications 4) Crossover of personal to professional online presence 5) XSS, CSRF attacks 6) Identity theft 7) Corporate espionage Social Networking
Social Networking Because of its huge base -- last month Facebook said it had more than 300 million users -- the site is a frequent target for hackers and identity thieves 10-28-2009 Researchers at several security firms have uncovered a spam campaign targeting Facebook users. The e-mails, which pose as communications from Facebook about password resets, contain a nasty downloader that ultimately makes users part of a notorious botnet. 10-02-2009 Facebook Attackers May Have Cracked CAPTCHAResearchers at AVG Technologies may have uncovered a scheme by attackers to circumvent the CAPTCHA protections on Facebook to create fraudulent accounts. 02-09-2009 Rik Ferguson, senior security advisor for Trend Micro, said the social networking Web site based in Palo Alto, Calif., has been hit in the past week with four malicious applications and a new version of the Koobface virus that was first detected in December 2008, the BBC reported Monday
Avoiding Social Engineering and Phishing Attacks How do you avoid being a victim? Be suspicious of unsolicited phone calls, visits, or email messages from individuals asking about employees or other internal information. If an unknown individual claims to be from a legitimate organization, try to verify his or her identity directly with the company. Do not provide personal information or information about your organization, including its structure or networks, unless you are certain of a person's authority to have the information. Do not reveal personal or financial information in email, and do not respond to email solicitations for this information. This includes following links sent in email. Don't send sensitive information over the Internet before checking a website's security (see Protecting Your Privacy for more information). Pay attention to the URL of a website. Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (e.g., .com vs. .net). Social Networking
If you are unsure whether an email request is legitimate, try to verify it by contacting the company directly. Do not use contact information provided on a website connected to the request; instead, check previous statements for contact information. Information about known phishing attacks is also available online from groups such as the Anti-Phishing Working Group (http://www.antiphishing.org). Install and maintain anti-virus software, firewalls, and email filters to reduce some of this traffic (see Understanding Firewalls, Understanding Anti-Virus Software, and Reducing Spam for more information). Take advantage of any anti-phishing features offered by your email client and web browser. Social Networking
http://www.staysafeonline.org/blog/staying-safe-social-media-web-sites http://www.thetechherald.com/article.php/200938/4434 http://www.us-cert.gov/cas/tips/ST04-014.html http://www.justaskgemalto.com/us/focus/managing-your-digital-identity-social-media-sites http://edition.cnn.com/2009/TECH/07/16/twitter.hack/ Social Networking

Empfohlen

Invincea "The New Threat Vector"
Invincea "The New Threat Vector"Invincea "The New Threat Vector"
Invincea "The New Threat Vector"dogallama
 
Facebook
FacebookFacebook
FacebookSteph Cliche
 
100812 internet security2.0
100812 internet security2.0100812 internet security2.0
100812 internet security2.0dkp205
 
How Safe Is YOUR Social Network?
How Safe Is YOUR Social Network?How Safe Is YOUR Social Network?
How Safe Is YOUR Social Network?Blue Coat
 
Top Cyber Threats of 2009
Top Cyber Threats of 2009Top Cyber Threats of 2009
Top Cyber Threats of 2009Symantec
 
Symantec Report On Rogue Security Software
Symantec Report On Rogue Security SoftwareSymantec Report On Rogue Security Software
Symantec Report On Rogue Security SoftwareSymantec
 
Social Network Crime on Rise
Social Network Crime on RiseSocial Network Crime on Rise
Social Network Crime on RiseDominic Karunesudas
 
Attacking the Privacy of Social Network users (HITB 2011)
Attacking the Privacy of Social Network users (HITB 2011)Attacking the Privacy of Social Network users (HITB 2011)
Attacking the Privacy of Social Network users (HITB 2011)Marco Balduzzi
 

Empfohlen

Invincea "The New Threat Vector"
Invincea "The New Threat Vector"Invincea "The New Threat Vector"
Invincea "The New Threat Vector"dogallama
 
Facebook
FacebookFacebook
FacebookSteph Cliche
 
100812 internet security2.0
100812 internet security2.0100812 internet security2.0
100812 internet security2.0dkp205
 
How Safe Is YOUR Social Network?
How Safe Is YOUR Social Network?How Safe Is YOUR Social Network?
How Safe Is YOUR Social Network?Blue Coat
 
Top Cyber Threats of 2009
Top Cyber Threats of 2009Top Cyber Threats of 2009
Top Cyber Threats of 2009Symantec
 
Symantec Report On Rogue Security Software
Symantec Report On Rogue Security SoftwareSymantec Report On Rogue Security Software
Symantec Report On Rogue Security SoftwareSymantec
 
Social Network Crime on Rise
Social Network Crime on RiseSocial Network Crime on Rise
Social Network Crime on RiseDominic Karunesudas
 
Attacking the Privacy of Social Network users (HITB 2011)
Attacking the Privacy of Social Network users (HITB 2011)Attacking the Privacy of Social Network users (HITB 2011)
Attacking the Privacy of Social Network users (HITB 2011)Marco Balduzzi
 
Group 2 privacy and me in a web 2.0 world final
Group 2 privacy and me in a web 2.0 world finalGroup 2 privacy and me in a web 2.0 world final
Group 2 privacy and me in a web 2.0 world finalshanikosh
 
Spear Phishing 101
Spear Phishing 101Spear Phishing 101
Spear Phishing 101Sendio
 
Facebook danger
Facebook dangerFacebook danger
Facebook dangerrihabswilah
 
Social Networking Security Issues
Social Networking Security IssuesSocial Networking Security Issues
Social Networking Security IssuesMangesh Gunjal
 
Spear Phishing
Spear PhishingSpear Phishing
Spear Phishing- Mark - Fullbright
 
Security At Home
Security At HomeSecurity At Home
Security At HomeAngela Samuels
 
Spear phishing attacks-by-hari_krishna
Spear phishing attacks-by-hari_krishnaSpear phishing attacks-by-hari_krishna
Spear phishing attacks-by-hari_krishnaRaghunath G
 
Building on Social Application Platforms
Building on Social Application PlatformsBuilding on Social Application Platforms
Building on Social Application PlatformsJonathan LeBlanc
 
Insecure trends in web technologies 2009
Insecure trends in web technologies 2009Insecure trends in web technologies 2009
Insecure trends in web technologies 2009Chandrakanth Narreddy
 
Ip issues in social media
Ip issues in social mediaIp issues in social media
Ip issues in social mediaAltacit Global
 
Users and behaviors social internet: Safety & Security
Users and behaviors social internet: Safety & SecurityUsers and behaviors social internet: Safety & Security
Users and behaviors social internet: Safety & SecurityDr. V Vorvoreanu
 
Users and Behaviors- Social Internet
Users and Behaviors- Social InternetUsers and Behaviors- Social Internet
Users and Behaviors- Social InternetKenie Moses
 
Fire eye spearphishing
Fire eye spearphishingFire eye spearphishing
Fire eye spearphishingZeno Idzerda
 
hacker un compte facebook
hacker un compte facebook hacker un compte facebook
hacker un compte facebook unsightlyoaf4043
 
State of Internet 1H 2008
State of Internet 1H 2008State of Internet 1H 2008
State of Internet 1H 2008Kim Jensen
 
2013 april boston marathon fraud advisory wp 2 x
2013 april boston marathon fraud advisory wp 2 x2013 april boston marathon fraud advisory wp 2 x
2013 april boston marathon fraud advisory wp 2 xLiberteks
 
Analyzing Social and Stylometric Features to Identify Spear phishing Emails
Analyzing Social and Stylometric Features to Identify Spear phishing EmailsAnalyzing Social and Stylometric Features to Identify Spear phishing Emails
Analyzing Social and Stylometric Features to Identify Spear phishing EmailsCybersecurity Education and Research Centre
 
What Are My Risks
What Are My RisksWhat Are My Risks
What Are My Risksrothl
 
Security Paper
Security PaperSecurity Paper
Security PaperShante' Perrin
 
South Carolina State Symbols
South Carolina State SymbolsSouth Carolina State Symbols
South Carolina State SymbolsAmanda Stone
 
South carolina
South carolinaSouth carolina
South carolinaStacie Bell
 
South Carolina State Symbols
South Carolina State SymbolsSouth Carolina State Symbols
South Carolina State Symbolsscstatelibrary
 

Weitere ähnliche Inhalte

Was ist angesagt?

Group 2 privacy and me in a web 2.0 world final
Group 2 privacy and me in a web 2.0 world finalGroup 2 privacy and me in a web 2.0 world final
Group 2 privacy and me in a web 2.0 world finalshanikosh
 
Spear Phishing 101
Spear Phishing 101Spear Phishing 101
Spear Phishing 101Sendio
 
Facebook danger
Facebook dangerFacebook danger
Facebook dangerrihabswilah
 
Social Networking Security Issues
Social Networking Security IssuesSocial Networking Security Issues
Social Networking Security IssuesMangesh Gunjal
 
Security At Home
Security At HomeSecurity At Home
Security At HomeAngela Samuels
 
Spear phishing attacks-by-hari_krishna
Spear phishing attacks-by-hari_krishnaSpear phishing attacks-by-hari_krishna
Spear phishing attacks-by-hari_krishnaRaghunath G
 
Building on Social Application Platforms
Building on Social Application PlatformsBuilding on Social Application Platforms
Building on Social Application PlatformsJonathan LeBlanc
 
Insecure trends in web technologies 2009
Insecure trends in web technologies 2009Insecure trends in web technologies 2009
Insecure trends in web technologies 2009Chandrakanth Narreddy
 
Ip issues in social media
Ip issues in social mediaIp issues in social media
Ip issues in social mediaAltacit Global
 
Users and behaviors social internet: Safety & Security
Users and behaviors social internet: Safety & SecurityUsers and behaviors social internet: Safety & Security
Users and behaviors social internet: Safety & SecurityDr. V Vorvoreanu
 
Users and Behaviors- Social Internet
Users and Behaviors- Social InternetUsers and Behaviors- Social Internet
Users and Behaviors- Social InternetKenie Moses
 
Fire eye spearphishing
Fire eye spearphishingFire eye spearphishing
Fire eye spearphishingZeno Idzerda
 
hacker un compte facebook
hacker un compte facebook hacker un compte facebook
hacker un compte facebook unsightlyoaf4043
 
State of Internet 1H 2008
State of Internet 1H 2008State of Internet 1H 2008
State of Internet 1H 2008Kim Jensen
 
2013 april boston marathon fraud advisory wp 2 x
2013 april boston marathon fraud advisory wp 2 x2013 april boston marathon fraud advisory wp 2 x
2013 april boston marathon fraud advisory wp 2 xLiberteks
 
Analyzing Social and Stylometric Features to Identify Spear phishing Emails
Analyzing Social and Stylometric Features to Identify Spear phishing EmailsAnalyzing Social and Stylometric Features to Identify Spear phishing Emails
Analyzing Social and Stylometric Features to Identify Spear phishing EmailsCybersecurity Education and Research Centre
 
What Are My Risks
What Are My RisksWhat Are My Risks
What Are My Risksrothl
 

Was ist angesagt? (19)

Group 2 privacy and me in a web 2.0 world final
Group 2 privacy and me in a web 2.0 world finalGroup 2 privacy and me in a web 2.0 world final
Group 2 privacy and me in a web 2.0 world final
 
Spear Phishing 101
Spear Phishing 101Spear Phishing 101
Spear Phishing 101
 
Facebook danger
Facebook dangerFacebook danger
Facebook danger
 
Social Networking Security Issues
Social Networking Security IssuesSocial Networking Security Issues
Social Networking Security Issues
 
Spear Phishing
Spear PhishingSpear Phishing
Spear Phishing
 
Security At Home
Security At HomeSecurity At Home
Security At Home
 
Spear phishing attacks-by-hari_krishna
Spear phishing attacks-by-hari_krishnaSpear phishing attacks-by-hari_krishna
Spear phishing attacks-by-hari_krishna
 
Building on Social Application Platforms
Building on Social Application PlatformsBuilding on Social Application Platforms
Building on Social Application Platforms
 
Insecure trends in web technologies 2009
Insecure trends in web technologies 2009Insecure trends in web technologies 2009
Insecure trends in web technologies 2009
 
Ip issues in social media
Ip issues in social mediaIp issues in social media
Ip issues in social media
 
Users and behaviors social internet: Safety & Security
Users and behaviors social internet: Safety & SecurityUsers and behaviors social internet: Safety & Security
Users and behaviors social internet: Safety & Security
 
Users and Behaviors- Social Internet
Users and Behaviors- Social InternetUsers and Behaviors- Social Internet
Users and Behaviors- Social Internet
 
Fire eye spearphishing
Fire eye spearphishingFire eye spearphishing
Fire eye spearphishing
 
hacker un compte facebook
hacker un compte facebook hacker un compte facebook
hacker un compte facebook
 
State of Internet 1H 2008
State of Internet 1H 2008State of Internet 1H 2008
State of Internet 1H 2008
 
2013 april boston marathon fraud advisory wp 2 x
2013 april boston marathon fraud advisory wp 2 x2013 april boston marathon fraud advisory wp 2 x
2013 april boston marathon fraud advisory wp 2 x
 
Analyzing Social and Stylometric Features to Identify Spear phishing Emails
Analyzing Social and Stylometric Features to Identify Spear phishing EmailsAnalyzing Social and Stylometric Features to Identify Spear phishing Emails
Analyzing Social and Stylometric Features to Identify Spear phishing Emails
 
What Are My Risks
What Are My RisksWhat Are My Risks
What Are My Risks
 
Security Paper
Security PaperSecurity Paper
Security Paper
 

Andere mochten auch

South Carolina State Symbols
South Carolina State SymbolsSouth Carolina State Symbols
South Carolina State SymbolsAmanda Stone
 
South carolina
South carolinaSouth carolina
South carolinaStacie Bell
 
South Carolina State Symbols
South Carolina State SymbolsSouth Carolina State Symbols
South Carolina State Symbolsscstatelibrary
 
Social Media Disclaimer Terms Of Use
Social Media Disclaimer Terms Of UseSocial Media Disclaimer Terms Of Use
Social Media Disclaimer Terms Of Usescstatelibrary
 
Introduction to the Social Web and its applications
Introduction to the Social Web and its applicationsIntroduction to the Social Web and its applications
Introduction to the Social Web and its applicationsmdabrowski
 
SCSL photo release form
SCSL photo release formSCSL photo release form
SCSL photo release formscstatelibrary
 
Teens And Social Media
Teens And Social MediaTeens And Social Media
Teens And Social Mediascstatelibrary
 
SC State Agency Social Media Library
SC State Agency Social Media LibrarySC State Agency Social Media Library
SC State Agency Social Media LibraryAmanda Stone
 
Can I Be A Blogger Too
Can I Be A Blogger TooCan I Be A Blogger Too
Can I Be A Blogger Tooscstatelibrary
 
Id theft avoiding and detecting
Id theft avoiding and detectingId theft avoiding and detecting
Id theft avoiding and detectingscstatelibrary
 
South carolina state library social media policy final
South carolina state library social media policy finalSouth carolina state library social media policy final
South carolina state library social media policy finalscstatelibrary
 
C:\Fakepath\Presentation Pla
C:\Fakepath\Presentation PlaC:\Fakepath\Presentation Pla
C:\Fakepath\Presentation Plascstatelibrary
 

Andere mochten auch (13)

South Carolina State Symbols
South Carolina State SymbolsSouth Carolina State Symbols
South Carolina State Symbols
 
South carolina
South carolinaSouth carolina
South carolina
 
South Carolina State Symbols
South Carolina State SymbolsSouth Carolina State Symbols
South Carolina State Symbols
 
Social Media Disclaimer Terms Of Use
Social Media Disclaimer Terms Of UseSocial Media Disclaimer Terms Of Use
Social Media Disclaimer Terms Of Use
 
Introduction to the Social Web and its applications
Introduction to the Social Web and its applicationsIntroduction to the Social Web and its applications
Introduction to the Social Web and its applications
 
SCSL photo release form
SCSL photo release formSCSL photo release form
SCSL photo release form
 
Teens And Social Media
Teens And Social MediaTeens And Social Media
Teens And Social Media
 
SC State Agency Social Media Library
SC State Agency Social Media LibrarySC State Agency Social Media Library
SC State Agency Social Media Library
 
Can I Be A Blogger Too
Can I Be A Blogger TooCan I Be A Blogger Too
Can I Be A Blogger Too
 
Id theft avoiding and detecting
Id theft avoiding and detectingId theft avoiding and detecting
Id theft avoiding and detecting
 
South carolina state library social media policy final
South carolina state library social media policy finalSouth carolina state library social media policy final
South carolina state library social media policy final
 
C:\Fakepath\Presentation Pla
C:\Fakepath\Presentation PlaC:\Fakepath\Presentation Pla
C:\Fakepath\Presentation Pla
 
Visual Art - Weaving Warm-Up's
Visual Art - Weaving Warm-Up'sVisual Art - Weaving Warm-Up's
Visual Art - Weaving Warm-Up's
 

Ă„hnlich wie Social Media Security

A Guide to Internet Security For Businesses- Business.com
A Guide to Internet Security For Businesses- Business.comA Guide to Internet Security For Businesses- Business.com
A Guide to Internet Security For Businesses- Business.comBusiness.com
 
Comvigo IM Lock WhitePaper
Comvigo IM Lock WhitePaperComvigo IM Lock WhitePaper
Comvigo IM Lock WhitePaperJames Tanner
 
Combating Phishing Attacks
Combating Phishing AttacksCombating Phishing Attacks
Combating Phishing AttacksRapid7
 
SS236 Unit 8 Assignment Rubric Content 70 Points Do.docx
SS236 Unit 8 Assignment Rubric Content 70 Points Do.docx SS236 Unit 8 Assignment Rubric Content 70 Points Do.docx
SS236 Unit 8 Assignment Rubric Content 70 Points Do.docxaryan532920
 
Web 2.0/Social Networks and Security
Web 2.0/Social Networks and SecurityWeb 2.0/Social Networks and Security
Web 2.0/Social Networks and Securitysherrymoon7121
 
Slidecast ppt
Slidecast pptSlidecast ppt
Slidecast pptxinygu
 
Phishing
PhishingPhishing
Phishingshivli0769
 
The Evolution of Phising Attacks
The Evolution of Phising AttacksThe Evolution of Phising Attacks
The Evolution of Phising AttacksBee_Ware
 
Spam and Phishing Report - Marzo 2010
Spam and Phishing Report - Marzo 2010Spam and Phishing Report - Marzo 2010
Spam and Phishing Report - Marzo 2010Symantec Italia
 
Protecting Against Web Threats
Protecting Against Web ThreatsProtecting Against Web Threats
Protecting Against Web ThreatsKim Jensen
 
Cybercrime - An essential guide from Thawte
Cybercrime - An essential guide from ThawteCybercrime - An essential guide from Thawte
Cybercrime - An essential guide from ThawteRapidSSLOnline.com
 
Edu 03 assingment
Edu 03 assingmentEdu 03 assingment
Edu 03 assingmentAswani34
 
Study on Phishing Attacks and Antiphishing Tools
Study on Phishing Attacks and Antiphishing ToolsStudy on Phishing Attacks and Antiphishing Tools
Study on Phishing Attacks and Antiphishing ToolsIRJET Journal
 
Cybercrime: A Seminar Report
Cybercrime: A Seminar ReportCybercrime: A Seminar Report
Cybercrime: A Seminar ReportArindam Sarkar
 
111cyber crimes
111cyber crimes111cyber crimes
111cyber crimesrinushalu
 
Security Dangers of Social Networking
Security Dangers of Social NetworkingSecurity Dangers of Social Networking
Security Dangers of Social NetworkingBillBrenner70
 
FBI And Cyber Crime | Crime Stoppers International
FBI And Cyber Crime | Crime Stoppers International FBI And Cyber Crime | Crime Stoppers International
FBI And Cyber Crime | Crime Stoppers International Scott Mills
 
2015 Labris SOC Annual Report
2015 Labris SOC Annual Report2015 Labris SOC Annual Report
2015 Labris SOC Annual ReportLabris Networks
 

Ă„hnlich wie Social Media Security (20)

A Guide to Internet Security For Businesses- Business.com
A Guide to Internet Security For Businesses- Business.comA Guide to Internet Security For Businesses- Business.com
A Guide to Internet Security For Businesses- Business.com
 
Comvigo IM Lock WhitePaper
Comvigo IM Lock WhitePaperComvigo IM Lock WhitePaper
Comvigo IM Lock WhitePaper
 
Combating Phishing Attacks
Combating Phishing AttacksCombating Phishing Attacks
Combating Phishing Attacks
 
SS236 Unit 8 Assignment Rubric Content 70 Points Do.docx
SS236 Unit 8 Assignment Rubric Content 70 Points Do.docx SS236 Unit 8 Assignment Rubric Content 70 Points Do.docx
SS236 Unit 8 Assignment Rubric Content 70 Points Do.docx
 
Web 2.0/Social Networks and Security
Web 2.0/Social Networks and SecurityWeb 2.0/Social Networks and Security
Web 2.0/Social Networks and Security
 
Slidecast ppt
Slidecast pptSlidecast ppt
Slidecast ppt
 
Phishing
PhishingPhishing
Phishing
 
The Evolution of Phising Attacks
The Evolution of Phising AttacksThe Evolution of Phising Attacks
The Evolution of Phising Attacks
 
Spam and Phishing Report - Marzo 2010
Spam and Phishing Report - Marzo 2010Spam and Phishing Report - Marzo 2010
Spam and Phishing Report - Marzo 2010
 
Protecting Against Web Threats
Protecting Against Web ThreatsProtecting Against Web Threats
Protecting Against Web Threats
 
Cyber Attacks
Cyber AttacksCyber Attacks
Cyber Attacks
 
Cybercrime - An essential guide from Thawte
Cybercrime - An essential guide from ThawteCybercrime - An essential guide from Thawte
Cybercrime - An essential guide from Thawte
 
Edu 03 assingment
Edu 03 assingmentEdu 03 assingment
Edu 03 assingment
 
Study on Phishing Attacks and Antiphishing Tools
Study on Phishing Attacks and Antiphishing ToolsStudy on Phishing Attacks and Antiphishing Tools
Study on Phishing Attacks and Antiphishing Tools
 
Cybercrime: A Seminar Report
Cybercrime: A Seminar ReportCybercrime: A Seminar Report
Cybercrime: A Seminar Report
 
111cyber crimes
111cyber crimes111cyber crimes
111cyber crimes
 
Security Dangers of Social Networking
Security Dangers of Social NetworkingSecurity Dangers of Social Networking
Security Dangers of Social Networking
 
FBI And Cyber Crime | Crime Stoppers International
FBI And Cyber Crime | Crime Stoppers International FBI And Cyber Crime | Crime Stoppers International
FBI And Cyber Crime | Crime Stoppers International
 
2015 Labris SOC Annual Report
2015 Labris SOC Annual Report2015 Labris SOC Annual Report
2015 Labris SOC Annual Report
 
Facebook
FacebookFacebook
Facebook
 

Mehr von scstatelibrary

Communications task force
Communications task forceCommunications task force
Communications task forcescstatelibrary
 
What Does The Research Tell Us?
What Does The Research Tell Us?What Does The Research Tell Us?
What Does The Research Tell Us?scstatelibrary
 
GrandFamily Resource Centers
GrandFamily Resource CentersGrandFamily Resource Centers
GrandFamily Resource Centersscstatelibrary
 
Workforce Development Task Force
Workforce Development Task ForceWorkforce Development Task Force
Workforce Development Task Forcescstatelibrary
 
New Technologies For Dummies Agenda (2)
New Technologies For Dummies Agenda (2)New Technologies For Dummies Agenda (2)
New Technologies For Dummies Agenda (2)scstatelibrary
 
Social Media? The Time is NOW! Presentation outline
Social Media? The Time is NOW! Presentation outlineSocial Media? The Time is NOW! Presentation outline
Social Media? The Time is NOW! Presentation outlinescstatelibrary
 
Online Resources Available At Your Public Library
Online Resources Available At Your Public LibraryOnline Resources Available At Your Public Library
Online Resources Available At Your Public Libraryscstatelibrary
 
Even A State Agency Can Do Social Media9703
Even A State Agency Can Do Social Media9703Even A State Agency Can Do Social Media9703
Even A State Agency Can Do Social Media9703scstatelibrary
 
OPT Service For State Government
OPT Service For State GovernmentOPT Service For State Government
OPT Service For State Governmentscstatelibrary
 
Flickr And Libraries
Flickr And LibrariesFlickr And Libraries
Flickr And Librariesscstatelibrary
 
Opal Scpl 02192008
Opal Scpl 02192008Opal Scpl 02192008
Opal Scpl 02192008scstatelibrary
 
Library Advocacy Resources
Library Advocacy ResourcesLibrary Advocacy Resources
Library Advocacy Resourcesscstatelibrary
 
Survey Techniques
Survey TechniquesSurvey Techniques
Survey Techniquesscstatelibrary
 
APLA Presentation On Staff Development
APLA Presentation On Staff DevelopmentAPLA Presentation On Staff Development
APLA Presentation On Staff Developmentscstatelibrary
 
What's New at the SC State Library
What's New at the SC State LibraryWhat's New at the SC State Library
What's New at the SC State Libraryscstatelibrary
 
Strategic Planning
Strategic PlanningStrategic Planning
Strategic Planningscstatelibrary
 
South Carolina Public Libraries
South Carolina Public LibrariesSouth Carolina Public Libraries
South Carolina Public Librariesscstatelibrary
 
Libraries And Flickr
Libraries And FlickrLibraries And Flickr
Libraries And Flickrscstatelibrary
 
Friends Groups – What To Know!
Friends Groups – What To Know!Friends Groups – What To Know!
Friends Groups – What To Know!scstatelibrary
 

Mehr von scstatelibrary (20)

Communications task force
Communications task forceCommunications task force
Communications task force
 
What Does The Research Tell Us?
What Does The Research Tell Us?What Does The Research Tell Us?
What Does The Research Tell Us?
 
GrandFamily Resource Centers
GrandFamily Resource CentersGrandFamily Resource Centers
GrandFamily Resource Centers
 
Workforce Development Task Force
Workforce Development Task ForceWorkforce Development Task Force
Workforce Development Task Force
 
New Technologies For Dummies Agenda (2)
New Technologies For Dummies Agenda (2)New Technologies For Dummies Agenda (2)
New Technologies For Dummies Agenda (2)
 
Social Media? The Time is NOW! Presentation outline
Social Media? The Time is NOW! Presentation outlineSocial Media? The Time is NOW! Presentation outline
Social Media? The Time is NOW! Presentation outline
 
Dhec3
Dhec3Dhec3
Dhec3
 
Online Resources Available At Your Public Library
Online Resources Available At Your Public LibraryOnline Resources Available At Your Public Library
Online Resources Available At Your Public Library
 
Even A State Agency Can Do Social Media9703
Even A State Agency Can Do Social Media9703Even A State Agency Can Do Social Media9703
Even A State Agency Can Do Social Media9703
 
OPT Service For State Government
OPT Service For State GovernmentOPT Service For State Government
OPT Service For State Government
 
Flickr And Libraries
Flickr And LibrariesFlickr And Libraries
Flickr And Libraries
 
Opal Scpl 02192008
Opal Scpl 02192008Opal Scpl 02192008
Opal Scpl 02192008
 
Library Advocacy Resources
Library Advocacy ResourcesLibrary Advocacy Resources
Library Advocacy Resources
 
Survey Techniques
Survey TechniquesSurvey Techniques
Survey Techniques
 
APLA Presentation On Staff Development
APLA Presentation On Staff DevelopmentAPLA Presentation On Staff Development
APLA Presentation On Staff Development
 
What's New at the SC State Library
What's New at the SC State LibraryWhat's New at the SC State Library
What's New at the SC State Library
 
Strategic Planning
Strategic PlanningStrategic Planning
Strategic Planning
 
South Carolina Public Libraries
South Carolina Public LibrariesSouth Carolina Public Libraries
South Carolina Public Libraries
 
Libraries And Flickr
Libraries And FlickrLibraries And Flickr
Libraries And Flickr
 
Friends Groups – What To Know!
Friends Groups – What To Know!Friends Groups – What To Know!
Friends Groups – What To Know!
 

KĂĽrzlich hochgeladen

Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsPrecisely
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 

KĂĽrzlich hochgeladen (20)

Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power Systems
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 

Social Media Security

  • 1.
  • 2. Introduction to Social Networking Massive adoption in the consumer market MySpace, Facebook, LinkedIn, Friendster SecondLife Ning , etc. Statistics on Facebook Over 64,000,000 users Over 250,000 new registrations per day Over 200,000 developers have submitted some sort of Facebook application using basic programming skills and there are over 15,000 official apps Users can add up to 20 friends per day Facebook apps can be considered as XHTML snippets that inherit all the properties of web applications
  • 3. Ideal Exploitation Platform? Social networks have intrinsic properties that make them ideal to be exploited by an adversary: Difficult to police: very large and distributed user base Trust network: clusters of users sharing the same social interests developing trust with each other Platform openness for developing applications that are attractive the general users who will install them
  • 4. Other Precedents? One of the ways to think about the broader risks of social networking against critical infrastructure is related to the problems of state-sponsored attackers “People’s War” concept a la Dragon Bytes – many home computers used as soldiers Similar problem seen with Gnutella used as a DDOS platform A rogue social network app could be used in the same manner or worse
  • 5. Two Social Networking Sites91 Percent of Phishing Attacks In an analysis of cyber crime activity in the 2nd half of 2007, security vendor Symantec Corp. found that two social networking sites together were the target of 91 percent of U.S.-based phishing Web sites. Social networking sites also were the leading targets of phishing sites located in four other countries listed by Symantec in its phishing Top 10. Source: Symantec Corp. Hijacked social networking pages often are used to host malicious software or "malware" directly or to host links phishing or malware sites that are then advertised in messages sent to all of the contacts in the victim's social network.
  • 7. Why Don’t We Just Ban It All Banning public social networking sites from corporate use may help with the distraction factor and with some of the other technical issues, but.. In many cases, there is just too much personal information posted on these sites Information such as the full names of parents, pets, schools and other “keys” that are used to unlock personal and professional accounts Embarrassing or inappropriate pictures that could be used in blackmail scenarios (think Cold War) Lifestyle information that may create personal or professional problems
  • 8. Taking It to the Extreme If an adversary were able to develop an application as successful as FunWall, for example, a victim host would have to cope with about 23 Mbit/sec of unsolicited traffic and nearly 248GB a day of unwanted data Of course, this assumes a lot about bandwidth and the lack of proper network and security management… But, adversaries don’t need all that bandwidth.
  • 9. Here's a look at the seven most lethal social networks hacks: 1) Impersonation and targeted personal attacks 2) Spam and bot infections 3) WeaponizedOpenSocial and other social networking applications 4) Crossover of personal to professional online presence 5) XSS, CSRF attacks 6) Identity theft 7) Corporate espionage Social Networking
  • 10. Social Networking Because of its huge base -- last month Facebook said it had more than 300 million users -- the site is a frequent target for hackers and identity thieves 10-28-2009 Researchers at several security firms have uncovered a spam campaign targeting Facebook users. The e-mails, which pose as communications from Facebook about password resets, contain a nasty downloader that ultimately makes users part of a notorious botnet. 10-02-2009 Facebook Attackers May Have Cracked CAPTCHAResearchers at AVG Technologies may have uncovered a scheme by attackers to circumvent the CAPTCHA protections on Facebook to create fraudulent accounts. 02-09-2009 Rik Ferguson, senior security advisor for Trend Micro, said the social networking Web site based in Palo Alto, Calif., has been hit in the past week with four malicious applications and a new version of the Koobface virus that was first detected in December 2008, the BBC reported Monday
  • 11. Avoiding Social Engineering and Phishing Attacks How do you avoid being a victim? Be suspicious of unsolicited phone calls, visits, or email messages from individuals asking about employees or other internal information. If an unknown individual claims to be from a legitimate organization, try to verify his or her identity directly with the company. Do not provide personal information or information about your organization, including its structure or networks, unless you are certain of a person's authority to have the information. Do not reveal personal or financial information in email, and do not respond to email solicitations for this information. This includes following links sent in email. Don't send sensitive information over the Internet before checking a website's security (see Protecting Your Privacy for more information). Pay attention to the URL of a website. Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (e.g., .com vs. .net). Social Networking
  • 12. If you are unsure whether an email request is legitimate, try to verify it by contacting the company directly. Do not use contact information provided on a website connected to the request; instead, check previous statements for contact information. Information about known phishing attacks is also available online from groups such as the Anti-Phishing Working Group (http://www.antiphishing.org). Install and maintain anti-virus software, firewalls, and email filters to reduce some of this traffic (see Understanding Firewalls, Understanding Anti-Virus Software, and Reducing Spam for more information). Take advantage of any anti-phishing features offered by your email client and web browser. Social Networking
  • 13. http://www.staysafeonline.org/blog/staying-safe-social-media-web-sites http://www.thetechherald.com/article.php/200938/4434 http://www.us-cert.gov/cas/tips/ST04-014.html http://www.justaskgemalto.com/us/focus/managing-your-digital-identity-social-media-sites http://edition.cnn.com/2009/TECH/07/16/twitter.hack/ Social Networking