Hongyu Gao Northwestern University EECS450 class presentation Adapted from slides of Harvard Townsend and Jessica Van Hattem Security Issues of Online.

Slides:



Advertisements
Similar presentations
1 drt 6455 eCommerce Law lesson 8 – IT and web 2.0 associate professor faculty of law university of montreal university of montreal chair in e-Security.
Advertisements

Recruitment Booster.
The Two Faces of Facebook Marianne Hebert, College Libraries (In collaboration with Jenica Rogers) Alumni Weekend July 11, 2008 SUNY Potsdam Presentation.
Our Digital World Second Edition
NHnetWORKS December 14,  Facebook is a global Social Networking website that is operated and privately owned by Facebook, Inc.  Users can add.
Media Legal Update Lawrence M. Miller Schwartz, Woods & Miller.
Explain the social impacts of the use of IT.. Social Social networking has made the world Bigger and easier to communicate with others. It allows friends,
Staying Safe in Cyberspace. What do YOU do online? Send and receive Send and receive Shop Shop Research Research Instant messaging/chat.
The use of Social Media in Medical Education IAMSE Web Seminar January 20, 2010 Julie K. Hewett, IAMSE Association Manager.
Privacy-preserving Services: Social Networks Amir Houmansadr CS660: Advanced Information Assurance Spring 2015 Content may be borrowed from other resources.
Web 2.0: Concepts and Applications 5 Connecting People.
Social Media Networking Sites Charlotte Jenkins Designing the Social Web
Personal Integrity and Björn Nilson Personal Integrity  Integrity vs Personal Integrity  Definition(s)  Physical and mental.
Privacy in Social Networks CSCE 201. Reading Dwyer, Hiltz, Passerini, Trust and privacy concern within social networking sites: A comparison of Facebook.
ETHICAL ISSUES IN SOCIAL NETWORKING SUBMITTED BY :  PRIYANKA RANI(2948)  KRITIKA TANEJA(2956)  RISHU JAIN(2879)  RITU(2895)  DEEPAK AGGRAWAL(2944)
What do I need to know?.   Instant Messages  Social Networking.
The Risks of Social Networking IT Security Training October 12, 2010 Harvard Townsend Chief Information Security Officer Kansas State University
Facebook me! Online social networking as part of libraries’ web presence? This research is not affiliated with or sponsored by Facebook. Kim Holmberg Information.
Microsoft Passport Waldemar Swiercz.
1 of 6 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2007 Microsoft Corporation.
Teach a man (person) to Phish Recognizing scams, spams and other personal security attacks July 17 th, 2013 High Tea at IT, Summer, 2013.
 Digital marketing: Uses digital media to develop communications and exchanges with customers  Electronic media (E-marketing): Refers to the strategic.
Click your mouse button to advance the frames.. Coaches/Team Moms Getting Started.
Group #11 SOCIAL NETWORKING. a website where one connects with those sharing personal or professional interests, place of origin, education at a particular.
Taking the Headache out of. Reach your sphere of influence on a daily basis – AT NO COST? Reconnect with friends and stay in touch with family – AT NO.
Individual User Logins
Creating Online Class Communities Jennifer Dorman Discovery Education
Your Professional Network Powered by NCURA By: Stephanie Moore NCURA Community Curator.
MANAGING YOUR ONLINE PROFILE WHAT DOES THIS MEAN AND WHY SHOULD YOU CARE? Sarah Morris UT Libraries.
You can customize your privacy settings. The privacy page gives you control over who can view your content. At most only your friends, their friends and.
Social effect: Facebook is a site available to anyone. Many people use it in order to contact friends and relatives from all around the world, and to meet.
Introduction to Skype A. Name -. Applies to Skype for home and small business accounts.
© 2012-Robert G Parker May 24, 2012 Page: 1 © 2012-Robert G Parker May 24, 2012 Page: 1 © 2012-Robert G Parker May 24, 2012 Page: 1 © 2012-Robert G Parker.
What if I told you that a random stranger has access to…
Safe and Responsible Social Networking Stephanie ListerBrent Howard Assistant U.S. Attorney, ED of WANorth East Washington ESD 101 Computer Crime & Intellectual.
Social Media Attacks By Laura Jung. How the Attacks Start Popularity of these sites with millions of users makes them perfect places for cyber attacks.
Welcome to Social Media How to facebook, link, and tweet your way around the web.
Internet Safety. The Now Generation! Cyber-bullying Why? “A day in the life of a student has changed”
COPYRIGHT © 2007, PATRIOT TECHNOLOGIES, INC. THIRD PARTY BRANDS & NAMES ARE THE PROPERTY OF THEIR RESPECTIVE OWNERS Maryland Digital Government Summit.
 Facebook  Twitter  MySpace  Windows LiveSpace.
 Two types of malware propagating through social networks, Cross Site Scripting (XSS) and Koobface worm.  How these two types of malware are propagated.
SOCIAL NETWORKING The Legal Perspective Lawrence M. Miller Schwartz, Woods & Miller.
Understanding and Using Social Media. Attention Overload.
Web Spoofing Steve Newell Mike Falcon Computer Security CIS 4360.
Steve Allen Marc Greco Michael Dennis. 
Presented by: Sanketh Beerabbi University of Central Florida.
By Gianluca Stringhini, Christopher Kruegel and Giovanni Vigna Presented By Awrad Mohammed Ali 1.
Internet Architecture and Governance
A Day of technology Improving upon your technology skills Giving every child the opportunity to learn in a robust digital environment everyday. making.
Privacy Issues on The Internet. Login if you want everyone to see your private life * * * * *
Fan, Friend or Foe? The Risks of Social Networking.
Protecting Yourself on Social Media – Friend Requests And Messages.
Security fundamentals Topic 5 Using a Public Key Infrastructure.
FriendFinder Location-aware social networking on mobile phones.
FriendFinder Location-aware social networking on mobile phones.
Social Networking and College Classrooms Some Thoughts for Instructors Kem Saichaie & Leighton Christiansen Des Moines Area Community College 27 February.
Tshilidzi Tshiredo. Introduction Long time ago even before technologies, social networking platforms and mobile devices, Dewey, J.( ) stated that.
FriendFinder Location-aware social networking on mobile phones.
Introduction: Introduction: As technology advances, we have cheaper and easier ways to stay connected to the world around us. We are able to order almost.
 Smartphones – iPhone, Android, Blackberries, etc  Tablets – iPad, Android, Windows, Google, etc.  Computers Basically anything that can connect to.
AN INTRODUCTION TO FACEBOOK. Learning Objectives A brief introduction to the social networking site Facebook. Instructions to create an account. How to.
Facebook privacy policy
BUILD SECURE PRODUCTS AND SERVICES
Social Media Attacks.
3.02H Publishing a Website 3.02 Develop webpages..
Common Methods Used to Commit Computer Crimes
Shavonne Henry, Nikia Clarke, David Heymann, Brandon Knight
4.02 Develop web pages using various layouts and technologies.
Online Safety: Rights and Responsibilities
Cloud Storage.
Presentation transcript:

Hongyu Gao Northwestern University EECS450 class presentation Adapted from slides of Harvard Townsend and Jessica Van Hattem Security Issues of Online Social Networking

Fan, Friend or Foe? CHECK 2010 May 26, 2010 Sherry Callahan, CISSP, CISM, CISA The Risks of Social Networking University of Kansas Medical Center

2/3 rd US households use social networks, twice as many as a year ago 98% of students at UNC use Facebook Facebook has over 400 million “active” users, half of which login on any given day, 100 million via their mobile device U.S. Facebook users 55 and older grew 922% in 2009 (now ~ 10 million)

Social Networking Websites What are they? Tool for: Communication Expressing interests etc. Interaction User-contribution Users submit content for other users

History Early social networking websites:  classmates.com  focused on ties between former schoolmates  1997 – sixdegrees.com  focused on indirect ties

History, cont’d Modern social networking websites: 2002 – Friendster now mostly used in Asia 2003 – Myspace bought by News Corporation (parent company of Fox) in 2005 most popular social networking site in 2006

“Giving people the power to share and make the world more open and connected.”

“Twitter is a service for friends, family, and co-workers to communicate and stay connected through the exchange of quick frequent answers to one simple question: What are you doing?”

“Your professional network of trusted contacts gives you an advantage in your career, and is one of your most valuable assets. LinkedIn exists to help you make better use of your professional network and help the people you trust in return.”

“Delicious is a Social Bookmarking service, which means you can save all your bookmarks online, share them with other people, and see what other people are bookmarking.”

What Are The Security Risks? Spam, phishing, malware Privacy breach Network structural attack

Spam: – Unsolicited messages to other users. – The method. Phishing and malware distribution: – The goal (or method?). Ultimate goal: – $$$ Spam, Phishing and Malware

– Ads – Wall posts, inbox or chat messages with malicious links from hijacked “Friends” – CSRF – “My wallet was stolen and I’m stuck in Rome. Send me cash now.” – Spam pretending to be from Facebook admins Spam, Phishing and Malware

Oh no! URL Shorteners bit.ly, TinyUrl, ReadThisURL, NotLong Hides the true destination URL – no way to tell where you’re going until you click! is now

Malware Distribution

Koobface is grandaddy of malware targeting Facebook; continues to evolve and infect today Koobface – Register and activate a Facebook account. – Join random Facebook groups, adding Facebook friends. – Post messages on friends’ walls that contain links to the Koobface loader component

Defenses Attack the carrier : – Spam message detection Don’t talk to strangers: – Sender reputation assessment Stop the exploit (CSRF): – Web security enhancement Don’t touch what you shouldn’t touch: – Malicious URL detection Be alerted! (send-me-money hoax): – Do not send money

What Are The Security Risks? Spam, phishing, malware Privacy breach Network structural attack

Privacy Policy Protection? LOL Linked In Additionally, you grant LinkedIn a nonexclusive, irrevocable, worldwide, perpetual, unlimited, assignable, sublicenseable, fully paid up and royalty- free right to us to copy, prepare derivative works of, improve, distribute, publish, remove, retain, add, process, analyze, use and commercialize, in any way now known or in the future discovered, any information you provide, directly or indirectly to LinkedIn, including but not limited to any user generated content, ideas, concepts, techniques or data to the services, you submit to LinkedIn, without any further consent, notice and/or compensation to you or to any third parties. Any information you submit to us is at your own risk of loss. Facebook “You hereby grant Facebook an irrevocable, perpetual, non-exclusive, transferable, fully paid, worldwide license (with the right to sublicense) to (a) use, copy, publish, stream, store, retain, publicly perform or display, transmit, scan, reformat, modify, edit, frame, translate, excerpt, adapt, create derivative works and distribute (through multiple tiers), any User Content you (i) Post on or in connection with the Facebook Service or the promotion thereof subject only to your privacy settings or (ii) enable a user to Post, including by offering a Share Link on your website and (b) to use your name, likeness and image for any purpose, including commercial or advertising, each of (a) and (b) on or in connection with the Facebook Service or the promotion thereof. You may remove your User Content from the Site at any time. If you choose to remove your User Content, the license granted above will automatically expire, however you acknowledge that the Company may retain archived copies of your User Content.”

Take my stuff, please!

Who’s peeking?

Some Facts A study on Facebook users in Carnegie Mellon University network – 90.8% uploaded images – 87.8% revealed birth dates – 39.9% share phone # – 50.8% list current addresses – By Gross et. Al.

Breaches from Service Providers Root cause: – Client-server architecture – OSN service provider in dominant position and can benefit from examining and sharing information Solution: – Users dictate fine-grained policies regarding who may view their information – Enforce the policy with encryption

Defenses Persona, by Baden et al. – Use decentralized storage Lockr, by Tootoonchian et al. – Recipient needs to provide digitally signed social relationships as proof to fetch data Smart clients and an untrusted central server, by Anderson, et al. – Server stores encrypted data – Client accesses user information only if the owner’s client mediates the access

Breaches from Other User Root cause: – Lack of carefulness in examining friend requests A simple attack version: – 75,000 out of 250,000 random Facebook users contacted using an automatic script accepted the script’s friend request – A report from Sept. 2005

Advanced Attacks (Bilge et al.) Same-site profile cloning: – An attacker duplicates a user’s profile in the same OSN – Use the duplication to send out friend requests to the user’s friends Cross-site profile cloning: – An attacker identifies a user from OSN A – The attacker duplicates the user’s profile to OSN B – Use the duplication to send out friend requests to the user’s friends who also registered in OSN B

Defenses None. But suggestions, yes: – Increase users’ alertness concerning their acceptance of friend requests – Improving the strength of Captcha to provent large-scale automated attacks.

Breaches from 3 rd Party Apps Root cause: – 3 rd party apps are essentially untrusted. – A LOT of similarity with their smart phone counterparts. Problem breakdown: – Which piece of information is necessary for the apps to function? – How the monitor the way in which the apps manipulate the personal information?

Defenses For problem 1: – None. Have to trust the app’s manifest. For problem 2, Xbook by Singh et al.: – Information flow in the apps can only occur via XBook APIs (modify the app development language). – Use information flow models and run-time monitoring. The Facebook move: – Applications must obtain specific approval from users before gaining access to any personal information that isn’t available to “everyone”. (recall the Android case?)

What Are The Security Risks? Spam, phishing, malware Privacy breach Network structural attack

Network Structural Attacks Root cause: – Attacker can control and manipulate multiple identities. Attack scenarios: – Promote the reputation of an account in e-commerce settings by voting the target as “good”. – De-anonymize the social network by inserting particular topological feature into the network.

Trusted certification (prevention): – Only verified users can enter the network. – Too costly to implement. Resource testing (detection): – Investigates resources associated with nodes. – E.g., SybilGuard, by Yu, et al. Recurring costs (mitigation): – Increase the cost for launching Sybil attack – Increase the use of Captcha, put monetary charges, etc. Defenses

The value of online social networking far outweighs the risk. Use social networking effectively and positively to establish new relationships, strengthen existing ones, innovate, learn, collaborate, and have fun. But beware of the risks so you can do your best to steer clear of them And think before you click!! Conclusion

? ? ? ? ? ? ? ? ? ?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.