Juha Siivikko 7.11.2013 SECURITY IN SOCIAL MEDIA.

Slides:

Advertisements

Similar presentations

Tiffany Phillips CIS What is a Social Networking Website? Social networking websites function like an online community of internet users. Depending.

Advertisements

 Classification of social media › Collaborative projects (Wikipedia) › Blogs (Twitter, Tumblr) › Content communities (Youtube) › Social networking (Facebook,

Social Network Security Issues: Social Engineering and Phishing Attacks Jeffrey Allen, Leon Gomez, Marlon Green, Phillip Ricciardi, Christian Sanabria.

ATTACKING AUTHENTICATION The Web Application Hacker’s Handbook, Ch. 6 Presenter: Jie Huang 10/31/2012.

Recommendations on the future of online GyroScope & Databse implementation.

You can socialise with the internet by using websites such as Facebook, twitter and MySpace. The good things about this is that you can talk to your friends.

SECURITY AND SOCIAL ENGINEERING US Department of Commerce Office of Security Updated 09/26/11 Security is Everyone's Responsibility – See Something, Say.

Social media threats. Warning! May contain mild peril.

Web 2.0: Concepts and Applications 5 Connecting People.

Social Media Networking Sites Charlotte Jenkins Designing the Social Web

Web 2.0 security Kushal Karanjkar Under guidance of Prof. Richard Sinn.

IDAsec copyright - all rights reserved1 Web Vulnerabilities in the real world.

Social Engineering PA Turnpike Commission. “Social Engineering is the practice of obtaining confidential information by manipulation of legitimate users”

Lecture 16 Page 1 CS 236 Online Cross-Site Scripting XSS Many sites allow users to upload information –Blogs, photo sharing, Facebook, etc. –Which gets.

Lab 3 Cookie Stealing using XSS Kara James, Chelsea Collins, Trevor Norwood, David Johnson.

Presenter Deddie Tjahjono.  Introduction  Website Application Layer  Why Web Application Security  Web Apps Security Scanner  About  Feature  How.

Security Liaisons Information Presentation. Introduction  What’s the big deal with computer security? Don’t we have an IT security department to take.

Threats to I.T Internet security By Cameron Mundy.

Evolving Threats. Application Security - Understanding the Problem DesktopTransportNetworkWeb Applications Antivirus Protection Encryption (SSL) Firewalls.

© 2012-Robert G Parker May 24, 2012 Page: 1 © 2012-Robert G Parker May 24, 2012 Page: 1 © 2012-Robert G Parker May 24, 2012 Page: 1 © 2012-Robert G Parker.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

1-Vulnerabilities 2-Hackers 3-Categories of attacks 4-What a malicious hacker do? 5-Security mechanisms 6-HTTP Web Servers 7-Web applications attacks.

Reliability & Desirability of Data

Threat to I.T Security By Otis Powers. Hacking Hacking is a big threat to society because it could expose secrets of the I.T industry that perhaps should.

Web Application with AJAX CS 526 advanced interned and Web system Presenters Faris Kateb Mohammed AbdulAziz Omar Alzahrani.

 A viruses is a program that can harm or track your computer. E.g. browser hijacker.  When a viruses accesses the computer it can accesses the HDD and.

 Two types of malware propagating through social networks, Cross Site Scripting (XSS) and Koobface worm.  How these two types of malware are propagated.

Phishing scams Phishing is the fraudulent practice of sending s purporting to be from reputable companies in order to induce individuals to reveal.

Cross-Site Attacks James Walden Northern Kentucky University.

Web Application Security ECE ECE Internetwork Security What is a Web Application? An application generally comprised of a collection of scripts.

Security Scanners Mark Shtern. Popular attack targets Web – Web platform – Web application Windows OS Mac OS Linux OS Smartphone.

Top Five Web Application Vulnerabilities Vebjørn Moen Selmersenteret/NoWires.org Norsk Kryptoseminar Trondheim

Web Attacks— Offense… The Whole Story Yuri & The Cheeseheads Mark Glubisz, Jason Kemble, Yuri Serdyuk, Kandyce Giordano.

The attacks ● XSS – type 1: non-persistent – type 2: persistent – Advanced: other keywords (, prompt()) or other technologies such as Flash.

Phishing Internet scams. Phishing phishing is an attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords and.

Web Applications Testing By Jamie Rougvie Supported by.

By Sean Rose and Erik Hazzard.  SQL Injection is a technique that exploits security weaknesses of the database layer of an application in order to gain.

Web Application with AJAX CS 526 advanced interned and Web system Presenters Faris Kateb Mohammed AbdulAziz Omar Alzahrani.

What is Spam? d min.

Presented By: Chandra Kollipara. Cross-Site Scripting: Cross-Site Scripting attacks are a type of injection problem, in which malicious scripts are injected.

Computer Security By Duncan Hall.

What Is XSS ? ! Cross-site scripting (XSS) is a type of computer security vulnerability typically found in Web applications. XSS enables attackers to.

CSRF Attacks Daniel Chen 11/18/15. What is CSRF?  Cross Site Request Forgery (Sea-Surf)  AKA XSRF/ One Click / Sidejacking / Session Riding  Exploits.

Web Applications on the battlefield Alain Abou Tass.

FLTCYBERCOM / C10F    U.S. FLEET CYBER COMMAND / U.S. TENTH FLEET    1 Overall Classification of this Briefing is UNCLASSIFIED//FOUO Phishing.

Web Application with AJAX CS 526 advanced interned and Web system Presenters Faris Kateb Mohammed AbdulAziz Omar Alzahrani.

Computer Security Keeping you and your computer safe in the digital world.

Page 1 Ethical Hacking by Douglas Williams. Page 2 Intro Attackers can potentially use many different paths through your application to do harm to your.

SlideSet #20: Input Validation and Cross-site Scripting Attacks (XSS) SY306 Web and Databases for Cyber Operations.

CNP Fraud. Occurs when a fraudster falsifies an application to acquire a credit card using an individual’s personal information. (Eg: postal intercept)

Web Application Vulnerabilities

Social Media Security: Understanding how to keep yourself safe.

API Security Auditing Be Aware,Be Safe

Information Security.

CS 371 Web Application Programming

What is REST API ? A REST (Representational State Transfer) Server simply provides access to resources and the REST client accesses and presents the.

E-commerce Application Security

Phishing is a form of social engineering that attempts to steal sensitive information.

Cybersecurity Awareness

Security Threats Haunting the E-Commerce Industry. How Can Security Testing Help?

Robert Leonard Information Security Manager Hamilton

Multifactor Authentication & First Time Login

Riding Someone Else’s Wave with CSRF

CSC 495/583 Topics of Software Security Intro to Web Security

Introduction to Computers

Web Security Advanced Network Security Peter Reiher August, 2014

Phishing Don’t fall for fake

Qiyu chen, Xiaomin Dong, Chenhui Lai, Xinteng Chen, Vittorio DiPentino

Cross Site Request Forgery (CSRF)

Presentation transcript:

Juha Siivikko SECURITY IN SOCIAL MEDIA

WHAT IS A) SOSIAL MEDIA AND B) SECURITY Social media is the online content published by people that use easily accessible and very scalable puplishing platforms 1 E.g. Twitter, Facebook, LinkedIn, MySpace, YouTube, Wikis Social media sub categories contain networkking, blogging etc. Security is of course the barrier between the asset and the threat, but it is also a feeling

TOP 5 SOCIAL MEDIA SECURITY RISKS FOR ENTERPRISES 2 1/2 Mobile apps Employees download apps to their company-issued mobile devices Mobile apps have huge security risks, and some apps are just plain malicious software that reveal and send the user’s private information to a third party, destroy persolan data, impersonate the device owner etc. Social engineering Nowadays people are more willing than evere to share personal information about themselves online 2 Social media platforms encourage dangerous level of assumed trust 2

TOP 5 SOCIAL MEDIA SECURITY RISKS FOR ENTERPRISES2/2 The sites themselves Malicious code-injections e.g. shortened URL injections For example Twitter is really vulnerable because of the retweet function: the malicious code can be forwarded to hundreds of thousands of people in short time Employees Employees have lapses in judgement, they make mistakes and they behave emotianlly Lack of social media policy Without social media policy employees don’t know the goals and parameters of social media, this brings on chaos and problems

THE RISKS IN SOCIAL MEDIA FOR ANY USER The amount of risks is vast and the risks are not conserning only major enterprises, but everyone using social media The attacks can – for example – cause Mild annoyance Lose of personal data Lose of money Lose of a job And of course thats not all

SOCIAL ENGINEERING Rather than using thecnical hacking, social engineering is gaining acces to buildings, systems, data, etc. by manipulating or exploiting human psychology 3 For example, instead of using a software vulnerabilty, one might call an employee to pose as an IT suppor person trying to get the password of the employee One other popular tactic is to hack to someones Facebook accounta and send a message through the hacked account to ask for money by claiming to be stuck in a foreing city Once a social engineer has access to a person’s account, it is eaasy to gain information that can be used to make an credible scam attempt The most effective countermeasure for social engineering is awareness

PHISHING Phishing is like social engineering, its about getting personal information by means of fake s, login sites etc. An exampe of a phishing Countermesures: Awareness, the knowledge about phisgin is vital, you can spot phishing attempts from bad grammar, questions about your password etc. Of coure some times the phishing attempt is carefully crafted, you must also remember to 5 : Not click links in your , but use the real sites, log in and continue from there If you feel like you are on a phishing site, try to log in with invalid credentials, if it directs you to a logon failed page, you might be on a legimate website

CROSS-SITE SCRIPTING Cross-site scripting, or XSS, is a security vulnerability in web applications It enables to inject a script into a web page Here is an example that I made The example – especially the login form – has a combination of features from phishing, XSS, social engineering and code injection

RISKS IN WEB /2 Authentication controls are spread amongst many users In Web 2.0 content is trusted to many users, which means there will be less- experienced users creating security issues, but also more holes for hackers e.g. brute force, more accounts which may have more simple passwords ect. Cross Site Request Forgery or CSRF An innocent looking site that has malicious code which request to a different site and because the heavy use of AJAX, Web 2.0 applications are potentially more vulnerable Phishing in Web 2.0 Because of multitude of dissimilar client software, it makes it harder to distinguish between genuine and fake web sites

RISKS IN WEB 2.02/2 Information leakage Web 2.0 has brought the work-from-anywhere mentality, which blurs the line between work and private life and because of that, people may inadvertently share sensitive information Injection flaws Web 2.0 has brought new kinds of injection attacks to daylight e.g. XML injection, XPath injection, JS injection and JSON injection and because of the heavy client side code use, it bring risks to the end users Insufficent anti-automation Web 2.0 lets hacker automate attacks more easily, hackers can use more effectively attacks like brute force, CSRF, large amounts of data retrieval and automated opening of accounts

WEB 2.0 COUNTERMESURES While Web 2.0 presents different types of challenges, those are not necessarily wore than the risks in legacy applications In dealing with the risks in Web 2.0 it comes again down to having a good understanding of the risks E.g. In the previous example about the HTML XSS blocking with the htmlspecialchars()

REFERENCES [1] [2] [3] [4] countermeasures countermeasures [5] [6] [7] threats#awesm=~omBK194D1667qghttp://readwrite.com/2009/02/16/top-8-web-20-security- threats#awesm=~omBK194D1667qg