Presentation is loading. Please wait.

Presentation is loading. Please wait.

 Classification of social media › Collaborative projects (Wikipedia) › Blogs (Twitter, Tumblr) › Content communities (Youtube) › Social networking (Facebook,

Published byNora Snowball Modified over 9 years ago

Similar presentations

Presentation on theme: " Classification of social media › Collaborative projects (Wikipedia) › Blogs (Twitter, Tumblr) › Content communities (Youtube) › Social networking (Facebook,"— Presentation transcript:

1

2  Classification of social media › Collaborative projects (Wikipedia) › Blogs (Twitter, Tumblr) › Content communities (Youtube) › Social networking (Facebook, Google Plus) › Virtual game-worlds (WoW, SWTOR) › Virtual Social worlds (Second Life)

3  Facebook › Self-XSS › Spam › Threats to privacy / Identity theft › Clickjacking

4 › Cross-site scripting or "Self-XSS.“  For example a message: “Why are you tagged in this video?” and the Facebook Dislike button take you to a webpage that tries to trick you into cutting and pasting a malicious JavaScript code into your browser’s address bar. Self-XSS attacks can also run hidden, or obfuscated, JavaScript on your computer allowing for malware installation without your knowledge.

5 › Threats to privacy / Identity theft  Facebook scams also tap into interest in the news, holiday activities and other topical events to get you to innocently reveal your personal information. Facebook posts such as “create a Royal Wedding guest name” and "In honor of Mother’s Day" seem innocuous enough, until you realize that information such as your children’s names and birthdates, pet’s name and street name now reside permanently on the Internet.  Since this information is often used for passwords or password challenge questions, it can lead to identity theft.

6  “Clickjacking" or "likejacking," also known as "UI redressing” › Tricks web users into revealing confidential information or takes control of their computer when they click on seemingly innocuous webpages. Clickjacking takes the form of embedded code or script that can execute without the user's knowledge. One disguise is a button that appears to perform another function. Clicking the button sends out the attack to your contacts through status updates, which propagates the scam

7  “Facebook Removing Option To Be Unsearchable By Name, Highlighting Lack Of Universal Privacy Controls” (http://techcrunch.com/2013/10/10/faceb ook-search-privacy/)http://techcrunch.com/2013/10/10/faceb ook-search-privacy/

8  Facebook’s security features: › In theory, new Facebook security features provide protection against scams and spam but unfortunately they’re mainly ineffectual. Self-XSS, clickjacking and survey scams essentially did not exist just a few years ago, but they now appear on Facebook and other social networks on a daily basis

9 › Check to see that you're logging in from a legitimate Facebook page with the facebook.com domain › Remote logout › Common sense › Use an up-to-date browser that features an anti-phishing black list

10  Youtube › Availability of many videos and the incredible volumes of traffic the site receives, it shouldn’t come as surprise that cybercriminals are looking to reap some benefit  Links in the video description to full video -> leads to online survey rabbit hole

11 › Google account (Gmail, Youtube, Drive etc.)  One account linked to many services -> One password to get access to all of the services  Article: ”Android one-click Google authentication method puts users, businesses at risk” (http://www.computerworld.com/s/article/9241 355/Android_one_click_Google_authentication_ method_puts_users_businesses_at_risk)http://www.computerworld.com/s/article/9241 355/Android_one_click_Google_authentication_ method_puts_users_businesses_at_risk

12  Verification › Password + SMS/Phone call verification › IP-based verification › Revoke unauthorized access › Track account activity › Create a strong password

13  Web 2.0 describes web sites that use technology beyond the static pages of earlier web sites  Web 2.0 is the popular term for advanced Internet technology and applications including blogs, wikis, RSS and social bookmarking.  The two major components of Web 2.0 are the technological advances enabled by Ajax and other new applications such as RSS and Eclipse and the user empowerment that they support.

14 › Insufficient Authentication Controls  In many Web 2.0 applications, content is trusted in the hands of many users, not just a select number of authorized personnel. That means there's a greater chance that a less-experienced user will make a change that will negatively affect the overall system. › Cross Site Scripting  In a stored cross site scripting (XSS) vulnerability, malicious input sent by an attacker is stored in the system then displayed to other users.  At risk are blogs, social networks, and wikis › Phishing  Although phishing isn't just a risk associated with Web 2.0 technologies by any means, the multitude of dissimilar client software in use makes it harder for consumers to distinguish between the genuine and the fake web sites

15 › Information Leakage  Web 2.0 combined with our "work-from-anywhere" lifestyle has begun to blur the lines between work and private life. Because of this psychological shift, people may inadvertently share information their employer would have considered sensitive. › Injection Flaws  Web 2.0 technologies tend to be vulnerable to new types of injection attacks including XML injection, XPath injection, JavaScript injection, and JSON injection for no other reason beyond the fact that the Web 2.0 applications tend to use and rely on those technologies  With increased use, comes increased risk.

16  Flash › A major advantage of using the Flash Player for Web 2.0 applications is consistent development across operating systems and browsers and a lot less overhead programming around differences and needing to debug and test on every configuration. › The Flash Player has more reach than any browser or operating system, and is being distributed faster than any other technology › Transformation of Flash from purely an animation engine to a runtime for rich media and rich internet applications has been happening for several years now

17 › The new Flash Player 9 has even stronger enterprise data connectivity including client support for Flex Enterprise Services which enables use of message queues, integration with JMS, remote procedure calls, and data synchronization. This enables not only simple applications like photo viewers, but also sophisticated business applications.

18  Video:

19  http://www.sophos.com/en-us/security-news- trends/security-trends/social-networking- security-threats/facebook.aspx http://www.sophos.com/en-us/security-news- trends/security-trends/social-networking- security-threats/facebook.aspx  http://resources.avg.com.au/security_risks/yout ube-threats/ http://resources.avg.com.au/security_risks/yout ube-threats/  http://www.facebook.com/notes/facebook/pr otect-yourself-against-phishing/81474932130 http://www.facebook.com/notes/facebook/pr otect-yourself-against-phishing/81474932130  http://readwrite.com/2009/02/16/top-8-web- 20-security-threats#awesm=~olQQwNPj77bba1 http://readwrite.com/2009/02/16/top-8-web- 20-security-threats#awesm=~olQQwNPj77bba1  http://www.klynch.com/archives/000082.html http://www.klynch.com/archives/000082.html

Download ppt " Classification of social media › Collaborative projects (Wikipedia) › Blogs (Twitter, Tumblr) › Content communities (Youtube) › Social networking (Facebook,"

Similar presentations

Broadcast Connect Generate to the Worldyour Communities traffic & Revenue.

Broadcast Connect Generate to the Worldyour Communities traffic & Revenue.
Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.
Managing the Security and Privacy Risks of Social Media Don Knox, CPP, CITRMS Global Security and Risk Analysis Manager Caterpillar (309) 494 1523

Managing the Security and Privacy Risks of Social Media Don Knox, CPP, CITRMS Global Security and Risk Analysis Manager Caterpillar (309)
Browser Comparisons Internet Explorer 8 & 9, Chrome 11 and Firefox 4 Security, Privacy, Add-ons & Convenience.

Browser Comparisons Internet Explorer 8 & 9, Chrome 11 and Firefox 4 Security, Privacy, Add-ons & Convenience.
Social media is sharing information with others What if this information ends up in the wrong hands?

Social media is sharing information with others What if this information ends up in the wrong hands?
Internet Safety Gleneagles Computer Club February 16, 2015 by Deborah Benson.

Internet Safety Gleneagles Computer Club February 16, 2015 by Deborah Benson.
Social Network Security Issues: Social Engineering and Phishing Attacks Jeffrey Allen, Leon Gomez, Marlon Green, Phillip Ricciardi, Christian Sanabria.

Social Network Security Issues: Social Engineering and Phishing Attacks Jeffrey Allen, Leon Gomez, Marlon Green, Phillip Ricciardi, Christian Sanabria.
Social media threats. Warning! May contain mild peril.

Social media threats. Warning! May contain mild peril.
Phishing and Pharming New Identity Theft Threats Presentation by Jason Guthrie.

Phishing and Pharming New Identity Theft Threats Presentation by Jason Guthrie.
Facebook Security and Privacy Issues Brian Allen Network Security Analyst Washington University December 2, 2010 Alumni House.

Facebook Security and Privacy Issues Brian Allen Network Security Analyst Washington University December 2, 2010 Alumni House.
Jason Rich CIS - 158 1.  The purpose of this project is to inform the audience about the act of phishing. Phishing is when fake websites are created.

Jason Rich CIS  The purpose of this project is to inform the audience about the act of phishing. Phishing is when fake websites are created.
Internet Phishing Not the kind of Fishing you are used to.

Internet Phishing Not the kind of Fishing you are used to.
Security Issues and Challenges in Cloud Computing

Security Issues and Challenges in Cloud Computing
ICT Issues Social Networking. Social Networking Social networking: the interaction between a group of people who have a common interest, eg. music. Popular.

ICT Issues Social Networking. Social Networking Social networking: the interaction between a group of people who have a common interest, eg. music. Popular.
1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.

1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.
Web 2.0 Web 2.0 is the term given to describe a second generation of the World Wide Web (WWW) that is focused on the ability for people to collaborate.

Web 2.0 Web 2.0 is the term given to describe a second generation of the World Wide Web (WWW) that is focused on the ability for people to collaborate.
CS 290C: Formal Models for Web Software Lecture 1: Introduction Instructor: Tevfik Bultan.

CS 290C: Formal Models for Web Software Lecture 1: Introduction Instructor: Tevfik Bultan.
Lecture 16 Page 1 CS 236 Online Cross-Site Scripting XSS Many sites allow users to upload information –Blogs, photo sharing, Facebook, etc. –Which gets.

Lecture 16 Page 1 CS 236 Online Cross-Site Scripting XSS Many sites allow users to upload information –Blogs, photo sharing, Facebook, etc. –Which gets.
Lab 3 Cookie Stealing using XSS Kara James, Chelsea Collins, Trevor Norwood, David Johnson.

Lab 3 Cookie Stealing using XSS Kara James, Chelsea Collins, Trevor Norwood, David Johnson.
269200 Web Programming Language Dr. Ken Cosh Week 1 (Introduction)

Web Programming Language Dr. Ken Cosh Week 1 (Introduction)

Similar presentations

Ads by Google