Presentation is loading. Please wait.

Presentation is loading. Please wait.

Juha Siivikko 7.11.2013 SECURITY IN SOCIAL MEDIA.

Published byHoward Lindsey Modified over 9 years ago

Similar presentations

Presentation on theme: "Juha Siivikko 7.11.2013 SECURITY IN SOCIAL MEDIA."— Presentation transcript:

1 Juha Siivikko 7.11.2013 SECURITY IN SOCIAL MEDIA

2 WHAT IS A) SOSIAL MEDIA AND B) SECURITY Social media is the online content published by people that use easily accessible and very scalable puplishing platforms 1 E.g. Twitter, Facebook, LinkedIn, MySpace, YouTube, Wikis Social media sub categories contain networkking, blogging etc. Security is of course the barrier between the asset and the threat, but it is also a feeling

3 TOP 5 SOCIAL MEDIA SECURITY RISKS FOR ENTERPRISES 2 1/2 Mobile apps Employees download apps to their company-issued mobile devices Mobile apps have huge security risks, and some apps are just plain malicious software that reveal and send the user’s private information to a third party, destroy persolan data, impersonate the device owner etc. Social engineering Nowadays people are more willing than evere to share personal information about themselves online 2 Social media platforms encourage dangerous level of assumed trust 2

4 TOP 5 SOCIAL MEDIA SECURITY RISKS FOR ENTERPRISES2/2 The sites themselves Malicious code-injections e.g. shortened URL injections For example Twitter is really vulnerable because of the retweet function: the malicious code can be forwarded to hundreds of thousands of people in short time Employees Employees have lapses in judgement, they make mistakes and they behave emotianlly Lack of social media policy Without social media policy employees don’t know the goals and parameters of social media, this brings on chaos and problems

5 THE RISKS IN SOCIAL MEDIA FOR ANY USER The amount of risks is vast and the risks are not conserning only major enterprises, but everyone using social media The attacks can – for example – cause Mild annoyance Lose of personal data Lose of money Lose of a job And of course thats not all

6 SOCIAL ENGINEERING Rather than using thecnical hacking, social engineering is gaining acces to buildings, systems, data, etc. by manipulating or exploiting human psychology 3 For example, instead of using a software vulnerabilty, one might call an employee to pose as an IT suppor person trying to get the password of the employee One other popular tactic is to hack to someones Facebook accounta and send a message through the hacked account to ask for money by claiming to be stuck in a foreing city Once a social engineer has access to a person’s account, it is eaasy to gain information that can be used to make an credible scam attempt The most effective countermeasure for social engineering is awareness

7 PHISHING Phishing is like social engineering, its about getting personal information by means of fake emails, login sites etc. An exampe of a phishing email http://www.banksafeonline.org.uk/node/112http://www.banksafeonline.org.uk/node/112 Countermesures: Awareness, the knowledge about phisgin is vital, you can spot phishing attempts from bad grammar, questions about your password etc. Of coure some times the phishing attempt is carefully crafted, you must also remember to 5 : Not click links in your email, but use the real sites, log in and continue from there If you feel like you are on a phishing site, try to log in with invalid credentials, if it directs you to a logon failed page, you might be on a legimate website

8 CROSS-SITE SCRIPTING Cross-site scripting, or XSS, is a security vulnerability in web applications It enables to inject a script into a web page Here is an example that I made http://users.jyu.fi/~jusasiiv/TIES326/xssexample/http://users.jyu.fi/~jusasiiv/TIES326/xssexample/ The example – especially the login form – has a combination of features from phishing, XSS, social engineering and code injection

9 RISKS IN WEB 2.0 7 1/2 Authentication controls are spread amongst many users In Web 2.0 content is trusted to many users, which means there will be less- experienced users creating security issues, but also more holes for hackers e.g. brute force, more accounts which may have more simple passwords ect. Cross Site Request Forgery or CSRF An innocent looking site that has malicious code which request to a different site and because the heavy use of AJAX, Web 2.0 applications are potentially more vulnerable Phishing in Web 2.0 Because of multitude of dissimilar client software, it makes it harder to distinguish between genuine and fake web sites

10 RISKS IN WEB 2.02/2 Information leakage Web 2.0 has brought the work-from-anywhere mentality, which blurs the line between work and private life and because of that, people may inadvertently share sensitive information Injection flaws Web 2.0 has brought new kinds of injection attacks to daylight e.g. XML injection, XPath injection, JS injection and JSON injection and because of the heavy client side code use, it bring risks to the end users Insufficent anti-automation Web 2.0 lets hacker automate attacks more easily, hackers can use more effectively attacks like brute force, CSRF, large amounts of data retrieval and automated opening of accounts

11 WEB 2.0 COUNTERMESURES While Web 2.0 presents different types of challenges, those are not necessarily wore than the risks in legacy applications In dealing with the risks in Web 2.0 it comes again down to having a good understanding of the risks E.g. In the previous example about the HTML XSS blocking with the htmlspecialchars()

12 REFERENCES [1] http://socialmediasecurity.com/http://socialmediasecurity.com/ [2] http://www.networkworld.com/news/2011/053111-social-media-security.html?page=1http://www.networkworld.com/news/2011/053111-social-media-security.html?page=1 [3] http://www.csoonline.com/article/514063/social-engineering-the-basics#1http://www.csoonline.com/article/514063/social-engineering-the-basics#1 [4] https://sites.google.com/a/pccare.vn/it/security-pages/social-engineering-attacks-and- countermeasures https://sites.google.com/a/pccare.vn/it/security-pages/social-engineering-attacks-and- countermeasures [5] http://web.archive.org/web/20080320035409/http://www.hexview.com/sdp/node/24http://web.archive.org/web/20080320035409/http://www.hexview.com/sdp/node/24 [6] http://www.acunetix.com/websitesecurity/cross-site-scripting/http://www.acunetix.com/websitesecurity/cross-site-scripting/ [7] http://readwrite.com/2009/02/16/top-8-web-20-security- threats#awesm=~omBK194D1667qghttp://readwrite.com/2009/02/16/top-8-web-20-security- threats#awesm=~omBK194D1667qg

Download ppt "Juha Siivikko 7.11.2013 SECURITY IN SOCIAL MEDIA."

Similar presentations

Tiffany Phillips CIS 1055-004 What is a Social Networking Website? Social networking websites function like an online community of internet users. Depending.

Tiffany Phillips CIS What is a Social Networking Website? Social networking websites function like an online community of internet users. Depending.
 Classification of social media › Collaborative projects (Wikipedia) › Blogs (Twitter, Tumblr) › Content communities (Youtube) › Social networking (Facebook,

 Classification of social media › Collaborative projects (Wikipedia) › Blogs (Twitter, Tumblr) › Content communities (Youtube) › Social networking (Facebook,
Social Network Security Issues: Social Engineering and Phishing Attacks Jeffrey Allen, Leon Gomez, Marlon Green, Phillip Ricciardi, Christian Sanabria.

Social Network Security Issues: Social Engineering and Phishing Attacks Jeffrey Allen, Leon Gomez, Marlon Green, Phillip Ricciardi, Christian Sanabria.
ATTACKING AUTHENTICATION The Web Application Hacker’s Handbook, Ch. 6 Presenter: Jie Huang 10/31/2012.

ATTACKING AUTHENTICATION The Web Application Hacker’s Handbook, Ch. 6 Presenter: Jie Huang 10/31/2012.
Recommendations on the future of online GyroScope & Databse implementation.

Recommendations on the future of online GyroScope & Databse implementation.
You can socialise with the internet by using websites such as Facebook, twitter and MySpace. The good things about this is that you can talk to your friends.

You can socialise with the internet by using websites such as Facebook, twitter and MySpace. The good things about this is that you can talk to your friends.
SECURITY AND SOCIAL ENGINEERING US Department of Commerce Office of Security Updated 09/26/11 Security is Everyone's Responsibility – See Something, Say.

SECURITY AND SOCIAL ENGINEERING US Department of Commerce Office of Security Updated 09/26/11 Security is Everyone's Responsibility – See Something, Say.
Social media threats. Warning! May contain mild peril.

Social media threats. Warning! May contain mild peril.
Web 2.0: Concepts and Applications 5 Connecting People.

Web 2.0: Concepts and Applications 5 Connecting People.
Social Media Networking Sites Charlotte Jenkins Designing the Social Web 06-10-2011.

Social Media Networking Sites Charlotte Jenkins Designing the Social Web
Web 2.0 security Kushal Karanjkar Under guidance of Prof. Richard Sinn.

Web 2.0 security Kushal Karanjkar Under guidance of Prof. Richard Sinn.
IDAsec copyright - all rights reserved1 Web Vulnerabilities in the real world.

IDAsec copyright - all rights reserved1 Web Vulnerabilities in the real world.
Social Engineering PA Turnpike Commission. “Social Engineering is the practice of obtaining confidential information by manipulation of legitimate users”

Social Engineering PA Turnpike Commission. “Social Engineering is the practice of obtaining confidential information by manipulation of legitimate users”
Lecture 16 Page 1 CS 236 Online Cross-Site Scripting XSS Many sites allow users to upload information –Blogs, photo sharing, Facebook, etc. –Which gets.

Lecture 16 Page 1 CS 236 Online Cross-Site Scripting XSS Many sites allow users to upload information –Blogs, photo sharing, Facebook, etc. –Which gets.
Lab 3 Cookie Stealing using XSS Kara James, Chelsea Collins, Trevor Norwood, David Johnson.

Lab 3 Cookie Stealing using XSS Kara James, Chelsea Collins, Trevor Norwood, David Johnson.
Presenter Deddie Tjahjono.  Introduction  Website Application Layer  Why Web Application Security  Web Apps Security Scanner  About  Feature  How.

Presenter Deddie Tjahjono.  Introduction  Website Application Layer  Why Web Application Security  Web Apps Security Scanner  About  Feature  How.
Security Liaisons Information Presentation. Introduction  What’s the big deal with computer security? Don’t we have an IT security department to take.

Security Liaisons Information Presentation. Introduction  What’s the big deal with computer security? Don’t we have an IT security department to take.
Threats to I.T Internet security By Cameron Mundy.

Threats to I.T Internet security By Cameron Mundy.
Evolving Threats. Application Security - Understanding the Problem DesktopTransportNetworkWeb Applications Antivirus Protection Encryption (SSL) Firewalls.

Evolving Threats. Application Security - Understanding the Problem DesktopTransportNetworkWeb Applications Antivirus Protection Encryption (SSL) Firewalls.
© 2012-Robert G Parker May 24, 2012 Page: 1 © 2012-Robert G Parker May 24, 2012 Page: 1 © 2012-Robert G Parker May 24, 2012 Page: 1 © 2012-Robert G Parker.

© 2012-Robert G Parker May 24, 2012 Page: 1 © 2012-Robert G Parker May 24, 2012 Page: 1 © 2012-Robert G Parker May 24, 2012 Page: 1 © 2012-Robert G Parker.

Similar presentations

Ads by Google