Security Aspects of Social Networks at Campus Party 2010
-
Upload
anchises-moraes -
Category
Technology
-
view
1.072 -
download
1
description
Transcript of Security Aspects of Social Networks at Campus Party 2010
Security Aspects of Social Networks
Anchises M. G. De PaulaSecurity Intelligence Analyst
iDefense, VeriSignFebruary 25, 2010
Agenda
� Motivation� History� Future of Social
Networking� Current Problems� Security aspects of
Social Networking
Source: XKCD - http://xkcd.com
Why Social Networks?
� Global and cultural phenomenon
� Facebook: 400 million users� 3th largest “country” in
the world
� New attack vector for phishers, fraudsters and sexual predators
0
200
400
600
800
1000
1200
1400
1600
China
India
Faceb
ook
USA
Indone
sia
Brazil
Source: Facebook, CIA
Country Population (in millions)
Why Social Networks?
� New organization: “egocentric” approach
� Digital Identities� Profiles� Fakesters
Source: Google
Why Security?
“It’s the great irony of the Information
Age that the very technologies that empower us to
create and to build also empower
those who would disrupt and
destroy”
(Barack Obama)
Source: Whitehouse
History
Demographics
� Dominant social network vary greatly between different geographic regions
� Majority of the online connections between real-life friends
Source: oxyweb
Future of Social Networking
� Virtual Currency
� Mobile Social Networking
� Sensor Networks
� Social TV Source: Wired
Current Problems
� Decentralization and Interoperability
� Managing Social Identities
� Trust and Reputation Management
Current Problems
�Privacy�Personal data�Pictures�Professional
information
Current Problems
�Privacy�Personal data�Pictures�Professional information
�Content Overload
Current Problems
�Offense, Hate and Discrimination
�Child Safety and Sexual Crimes�Defamation
�Stalking�Cyber bullying
�Sexting
Security aspects of Social Networking� Current Security Threats
�Identity/Password Theft�Fake profiles�Targeted attacks
Security aspects of Social Networking� Current Security Threats
�Malicious Code, Viruses and Worms
�Spam, Phishing and Financial Fraud
Malicious Programs Targeting Social Networking Sites
Security aspects of Social Networking� Current Security Threats
�URL Shortening�Hide malicious sites
Source: tweetmeme
Security aspects of Social Networking� Social Networks
under Attack�Exploit of Social
Network Gadgets
�Security vulnerabilities�Cross-site scripting
(XSS)�SQL injection
�DDoS�Worms
�Koobface
Security aspects of Social Networking� Malicious Actors
�Individuals�Spammers and
phishers
�Fraudsters and cyber criminals
�Hacktivists and terrorist groups
�Sexual predators
Security aspects of Social Networking
� Malicious Actors�Terrorism Using Social
Networks and Online Communities
Security aspects of Social Networking� Malicious Actors
�Hacking communities�Recruitment� Information exchange�Marketplace�Hacker for hire
References
� Data Privacy Day: http://dataprivacyday2010.org
� Social Media Security: http://socialmediasecurity.comhttp://twitter.com/SocialMediaSec
� SocialNetworkingWatch: http://www.socialnetworkingwatch.com
� Security and Privacy in Social Networks Bibliography: http://www.cl.cam.ac.uk/~jcb82/sns_bib/main.html
� iDefense: www.idefense.com
Thank you :)
�Anchises M. G. De Paula�http://anchisesbr.blogspot.com�Twitter: @anchisesbr
Non-commercial Share Alike (by-nc-sa)
This work is licensed under the Creative Commons Attribution-NonCommercial-ShareAlike 2.5 License.
To view a copy of this license, visit http://creativecommons.org/licenses/by-nc-sa/2.5/ or send
a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA