This document discusses online social networks and some of the threats associated with using them. It defines online social networks as online communities where users can share interests and interact through chat, messaging, and other features. The most popular networks are used most by Generation Y and teens. Some key threats include cyberbullying, stalking, sexual predators, vulnerabilities in applications that can compromise privacy settings, spear phishing spam, and the aggregation of personal data by networks. It provides five ways to safely use social networks such as setting private defaults, being wary of applications, limiting personal information shared, only accepting friend requests from known people, and only posting information one is comfortable with others seeing.
Apidays New York 2024 - The value of a flexible API Management solution for O...
Online Social Networks: 5 threats and 5 ways to use them safely
1. Online Social Networks
Photo provided by http://flickr.com/photos/luc/1804295568/ via GNUCITIZEN
5 threats and 5 ways to use them safely
2. What are Online Social
Networks?
Online community of Internet users
Users share common interests
− Hobbies
− Religion
− Politics
− Friends
− Schools
Multiple ways for users to interact such as
chat, messaging, email, video, voice chat, file
sharing, blogging, discussion groups...
3. Who uses Online Social
Networks?
Most popular with
“Generation-Y”
“Teens and Tweens”
“Generation-X” and
older is the latest
trend
6. #1
Cyberbullying, stalking, and sexual predators
Teens bashing other teens...
Megan Meier suicide
MySpace released a report in 2007 showing
29,000 registered sex offenders on MySpace
7. #2 Vulnerabilities in Applications/Widgets
Widgets, third-party applications
XSS (Cross Site Scripting) Samy/Quicktime
Malicious banner ads/background images (Alicia
Keys’)
Be careful! Some applications will override privacy
settings!
From the blog post: “Invading the Space: Alicia Keys’ MySpace and… RBN?”
http://blog.trendmicro.com/invading-the-space-alicia-keys-myspace-and-rbn/
8. #3 Spear Phishing and SPAM
Fake “friend requests”
Emails that look like they are legitimate!
Screen shot courtesy of Paul Asadoorian, pauldotcom.com
9. #4 Collection and aggregation
of personal data
Most privacy policies are very vague
Think about it...$35 per user when MySpace
was sold to News Corp in 2005
Sites like Plaxo aggregate all of these social
networks together
The following is an example of a privacy statement:
“[SNS Provider] also logs non-personally identifiable
information including IP address, profile information,
aggregate user data, and browser type, from users and
visitors to the site. This data is used to manage the
website, track usage and improve the website services.
This non-personally-identifiable information may be
shared with third-parties to provide more relevant
services and advertisements to members.”
- From the ENISA position paper “Security Issues and
Recommendations for Online Social Networks
10. #5 Evil Twin Attacks
Chris Pirillo by Alan Berner - The Seattle Times
Fake profiles
Reputation slander
Corporate espionage (LinkedIn)
Weak authentication of the user (are you who
you say you are?)
11. Top 5
Ways to Safely use
Online Social Networks
12. #1 Set appropriate privacy
defaults
All Social Networking sites have wide-open
privacy defaults!
13. #2 Be careful with third-party
applications/widgets
Some of these applications will override
privacy settings
Example: “Secret Crush” Facebook
application
− Installed adware “worm”
Photos from Fortinet: http://www.fortiguardcenter.com/advisory/FGA-2007-16.html
14. #3 Limit personal information
Don’t post your full name, SSN, address...etc...
Be cautious about posting information that
could be used to identify you or locate you
offline
Careful with choosing an online alias and what
it says about you
“The more info you share, the more valuable you are”
15. #4 Only accept friend
requests/connections from people
you know directly
Most are SPAM
Most are bots that want to trick you!
LinkedIn
− Be aware of corporate espionage!
16. #5 Only post information your mother
is comfortable seeing!
Anyone can view these photos including
employers, friends, and enemy's
Don't trust a private profile!
“Use common sense!”