SlideShare une entreprise Scribd logo

Social Networks - The Good and the Bad

Xavier Mertens
Xavier Mertens

This presentation gives an overview of how social networks are used in companies and what are the risks associated with them. Some actions points are proposed to mitigate those risks.

TechnologieBusiness
1  sur  40
Social Networks The Good and The Bad Beltug Security SIG 2012 - Xavier Mertens
$ whoami • Xavier Mertens (@xme) • Security Consultant • CISSP, CISA, CeH • Security Blogger • Volunteer for security projects:
$ cat disclaimer.txt “The opinions expressed in this presentation are those of the speaker and do not reflect those of past, present or future employers, partners or customers”
Agenda • Definitions & Common Usages • Nightmare Stories • Risks • Actions!
Definition & Common Usages
Some Facts • Technology changed the way people communicate • “Usage of social networks by the Fortune 500 companies has seen an explosive growth in 2010 with 83% of the companies using at least one of the social media sites” • The usage of blogs has also increased by 50% (corporate blogs) • Around 34% have developed policies to govern blogging by their employees (Source: socialtimes.com)
Nothing New! (Source: idfive.com)
Do You Know Them?
In Belgium? (Source: google.com/addplanner)
Definition? “Social network sites are defined as web- based services that allow individuals or organizations to construct a public or semi- public profile within a bounded system, articulate a list of other users with whom they share a connection, and view and traverse their list of connections and those made by others within the system. ”
Common Usages • Communication about company & brands (marketing) • Live support • Technology & competition follow-up • Human Resources
Marketing • Social Networks give a sense of “dynamic” company • Direct Reach / Close to customers. • Extended circle of contacts at low costs • Personal touch
Live Support • Close contact with customers • Low Costs • Give a sense of “Real time”
Follow Up • What are doing my competitors? • What’s new in my field of activity? • Almost real-time news trending
Human Resources • “Hire” & “Fire” • Online recruiting • Employees screening
And you as individual? • Split your personal and professional activities • Use a disclaimer: “My Tweets reflect my personal opinion”
Nightmare Stories
Barbara Streisand The “Streisand Effect” is a primarily online phenomenon in which an attempt to hide or remove a piece of information has the unintended consequence of publicizing the information more widely.
The Belgian Jeweler In 2009, a Belgian Jeweler made a buzz with Belgian Twitter users with a complete misunderstanding of the social networks impacts.
Domino’s Pizza A Domino’s Pizza employee inserted nasal mucus on pizza’s. He was fired but video was posted on Youtube. 250.000+ views!
Koobface • Multi-platform worm that targeted Facebook users • First reported in 2009 • Botnet, DNS filter, Proxy feature
Risks
Malware & Viruses • Corporate devices used to access Social Networks • They are based on Web technologies. All known attacks are usable (see the OWASP Top-10) • URL shorteners / QRcodes (“click”- generation)
Wasted Resources • In big companies, usage of Social Network can waste a lot of bandwidth! Example: Facebook on a network of 10000+ users: 200GB/day • Waste of time by employees • Peak of wasted resources during popular events
“Users” • Users remain the weakest link • Facebook password same as Active Directory password? • Attackers use breaking news • How many “friends” are really friends?
Mobiles & Apps • People use mobile devices to access Social Networks • Suspicious browser extensions or 3rd party apps
Data Leak • People might post confidential information • Intentional or not! • Data Extrusion • Bypass regular communication channels (Skype)
Fake Accounts • Typo-squatting • Cyber-squatting
Social Engineering • All information to conduct a social engineering attack is already online • Google is your best friend • Tools like Maltego are gold mines
Degraded Brand Image • It takes years to build a brand image • It takes minutes to kill it!
Data Resilience • Once posted, it’s indexed! • Are removed data really deleted?
Reputation & Legal Liability • Disgruntled employees • “My boss is a bastard!” • “I’m pissed off by this f*cking job...” • Employers could be held responsible for failing to protect employees from accessing “sensitive” material.
Actions!
Official Support • Information can’t be published by employee self-initiative • Social Media must be defined as a regular communication channel with rules & guidelines
Monitor Your Brand • Even if not used immediately, register your account (if not too late!) • Google Alerts • Commercial services (buzzcapture.com) • Monitoring tools
Local Policies • No Social Networks access from business critical environments. • Restrict Social Networks access (“read-only”). • Modern firewalls may filter based on domains
Remote Policies • Read carefully the Social Networks policies • Follow updates & fix your profiles (Ex: LinkedIn can use your profile picture) • Similarities with cloud services
Security Awareness • Add Social Networks to your existing security awareness program. • “What employers and employees need to know.”
pastebin.com • pastebin.com is a website where people can anonymously post “pasties” (data) • Track monitoring about your company (Example: IP’s, domain names)
Thank You! Q&A? http://blog.rootshell.be http://twitter.com/xme

Recommandé

Social networking ... Boon or a Bane
Social networking ... Boon or a Bane Social networking ... Boon or a Bane
Social networking ... Boon or a Bane Nivesh Yadav
 
SOCIAL NETWORK - BOON OR BANE?
SOCIAL NETWORK - BOON OR BANE?SOCIAL NETWORK - BOON OR BANE?
SOCIAL NETWORK - BOON OR BANE?Sudip Ghose
 
Social Media Presentation.pptx
Social Media Presentation.pptxSocial Media Presentation.pptx
Social Media Presentation.pptxAsmaRahmatRika
 
Social media
Social mediaSocial media
Social mediaAmina Moussa
 
impact of social media on youth
impact of social media on youthimpact of social media on youth
impact of social media on youthSu Kee
 
Social media
Social mediaSocial media
Social mediaEeshan Mishra
 
EFFECT OF SOCIAL MEDIA ON US
EFFECT OF SOCIAL MEDIA ON USEFFECT OF SOCIAL MEDIA ON US
EFFECT OF SOCIAL MEDIA ON USManish Kumar
 
The effects of Social Networking upon society
The effects of Social Networking upon societyThe effects of Social Networking upon society
The effects of Social Networking upon societyBishrul Haq
 

Recommandé

Social networking ... Boon or a Bane
Social networking ... Boon or a Bane Social networking ... Boon or a Bane
Social networking ... Boon or a Bane Nivesh Yadav
 
SOCIAL NETWORK - BOON OR BANE?
SOCIAL NETWORK - BOON OR BANE?SOCIAL NETWORK - BOON OR BANE?
SOCIAL NETWORK - BOON OR BANE?Sudip Ghose
 
Social Media Presentation.pptx
Social Media Presentation.pptxSocial Media Presentation.pptx
Social Media Presentation.pptxAsmaRahmatRika
 
Social media
Social mediaSocial media
Social mediaAmina Moussa
 
impact of social media on youth
impact of social media on youthimpact of social media on youth
impact of social media on youthSu Kee
 
Social media
Social mediaSocial media
Social mediaEeshan Mishra
 
EFFECT OF SOCIAL MEDIA ON US
EFFECT OF SOCIAL MEDIA ON USEFFECT OF SOCIAL MEDIA ON US
EFFECT OF SOCIAL MEDIA ON USManish Kumar
 
The effects of Social Networking upon society
The effects of Social Networking upon societyThe effects of Social Networking upon society
The effects of Social Networking upon societyBishrul Haq
 
Social networking boon or a bane
Social networking boon or a baneSocial networking boon or a bane
Social networking boon or a baneAbhishek Sharma
 
Social networks: Advantages and disadvantages
Social networks: Advantages and disadvantagesSocial networks: Advantages and disadvantages
Social networks: Advantages and disadvantagesntechproject
 
Social Media
Social MediaSocial Media
Social MediaSamad Abbasi
 
Advantages and disadvantages of social media
Advantages and disadvantages of social mediaAdvantages and disadvantages of social media
Advantages and disadvantages of social mediaAlan Raj
 
Social Media
Social MediaSocial Media
Social MediaBijay Bhandari
 
A presentation on social networking sites
A presentation on social networking sitesA presentation on social networking sites
A presentation on social networking sitesAmit Kundu
 
Social Media & Business Marketing
Social Media & Business MarketingSocial Media & Business Marketing
Social Media & Business MarketingMLT Group Advertising & Marketing
 
Social Media
Social MediaSocial Media
Social MediaDarshit
 
Effects of social media on youth
Effects of social media on youthEffects of social media on youth
Effects of social media on youthSukriti Singh
 
The Deep and Dark Web
The Deep and Dark WebThe Deep and Dark Web
The Deep and Dark WebSwecha | స్వేచ్ఛ
 
Cfadw presentation
Cfadw presentationCfadw presentation
Cfadw presentationguestf8d4d6f
 
Social Media & Networking - Boon or Bane?
Social Media & Networking - Boon or Bane?Social Media & Networking - Boon or Bane?
Social Media & Networking - Boon or Bane?Yash Mittal
 
Side Effects of Social Media
Side Effects of Social MediaSide Effects of Social Media
Side Effects of Social MediaAniket Maithani
 
Cfadw Presentation
Cfadw PresentationCfadw Presentation
Cfadw Presentationguest09025b
 
10 Advantages and Disadvantages of Social Media for Society
10 Advantages and Disadvantages of Social Media for Society10 Advantages and Disadvantages of Social Media for Society
10 Advantages and Disadvantages of Social Media for Societyaloyce japhet
 
Social Media & it's Impact in Today's World
Social Media & it's Impact in Today's WorldSocial Media & it's Impact in Today's World
Social Media & it's Impact in Today's WorldStephen Mokiwa
 
Effects of Social Media on Youth
Effects of Social Media on YouthEffects of Social Media on Youth
Effects of Social Media on YouthKamlesh Thakur
 
Social Media Presentation
Social Media PresentationSocial Media Presentation
Social Media Presentationananthvijaykumar
 
The negative impact of social media
The negative impact of social mediaThe negative impact of social media
The negative impact of social mediaProe24
 
Negative side of Social meadia
Negative side of Social meadia Negative side of Social meadia
Negative side of Social meadia Sarath Mathew
 
Lost in Cultural Translation
Lost in Cultural TranslationLost in Cultural Translation
Lost in Cultural TranslationVanessa Vela
 
The Business of Social Media
The Business of Social Media The Business of Social Media
The Business of Social Media Dave Kerpen
 

Contenu connexe

Tendances

Social networking boon or a bane
Social networking boon or a baneSocial networking boon or a bane
Social networking boon or a baneAbhishek Sharma
 
Social networks: Advantages and disadvantages
Social networks: Advantages and disadvantagesSocial networks: Advantages and disadvantages
Social networks: Advantages and disadvantagesntechproject
 
Advantages and disadvantages of social media
Advantages and disadvantages of social mediaAdvantages and disadvantages of social media
Advantages and disadvantages of social mediaAlan Raj
 
A presentation on social networking sites
A presentation on social networking sitesA presentation on social networking sites
A presentation on social networking sitesAmit Kundu
 
Social Media
Social MediaSocial Media
Social MediaDarshit
 
Effects of social media on youth
Effects of social media on youthEffects of social media on youth
Effects of social media on youthSukriti Singh
 
Cfadw presentation
Cfadw presentationCfadw presentation
Cfadw presentationguestf8d4d6f
 
Social Media & Networking - Boon or Bane?
Social Media & Networking - Boon or Bane?Social Media & Networking - Boon or Bane?
Social Media & Networking - Boon or Bane?Yash Mittal
 
Side Effects of Social Media
Side Effects of Social MediaSide Effects of Social Media
Side Effects of Social MediaAniket Maithani
 
Cfadw Presentation
Cfadw PresentationCfadw Presentation
Cfadw Presentationguest09025b
 
10 Advantages and Disadvantages of Social Media for Society
10 Advantages and Disadvantages of Social Media for Society10 Advantages and Disadvantages of Social Media for Society
10 Advantages and Disadvantages of Social Media for Societyaloyce japhet
 
Social Media & it's Impact in Today's World
Social Media & it's Impact in Today's WorldSocial Media & it's Impact in Today's World
Social Media & it's Impact in Today's WorldStephen Mokiwa
 
Effects of Social Media on Youth
Effects of Social Media on YouthEffects of Social Media on Youth
Effects of Social Media on YouthKamlesh Thakur
 
The negative impact of social media
The negative impact of social mediaThe negative impact of social media
The negative impact of social mediaProe24
 
Negative side of Social meadia
Negative side of Social meadia Negative side of Social meadia
Negative side of Social meadia Sarath Mathew
 

Tendances (20)

Social networking boon or a bane
Social networking boon or a baneSocial networking boon or a bane
Social networking boon or a bane
 
Social networks: Advantages and disadvantages
Social networks: Advantages and disadvantagesSocial networks: Advantages and disadvantages
Social networks: Advantages and disadvantages
 
Social Media
Social MediaSocial Media
Social Media
 
Advantages and disadvantages of social media
Advantages and disadvantages of social mediaAdvantages and disadvantages of social media
Advantages and disadvantages of social media
 
Social Media
Social MediaSocial Media
Social Media
 
A presentation on social networking sites
A presentation on social networking sitesA presentation on social networking sites
A presentation on social networking sites
 
Social Media & Business Marketing
Social Media & Business MarketingSocial Media & Business Marketing
Social Media & Business Marketing
 
Social Media
Social MediaSocial Media
Social Media
 
Effects of social media on youth
Effects of social media on youthEffects of social media on youth
Effects of social media on youth
 
The Deep and Dark Web
The Deep and Dark WebThe Deep and Dark Web
The Deep and Dark Web
 
Cfadw presentation
Cfadw presentationCfadw presentation
Cfadw presentation
 
Social Media & Networking - Boon or Bane?
Social Media & Networking - Boon or Bane?Social Media & Networking - Boon or Bane?
Social Media & Networking - Boon or Bane?
 
Side Effects of Social Media
Side Effects of Social MediaSide Effects of Social Media
Side Effects of Social Media
 
Cfadw Presentation
Cfadw PresentationCfadw Presentation
Cfadw Presentation
 
10 Advantages and Disadvantages of Social Media for Society
10 Advantages and Disadvantages of Social Media for Society10 Advantages and Disadvantages of Social Media for Society
10 Advantages and Disadvantages of Social Media for Society
 
Social Media & it's Impact in Today's World
Social Media & it's Impact in Today's WorldSocial Media & it's Impact in Today's World
Social Media & it's Impact in Today's World
 
Effects of Social Media on Youth
Effects of Social Media on YouthEffects of Social Media on Youth
Effects of Social Media on Youth
 
Social Media Presentation
Social Media PresentationSocial Media Presentation
Social Media Presentation
 
The negative impact of social media
The negative impact of social mediaThe negative impact of social media
The negative impact of social media
 
Negative side of Social meadia
Negative side of Social meadia Negative side of Social meadia
Negative side of Social meadia
 

En vedette

Lost in Cultural Translation
Lost in Cultural TranslationLost in Cultural Translation
Lost in Cultural TranslationVanessa Vela
 
The Business of Social Media
The Business of Social Media The Business of Social Media
The Business of Social Media Dave Kerpen
 
10 Steps of Project Management in Digital Agencies
10 Steps of Project Management in Digital Agencies 10 Steps of Project Management in Digital Agencies
10 Steps of Project Management in Digital Agencies Alemsah Ozturk
 
The hottest analysis tools for startups
The hottest analysis tools for startupsThe hottest analysis tools for startups
The hottest analysis tools for startupsLiane Siebenhaar
 
All About Beer
All About Beer All About Beer
All About Beer Ethos3
 

En vedette (7)

Lost in Cultural Translation
Lost in Cultural TranslationLost in Cultural Translation
Lost in Cultural Translation
 
The Business of Social Media
The Business of Social Media The Business of Social Media
The Business of Social Media
 
Flyer
FlyerFlyer
Flyer
 
10 Steps of Project Management in Digital Agencies
10 Steps of Project Management in Digital Agencies 10 Steps of Project Management in Digital Agencies
10 Steps of Project Management in Digital Agencies
 
The hottest analysis tools for startups
The hottest analysis tools for startupsThe hottest analysis tools for startups
The hottest analysis tools for startups
 
All About Beer
All About Beer All About Beer
All About Beer
 
Displaying Data
Displaying DataDisplaying Data
Displaying Data
 

Similaire à Social Networks - The Good and the Bad

Skillteam workshop social media final v1.0 05.10.2011
Skillteam workshop social media final v1.0 05.10.2011Skillteam workshop social media final v1.0 05.10.2011
Skillteam workshop social media final v1.0 05.10.2011Fishtank
 
Social Media for Internal Company Communications by @JoeyShepp
Social Media for Internal Company Communications by @JoeySheppSocial Media for Internal Company Communications by @JoeyShepp
Social Media for Internal Company Communications by @JoeySheppEarthsite
 
Final social media in business is 460
Final social media in business is 460Final social media in business is 460
Final social media in business is 460msiakpere
 
GovLoop Training Webinar: Social Media Basics Part 2
GovLoop Training Webinar: Social Media Basics Part 2GovLoop Training Webinar: Social Media Basics Part 2
GovLoop Training Webinar: Social Media Basics Part 2GovLoop
 
GovLoop Training Webinar: Social Media Basics Part 2
GovLoop Training Webinar: Social Media Basics Part 2GovLoop Training Webinar: Social Media Basics Part 2
GovLoop Training Webinar: Social Media Basics Part 2GovLoop
 
Social networks and social media analysis in the context of the enterprise
Social networks and social media analysis in the context of the enterpriseSocial networks and social media analysis in the context of the enterprise
Social networks and social media analysis in the context of the enterpriseRamez Al-Fayez
 
Social engineering
Social engineeringSocial engineering
Social engineeringRobert Hood
 
Enterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence GatheringEnterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence GatheringTom Eston
 
Building your online professional profile
Building your online professional profileBuilding your online professional profile
Building your online professional profileLisa Harris
 
Digital mindset for Social HR
Digital mindset for Social HRDigital mindset for Social HR
Digital mindset for Social HRRuchi Bhatia
 
online identity & employability feb 2015
online identity & employability feb 2015online identity & employability feb 2015
online identity & employability feb 2015Lisa Harris
 
Exploring social theory through enterprise social media (muller, ibm research)
Exploring social theory through enterprise social media (muller, ibm research)Exploring social theory through enterprise social media (muller, ibm research)
Exploring social theory through enterprise social media (muller, ibm research)Michael Muller
 
Social Media: Infiltrating The Enterprise
Social Media: Infiltrating The EnterpriseSocial Media: Infiltrating The Enterprise
Social Media: Infiltrating The EnterpriseJay McLaughlin
 
Effective Training and Policy Takes the Fear out of Social Networking - Shawn...
Effective Training and Policy Takes the Fear out of Social Networking - Shawn...Effective Training and Policy Takes the Fear out of Social Networking - Shawn...
Effective Training and Policy Takes the Fear out of Social Networking - Shawn...sdavis532
 
SocialSafe for SMEs/SMBs - V1
SocialSafe for SMEs/SMBs - V1SocialSafe for SMEs/SMBs - V1
SocialSafe for SMEs/SMBs - V1Julian Ranger
 

Similaire à Social Networks - The Good and the Bad (20)

Skillteam workshop social media final v1.0 05.10.2011
Skillteam workshop social media final v1.0 05.10.2011Skillteam workshop social media final v1.0 05.10.2011
Skillteam workshop social media final v1.0 05.10.2011
 
Social Media for Internal Company Communications by @JoeyShepp
Social Media for Internal Company Communications by @JoeySheppSocial Media for Internal Company Communications by @JoeyShepp
Social Media for Internal Company Communications by @JoeyShepp
 
Final social media in business is 460
Final social media in business is 460Final social media in business is 460
Final social media in business is 460
 
GovLoop Training Webinar: Social Media Basics Part 2
GovLoop Training Webinar: Social Media Basics Part 2GovLoop Training Webinar: Social Media Basics Part 2
GovLoop Training Webinar: Social Media Basics Part 2
 
GovLoop Training Webinar: Social Media Basics Part 2
GovLoop Training Webinar: Social Media Basics Part 2GovLoop Training Webinar: Social Media Basics Part 2
GovLoop Training Webinar: Social Media Basics Part 2
 
Social networks and social media analysis in the context of the enterprise
Social networks and social media analysis in the context of the enterpriseSocial networks and social media analysis in the context of the enterprise
Social networks and social media analysis in the context of the enterprise
 
Twitter for Business webinar
Twitter for Business webinarTwitter for Business webinar
Twitter for Business webinar
 
Social engineering
Social engineeringSocial engineering
Social engineering
 
Enterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence GatheringEnterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence Gathering
 
Building your online professional profile
Building your online professional profileBuilding your online professional profile
Building your online professional profile
 
Digital mindset for Social HR
Digital mindset for Social HRDigital mindset for Social HR
Digital mindset for Social HR
 
online identity & employability feb 2015
online identity & employability feb 2015online identity & employability feb 2015
online identity & employability feb 2015
 
Why Should Big Law do Social Media
Why Should Big Law do Social MediaWhy Should Big Law do Social Media
Why Should Big Law do Social Media
 
Exploring social theory through enterprise social media (muller, ibm research)
Exploring social theory through enterprise social media (muller, ibm research)Exploring social theory through enterprise social media (muller, ibm research)
Exploring social theory through enterprise social media (muller, ibm research)
 
Social Media: Infiltrating The Enterprise
Social Media: Infiltrating The EnterpriseSocial Media: Infiltrating The Enterprise
Social Media: Infiltrating The Enterprise
 
WSA 031215
WSA 031215WSA 031215
WSA 031215
 
Effective Training and Policy Takes the Fear out of Social Networking - Shawn...
Effective Training and Policy Takes the Fear out of Social Networking - Shawn...Effective Training and Policy Takes the Fear out of Social Networking - Shawn...
Effective Training and Policy Takes the Fear out of Social Networking - Shawn...
 
SocialSafe for SMEs/SMBs - V1
SocialSafe for SMEs/SMBs - V1SocialSafe for SMEs/SMBs - V1
SocialSafe for SMEs/SMBs - V1
 
Intranet 2.0 Webinar Oct 2008
Intranet 2.0 Webinar Oct 2008Intranet 2.0 Webinar Oct 2008
Intranet 2.0 Webinar Oct 2008
 
Top 10 Social Media Management Tools - October 2011
Top 10 Social Media Management Tools - October 2011Top 10 Social Media Management Tools - October 2011
Top 10 Social Media Management Tools - October 2011
 

Plus de Xavier Mertens

FPC for the Masses (SANSFire Edition)
FPC for the Masses (SANSFire Edition)FPC for the Masses (SANSFire Edition)
FPC for the Masses (SANSFire Edition)Xavier Mertens
 
FPC for the Masses - CoRIIN 2018
FPC for the Masses - CoRIIN 2018FPC for the Masses - CoRIIN 2018
FPC for the Masses - CoRIIN 2018Xavier Mertens
 
HTTP For the Good or the Bad - FSEC Edition
HTTP For the Good or the Bad - FSEC EditionHTTP For the Good or the Bad - FSEC Edition
HTTP For the Good or the Bad - FSEC EditionXavier Mertens
 
HTTP For the Good or the Bad
HTTP For the Good or the BadHTTP For the Good or the Bad
HTTP For the Good or the BadXavier Mertens
 
Developers are from Mars, Security guys are from Venus
Developers are from Mars, Security guys are from VenusDevelopers are from Mars, Security guys are from Venus
Developers are from Mars, Security guys are from VenusXavier Mertens
 
Building A Poor man’s Fir3Ey3 Mail Scanner
Building A Poor man’s Fir3Ey3 Mail ScannerBuilding A Poor man’s Fir3Ey3 Mail Scanner
Building A Poor man’s Fir3Ey3 Mail ScannerXavier Mertens
 
$HOME Sweet $HOME SANSFIRE Edition
$HOME Sweet $HOME SANSFIRE Edition$HOME Sweet $HOME SANSFIRE Edition
$HOME Sweet $HOME SANSFIRE EditionXavier Mertens
 
Automatic MIME Attachments Triage
Automatic MIME Attachments TriageAutomatic MIME Attachments Triage
Automatic MIME Attachments TriageXavier Mertens
 
$HOME Sweet $HOME Devoxx 2015
$HOME Sweet $HOME Devoxx 2015$HOME Sweet $HOME Devoxx 2015
$HOME Sweet $HOME Devoxx 2015Xavier Mertens
 
Malware Analysis Using Free Software
Malware Analysis Using Free SoftwareMalware Analysis Using Free Software
Malware Analysis Using Free SoftwareXavier Mertens
 
Because we are just humans
Because we are just humansBecause we are just humans
Because we are just humansXavier Mertens
 
You have a SIEM! And now?
You have a SIEM! And now?You have a SIEM! And now?
You have a SIEM! And now?Xavier Mertens
 
What are-you-investigate-today? (version 2.0)
What are-you-investigate-today? (version 2.0)What are-you-investigate-today? (version 2.0)
What are-you-investigate-today? (version 2.0)Xavier Mertens
 
The BruCO"NSA" Network
The BruCO"NSA" NetworkThe BruCO"NSA" Network
The BruCO"NSA" NetworkXavier Mertens
 
What Will You Investigate Today?
What Will You Investigate Today?What Will You Investigate Today?
What Will You Investigate Today?Xavier Mertens
 
Unity Makes Strength SOURCE Dublin 2013
Unity Makes Strength SOURCE Dublin 2013Unity Makes Strength SOURCE Dublin 2013
Unity Makes Strength SOURCE Dublin 2013Xavier Mertens
 

Plus de Xavier Mertens (20)

FPC for the Masses (SANSFire Edition)
FPC for the Masses (SANSFire Edition)FPC for the Masses (SANSFire Edition)
FPC for the Masses (SANSFire Edition)
 
FPC for the Masses - CoRIIN 2018
FPC for the Masses - CoRIIN 2018FPC for the Masses - CoRIIN 2018
FPC for the Masses - CoRIIN 2018
 
HTTP For the Good or the Bad - FSEC Edition
HTTP For the Good or the Bad - FSEC EditionHTTP For the Good or the Bad - FSEC Edition
HTTP For the Good or the Bad - FSEC Edition
 
Unity Makes Strength
Unity Makes StrengthUnity Makes Strength
Unity Makes Strength
 
HTTP For the Good or the Bad
HTTP For the Good or the BadHTTP For the Good or the Bad
HTTP For the Good or the Bad
 
Developers are from Mars, Security guys are from Venus
Developers are from Mars, Security guys are from VenusDevelopers are from Mars, Security guys are from Venus
Developers are from Mars, Security guys are from Venus
 
Building A Poor man’s Fir3Ey3 Mail Scanner
Building A Poor man’s Fir3Ey3 Mail ScannerBuilding A Poor man’s Fir3Ey3 Mail Scanner
Building A Poor man’s Fir3Ey3 Mail Scanner
 
$HOME Sweet $HOME SANSFIRE Edition
$HOME Sweet $HOME SANSFIRE Edition$HOME Sweet $HOME SANSFIRE Edition
$HOME Sweet $HOME SANSFIRE Edition
 
Automatic MIME Attachments Triage
Automatic MIME Attachments TriageAutomatic MIME Attachments Triage
Automatic MIME Attachments Triage
 
$HOME Sweet $HOME Devoxx 2015
$HOME Sweet $HOME Devoxx 2015$HOME Sweet $HOME Devoxx 2015
$HOME Sweet $HOME Devoxx 2015
 
$HOME Sweet $HOME
$HOME Sweet $HOME$HOME Sweet $HOME
$HOME Sweet $HOME
 
Secure Web Coding
Secure Web CodingSecure Web Coding
Secure Web Coding
 
Malware Analysis Using Free Software
Malware Analysis Using Free SoftwareMalware Analysis Using Free Software
Malware Analysis Using Free Software
 
Because we are just humans
Because we are just humansBecause we are just humans
Because we are just humans
 
You have a SIEM! And now?
You have a SIEM! And now?You have a SIEM! And now?
You have a SIEM! And now?
 
What are-you-investigate-today? (version 2.0)
What are-you-investigate-today? (version 2.0)What are-you-investigate-today? (version 2.0)
What are-you-investigate-today? (version 2.0)
 
The BruCO"NSA" Network
The BruCO"NSA" NetworkThe BruCO"NSA" Network
The BruCO"NSA" Network
 
What Will You Investigate Today?
What Will You Investigate Today?What Will You Investigate Today?
What Will You Investigate Today?
 
Unity Makes Strength SOURCE Dublin 2013
Unity Makes Strength SOURCE Dublin 2013Unity Makes Strength SOURCE Dublin 2013
Unity Makes Strength SOURCE Dublin 2013
 
Mobile Apps Security
Mobile Apps SecurityMobile Apps Security
Mobile Apps Security
 

Dernier

Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfhans926745
 

Dernier (20)

Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 

Social Networks - The Good and the Bad

  • 1. Social Networks The Good and The Bad Beltug Security SIG 2012 - Xavier Mertens
  • 2. $ whoami • Xavier Mertens (@xme) • Security Consultant • CISSP, CISA, CeH • Security Blogger • Volunteer for security projects:
  • 3. $ cat disclaimer.txt “The opinions expressed in this presentation are those of the speaker and do not reflect those of past, present or future employers, partners or customers”
  • 4. Agenda • Definitions & Common Usages • Nightmare Stories • Risks • Actions!
  • 5. Definition & Common Usages
  • 6. Some Facts • Technology changed the way people communicate • “Usage of social networks by the Fortune 500 companies has seen an explosive growth in 2010 with 83% of the companies using at least one of the social media sites” • The usage of blogs has also increased by 50% (corporate blogs) • Around 34% have developed policies to govern blogging by their employees (Source: socialtimes.com)
  • 7. Nothing New! (Source: idfive.com)
  • 8. Do You Know Them?
  • 9. In Belgium? (Source: google.com/addplanner)
  • 10. Definition? “Social network sites are defined as web- based services that allow individuals or organizations to construct a public or semi- public profile within a bounded system, articulate a list of other users with whom they share a connection, and view and traverse their list of connections and those made by others within the system. ”
  • 11. Common Usages • Communication about company & brands (marketing) • Live support • Technology & competition follow-up • Human Resources
  • 12. Marketing • Social Networks give a sense of “dynamic” company • Direct Reach / Close to customers. • Extended circle of contacts at low costs • Personal touch
  • 13. Live Support • Close contact with customers • Low Costs • Give a sense of “Real time”
  • 14. Follow Up • What are doing my competitors? • What’s new in my field of activity? • Almost real-time news trending
  • 15. Human Resources • “Hire” & “Fire” • Online recruiting • Employees screening
  • 16. And you as individual? • Split your personal and professional activities • Use a disclaimer: “My Tweets reflect my personal opinion”
  • 18. Barbara Streisand The “Streisand Effect” is a primarily online phenomenon in which an attempt to hide or remove a piece of information has the unintended consequence of publicizing the information more widely.
  • 19. The Belgian Jeweler In 2009, a Belgian Jeweler made a buzz with Belgian Twitter users with a complete misunderstanding of the social networks impacts.
  • 20. Domino’s Pizza A Domino’s Pizza employee inserted nasal mucus on pizza’s. He was fired but video was posted on Youtube. 250.000+ views!
  • 21. Koobface • Multi-platform worm that targeted Facebook users • First reported in 2009 • Botnet, DNS filter, Proxy feature
  • 22. Risks
  • 23. Malware & Viruses • Corporate devices used to access Social Networks • They are based on Web technologies. All known attacks are usable (see the OWASP Top-10) • URL shorteners / QRcodes (“click”- generation)
  • 24. Wasted Resources • In big companies, usage of Social Network can waste a lot of bandwidth! Example: Facebook on a network of 10000+ users: 200GB/day • Waste of time by employees • Peak of wasted resources during popular events
  • 25. “Users” • Users remain the weakest link • Facebook password same as Active Directory password? • Attackers use breaking news • How many “friends” are really friends?
  • 26. Mobiles & Apps • People use mobile devices to access Social Networks • Suspicious browser extensions or 3rd party apps
  • 27. Data Leak • People might post confidential information • Intentional or not! • Data Extrusion • Bypass regular communication channels (Skype)
  • 29. Social Engineering • All information to conduct a social engineering attack is already online • Google is your best friend • Tools like Maltego are gold mines
  • 30. Degraded Brand Image • It takes years to build a brand image • It takes minutes to kill it!
  • 31. Data Resilience • Once posted, it’s indexed! • Are removed data really deleted?
  • 32. Reputation & Legal Liability • Disgruntled employees • “My boss is a bastard!” • “I’m pissed off by this f*cking job...” • Employers could be held responsible for failing to protect employees from accessing “sensitive” material.
  • 34. Official Support • Information can’t be published by employee self-initiative • Social Media must be defined as a regular communication channel with rules & guidelines
  • 35. Monitor Your Brand • Even if not used immediately, register your account (if not too late!) • Google Alerts • Commercial services (buzzcapture.com) • Monitoring tools
  • 36. Local Policies • No Social Networks access from business critical environments. • Restrict Social Networks access (“read-only”). • Modern firewalls may filter based on domains
  • 37. Remote Policies • Read carefully the Social Networks policies • Follow updates & fix your profiles (Ex: LinkedIn can use your profile picture) • Similarities with cloud services
  • 38. Security Awareness • Add Social Networks to your existing security awareness program. • “What employers and employees need to know.”
  • 39. pastebin.com • pastebin.com is a website where people can anonymously post “pasties” (data) • Track monitoring about your company (Example: IP’s, domain names)
  • 40. Thank You! Q&A? http://blog.rootshell.be http://twitter.com/xme

Notes de l'éditeur

  1. \n
  2. \n
  3. \n
  4. \n
  5. \n
  6. \n
  7. \n
  8. \n
  9. \n
  10. \n
  11. \n
  12. \n
  13. \n
  14. \n
  15. \n
  16. \n
  17. \n
  18. \n
  19. \n
  20. \n
  21. \n
  22. \n
  23. \n
  24. \n
  25. \n
  26. \n
  27. \n
  28. \n
  29. \n
  30. \n
  31. \n
  32. \n
  33. \n
  34. \n
  35. \n
  36. \n
  37. \n
  38. \n
  39. \n
  40. \n