Presentation is loading. Please wait.

Presentation is loading. Please wait.

Facebook Security and Privacy Issues Brian Allen Network Security Analyst Washington University December 2, 2010 Alumni House.

Published byChristiana McDowell Modified over 9 years ago

Similar presentations

Presentation on theme: "Facebook Security and Privacy Issues Brian Allen Network Security Analyst Washington University December 2, 2010 Alumni House."— Presentation transcript:

1 Facebook Security and Privacy Issues Brian Allen Network Security Analyst Washington University December 2, 2010 Alumni House

2 Today’s Discussion Items Social Networking Security and Privacy: – Facebook photo settings – Phishing examples Facebook and Computer Tips Ursa Bear Observations Highlighted Facebook Malware: – Koobface

3

4

5

6

7

8

9

10

11

12

13 Twitter Phish 1 of 2

14 Twitter Phish 2 of 2

15

16 Facebook Options Facebook User Facebook Page Facebook Group – Open: All content is public. – Closed: Limited public content. Members can see all content. – Secret: Members and content are private.

17 Facebook Group Problems 1.Members can add friends. No confirmation is required by the person being added. – One of your “friends” could add you to the new, closed “Al-Qaeda lovers” group. 2.When Facebook group administrators step down, anyone else can take over. – For small groups, administrators can edit a group name or info, moderate discussion, and message group members.

18 Social Network Policy http://isc.sans.edu/diary.html?storyid=9733 http://isc.sans.edu/diary.html?storyid=9826

19 Link Security Tips Use caution when clicking a link or opening an attachment, even if sent or posted by a friend. If you have any doubt, get confirmation directly from the sender. Be wary of messages that include attractive offers or urgent requests. Watch out for links that require you to immediately provide a login and password. Type the URL (for example, www.facebook.com) directly into your browser address bar.

20 Browser Security Tips Use Firefox as your regular browser and have it automatically update itself. Firefox 3+ has Phishing and Malware Protection on by default to help keep you safe. Use the Add Block Plus Firefox Addon. Use the NoScript Firefox Addon (for diehard users only)

21 Four OS Security Tips Make sure the operating system has: – Update automatically – Up-to-date Anti-virus/Anti-spyware – Firewall turned on – All accounts have strong passwords

22 Facebook Security Facebook provides easy tools to help you: – Keep track of your activity – Keep track of your logins – Control the information you share – Prove your identity if you ever lose access to your account

23 Facebook Security Tips

24 Facebook Account Security

25 Facebook Download Info

26 Ursa Bear 1

27 Ursa Bear 2

28 Ursa Bear 3

29 Ursa Bear 4

30 Ursa Bear 5

31 What To Do With A Scam If you come across a scam, report it so that it can be taken down. Facebook provides report links next to most pieces of content, as well as ways to report spam messages and emails. You can also let the Network Security Office know about it.

32 Koobface Botnet Koobface made an estimated $2m since July 2009 It makes money by selling scareware (fake anti- virus), doing click fraud and other scams. Koobface targets Facebook and other sites. 400,000+ bots; 20,000+ fake Facebook accounts Tricks users to execute malware disguised as Flash updates needed to view shocking content. The malware turns compromised PCs into zombie drones under the control of hackers. http://www.theregister.co.uk/2010/11/15/koobface_take_down/

33 Fake Anti-Virus Screen Shot

34 KoobFace Botnet How it works in one example: Koobface is a Russian based botnet The threat arrives as a Facebook private message that contains a supposed link to a youtube video

35 Don’t Click the LINK!

36 Koobface Example Continued Users who are tricked into clicking the link are redirected to other pages until they finally end up at a spoofed YouTube site called YuoTube

37 Don’t Trust the “Adobe Flash Update”!

38 How KoobFace works It searches for social-networking-related cookies and connects to these using saved login sessions. It then navigates through users’ pages to search for their friends. It phones home to get the actual message that the worm will then spread to your friends. McAfee says it is not unusual to see 10,000 Koobface variants in one month. http://blogs.mcafee.com/mcafee-labs/malware-at-midyear-a-summary TrendLabs considers Zeus and Koobface to be the most prolific malware families http://us.trendmicro.com/imperia/md/content/us/trendwatch/researchandanalysis/tm101hthreat_report.pdf

39 Koobface Targets MacOSX A new version of Koobface attacks Mac OSX spreads through Facebook. Security company Intego says this version uses a malicious Java applet to attack users. http://krebsonsecurity.com/2010/10/koobface-worm-targets-java-on-mac-os-x/

40 Facebook Survey Scam A message is posted with an enticing link. It appears to be posted by one of your friends.

41 Facebook Survey Scam Clicking the link takes you to a page which makes you "Like" the page before showing you the “SICK hidden message" from Toy Story 3.

42 Facebook Survey Scam The goal for this scam is to direct users to an online survey. The survey is required if you want to view the Toy Story 3 content. The scammers make money for the traffic they bring to the survey, and the survey-makers will benefit from collecting your data.

Download ppt "Facebook Security and Privacy Issues Brian Allen Network Security Analyst Washington University December 2, 2010 Alumni House."

Similar presentations

Tips and tools to keep you and your information safe on-line. We will go over a lot of information today, so it is important to pay attention and follow.

Tips and tools to keep you and your information safe on-line. We will go over a lot of information today, so it is important to pay attention and follow.
How to protect yourself, your computer, and others on the internet

How to protect yourself, your computer, and others on the internet
Developed by Technology Services 1:1 Laptop Initiative

Developed by Technology Services 1:1 Laptop Initiative
Tips and tools to keep you and your information safe on-line. We will go over a lot of information today, so it is important to pay attention and follow.

Tips and tools to keep you and your information safe on-line. We will go over a lot of information today, so it is important to pay attention and follow.
Managing the Security and Privacy Risks of Social Media Don Knox, CPP, CITRMS Global Security and Risk Analysis Manager Caterpillar (309) 494 1523

Managing the Security and Privacy Risks of Social Media Don Knox, CPP, CITRMS Global Security and Risk Analysis Manager Caterpillar (309)
Internet Safety Gleneagles Computer Club February 16, 2015 by Deborah Benson.

Internet Safety Gleneagles Computer Club February 16, 2015 by Deborah Benson.
Social media threats. Warning! May contain mild peril.

Social media threats. Warning! May contain mild peril.
Staying Safe How to Identify and Avoid Bad Things.

Staying Safe How to Identify and Avoid Bad Things.
Staying Safe in Cyberspace. What do YOU do online? Send and receive e-mail Send and receive e-mail Shop Shop Research Research Instant messaging/chat.

Staying Safe in Cyberspace. What do YOU do online? Send and receive Send and receive Shop Shop Research Research Instant messaging/chat.
Security Awareness: Security Tips for Protecting Ourselves Online Friday, May 20, 2011 Brian Allen, CISSP Network Security Analyst.

Security Awareness: Security Tips for Protecting Ourselves Online Friday, May 20, 2011 Brian Allen, CISSP Network Security Analyst.
What do I need to know?.  E-mail  Instant Messages  Social Networking.

What do I need to know?.   Instant Messages  Social Networking.
October is National Cyber Security Month OIT and IT providers are launching an awareness campaign to provide tips and resources to help you stay safe online.

October is National Cyber Security Month OIT and IT providers are launching an awareness campaign to provide tips and resources to help you stay safe online.
The Most Dangerous Places on The Web (according to PC World)

The Most Dangerous Places on The Web (according to PC World)
Basics: Getting Started Uploading and Sharing Videos on YouTube. Basics: Getting Started Uploading and Sharing Videos on YouTube. 1.

Basics: Getting Started Uploading and Sharing Videos on YouTube. Basics: Getting Started Uploading and Sharing Videos on YouTube. 1.
Teach a man (person) to Phish Recognizing email scams, spams and other personal security attacks July 17 th, 2013 High Tea at IT, Summer, 2013.

Teach a man (person) to Phish Recognizing scams, spams and other personal security attacks July 17 th, 2013 High Tea at IT, Summer, 2013.
Quiz Review.

Quiz Review.
Security Liaisons Information Presentation. Introduction  What’s the big deal with computer security? Don’t we have an IT security department to take.

Security Liaisons Information Presentation. Introduction  What’s the big deal with computer security? Don’t we have an IT security department to take.
Internet safety By Lydia Snowden.

Internet safety By Lydia Snowden.
Contents  Viruses Viruses  Computer Worms Computer Worms  Trojans Trojans  Spyware Spyware  Adware Adware  Spam Spam  Hoaxes and Scams Hoaxes and.

Contents  Viruses Viruses  Computer Worms Computer Worms  Trojans Trojans  Spyware Spyware  Adware Adware  Spam Spam  Hoaxes and Scams Hoaxes and.
First Community Bank www.fcbnm.com Prevx Safe Online Rollout & Best Practice Presentation.

First Community Bank Prevx Safe Online Rollout & Best Practice Presentation.

Similar presentations

Ads by Google