Presentation is loading. Please wait.

Presentation is loading. Please wait.

Social Networking: Risks and realities Nick Barron

Published byCleopatra Bradley Modified over 8 years ago

Similar presentations

Presentation on theme: "Social Networking: Risks and realities Nick Barron"— Presentation transcript:

1 Social Networking: Risks and realities Nick Barron nick.barron@pennantplc.co.uk

2 2 Who am I? Day job –Employed by Pennant Plc www.pennantplc.co.uk –Head of Group IT, Security controller, software developer Meanwhile... –Freelance security consultant/researcher –SC magazine columnist –IT advisor to DISA Disclaimers –Views expressed are my own, not those of my employer –Don’t try this at work without consent –Check legal aspects

3 3 What am I talking about? What information can be obtained from online social networks? How can it be (ab)used? What can you do to address the risks Focus on corporate liabilities/risks Mainly about risks of online social networks, but many apply equally to old fashioned ones too!

4 4 The usual suspects

5 5 Not just for kids Source: http://www.penn-olson.com/2010/02/19/the-social-media-age-distribution-stats/ Used with permission

6 6 How data leaks: users Oversharing Short-temper syndrome Underestimated automation Did you post it online? Probably not private Possibly private

7 7 How data leaks: hacks

8 8 How data leaks: loose lips

9 9 http://www.weknowwhatyouredoing.com

10 10 How data leaks: apps

11 11 How data leaks: location

12 12 Facebook never forgets!

13 13 Feature creep

14 14 Risks are real… http://news.bbc.co.uk/1/hi/8134807.stm

15 15 Risks are real… (2) https://www.zdnet.com/blog/facebook/chinese-spies-used-fake-facebook-profile-to-friend-nato-officials/10389

16 16 Risks are real (3)

17 17 Risks are real (4)

18 18 Risks are real (5) “All Your Contacts Are Belong to Us” WWW2009 http://www2009.eprints.org/56/ Automatically create fake profiles and request friends Create profiles on other sites

19 19 Risks are real (6) http://thecaucus.blogs.nytimes.com/2009/02/09/in-iraq-to-twitter-or-not-to-twitter/

20 20 Who cares?

21 21 Using the data (1)

22 22 Using the data (2) Online Privacy Foundation’s “Big 5” experiment https://www.onlineprivacyfoundation.org/?p=329 –Establish Myers-Briggs characteristics –Linguistic and post statistics analysis –Statistically significant link between FB habits and personality test results (but…) –Twitter: are you a psychopath?! “Augmenting password recovery…” http://www.dfrws.org/2011/proceedings/08-340.pdf –Use online profiles to help guess passwords –Early days but other research ongoing –What about those password reset questions…?

23 23 Using the data (3) Facebook analysis to determine Nigerian scammers http://preview.tinyurl.com/specops-paper (PDF) http://preview.tinyurl.com/specops-vid (video)

24 24 Sanity check Your employees will use Facebook etc –Even if blocked at work –Use takes place outside corporate network perimeter Social network users are not customers, they are product It is not in social network vendors’ commercial interests to make your privacy a priority –Long record of truly awful security –Commercialisation is an incentive for more intrusion

25 25 Defences

26 26 Guidance http://www.cpni.gov.uk/documents/publications/2010/2010032-gpg_online_social_networking.pdf http://preview.tinyurl.com/gpg27

27 27 Guidance (2) http://preview.tinyurl.com/sophossmt

28 28 Countermeasures Education, education, educations –Most users don’t actually want to breach privacy –Usually unaware of how much is available –Better privacy awareness increases personal security as well as business security Used with kind permission of Scott Hampson, www.agent-x.com.au

29 29 Countermeasures (2) Snoop yourself (Google, NodeXL, Maltego etc) Check exposure of key staff Include social networks in scope for penetration tests (but check with ethics/legal departments)

30 30 Countermeasures (3) Blur data where possible –Your friends will already know most of the useful info –Minimise what goes into profile –Seed a few bogus “facts” –Turn off location features –Check password reset policies But…. –Not having DOB no help when people say “Happy Birthday” on your Facebook wall! –May be breach of terms of service to lie

31 31 Countermeasures (4) Weed old accounts –FriendsReunited, MySpace etc Compartmentation where possible –Facebook for home stuff –LinkedIn for business –Flickr for pictures Email –Avoid the use of corporate mail addresses for social networking sites –High value targets should consider use different email addresses

32 32 Countermeasures (5) “Placeholder” profiles on unused systems Look at ‘privacy’ settings –KISS, don’t have too many options –Assume privacy controls will fail, and consider impact –If in doubt, don’t post Used with kind permission of Scott Hampson, www.agent-x.com.au

33 33 Summary Online social networks are not going away any time soon There are real benefits to their use for many staff OSN vendors cannot be trusted to implement strong security Education and defensive monitoring are the best protections The risks apply to non-electronic social networks as well!

34 34 Links… www.44con.com (Sept 2012, lots of business level info too) www.agent-x.com.au for great cartoons! www.securityg33k.com www.facecrooks.com www.onlineprivacyfoundation.org harmonyguy.com www.social-engineer.org nodexl.codeplex.com (free Excel plugin for social network analysis) www.paterva.com (industry standard tool for network analysis)

35 35 Questions?

Download ppt "Social Networking: Risks and realities Nick Barron"

Similar presentations

E - safety How e-safe are you?.

E - safety How e-safe are you?.
Tips and tools to keep you and your information safe on-line. We will go over a lot of information today, so it is important to pay attention and follow.

Tips and tools to keep you and your information safe on-line. We will go over a lot of information today, so it is important to pay attention and follow.
Tiffany Phillips CIS 1055-004 What is a Social Networking Website? Social networking websites function like an online community of internet users. Depending.

Tiffany Phillips CIS What is a Social Networking Website? Social networking websites function like an online community of internet users. Depending.
Developed by Technology Services 1:1 Laptop Initiative

Developed by Technology Services 1:1 Laptop Initiative
Don’t be bullied, or be a bully.

Don’t be bullied, or be a bully.
Protecting children online  How can you protect your child online?  Are you aware of the dangers?  Do you know what you can put in place to protect.

Protecting children online  How can you protect your child online?  Are you aware of the dangers?  Do you know what you can put in place to protect.
Tips and tools to keep you and your information safe on-line. We will go over a lot of information today, so it is important to pay attention and follow.

Tips and tools to keep you and your information safe on-line. We will go over a lot of information today, so it is important to pay attention and follow.
Social Networking Brian Oswald

Social Networking Brian Oswald
STOP. THINK. CONNECT. Online Safety Quiz. Round 1: Safety and Security.

STOP. THINK. CONNECT. Online Safety Quiz. Round 1: Safety and Security.
Internet Safety James Fuller Internet Rules To Remember When asked by friends or strangers, online or offline, never share Account IDs and Passwords.

Internet Safety James Fuller Internet Rules To Remember When asked by friends or strangers, online or offline, never share Account IDs and Passwords.
SECURITY AND SOCIAL ENGINEERING US Department of Commerce Office of Security Updated 09/26/11 Security is Everyone's Responsibility – See Something, Say.

SECURITY AND SOCIAL ENGINEERING US Department of Commerce Office of Security Updated 09/26/11 Security is Everyone's Responsibility – See Something, Say.
How to keep your kids safe online

How to keep your kids safe online
Lecture 16 Secure Social Networking. Overview What is Social Networking? The Good, the Bad and the Ugly How to protect yourself How to protect your children.

Lecture 16 Secure Social Networking. Overview What is Social Networking? The Good, the Bad and the Ugly How to protect yourself How to protect your children.
Social Networking and YOU A presentation for the SDC Carey Larson Michael Moss.

Social Networking and YOU A presentation for the SDC Carey Larson Michael Moss.
Kurt DeMaagd Michigan State University

Kurt DeMaagd Michigan State University
How To Protect Your Privacy and Avoid Identity Theft Online.

How To Protect Your Privacy and Avoid Identity Theft Online.
MANAGING YOUR ONLINE PROFILE WHAT DOES THIS MEAN AND WHY SHOULD YOU CARE? Sarah Morris UT Libraries.

MANAGING YOUR ONLINE PROFILE WHAT DOES THIS MEAN AND WHY SHOULD YOU CARE? Sarah Morris UT Libraries.
Security Liaisons Information Presentation. Introduction  What’s the big deal with computer security? Don’t we have an IT security department to take.

Security Liaisons Information Presentation. Introduction  What’s the big deal with computer security? Don’t we have an IT security department to take.
10 Privacy Settings Every Facebook User Should Know.

10 Privacy Settings Every Facebook User Should Know.
Safety In CyberSpace. ‘Report Abuse’ in action Look for this link on websites Microsoft have made a real commitment Approx £30,000 per month revenue.

Safety In CyberSpace. ‘Report Abuse’ in action Look for this link on websites Microsoft have made a real commitment Approx £30,000 per month revenue.

Similar presentations

Ads by Google