Sie sind auf Seite 1von 4

Project Update: Internet Social Networking

Samia Saad
Date:03/21/2016
LITERATURE REVIEW
Once information is posted to a social networking site it is no longer private.
The more information you post, the more vulnerable you may become. Even
when using high security settings, friends or websites may leak your
information. All our information our contacts, where we work, where are we
going, what we like dislikes is out there on social media if we have an
account. There could be anyone viewing our information and use it for
personal advantage.
Since Social Media has been invented, there has been new set of
concerns regarding personal information and privacy. There are many doubt
if their information on social media is protected. There is no set of form filled
or guarantees provided by the social media owners that our information is
protected.
There have been many cases that are reported and which are of major
concern, security stories about Twitter and Facebook have dominated the
headlines in the past 12 months.
One of the high-profile stories is hackers managed to hijack the Twitter accounts
of more than 30 celebrities and organizations, including President Barack
Obama and Britney Spears. Hacked accounts had been used to send malicious
messages, many of them offensive. According to Twitter, the accounts were
hijacked using the company's own internal support tools
SOCIAL MEDIA RISK FOR COMPANIES:
Although it is difficult for any company to accurately predict all the risks
associated with the social media strategy and use the company should at a
minimum, anticipate and plan for the most common risks involved.
Essentially, the risks associated with social media fall into one of the
following four categories:
Damage to brand reputation
Disclosure of proprietary and/or confidential information
Corporate identity theft
Legal, regulatory and compliance violations
(70%) of executives surveyed were concerned about the potential risks
involved in the use of social media, but they believe the risks can be
mitigated or avoided.
The common attacks on social media includes:
1)Baiting: Baiting is like real world Trojan Horse; it entices you to take an
action the criminal desires. It can be in the form of a music or movie
1

Project Update: Internet Social Networking


Samia Saad
Date:03/21/2016
download on a peer-to-peer site, or it can be a USB flash drive, Once the
device is used or downloaded, the person or companys computer is infected
with malicious software allowing the criminal to advance into your system.
2) Click jacking: Click jacked page tricks a user into performing undesired
actions by clicking on a concealed link. On a click jacked page, the attackers
load another page. The users think that they are clicking visible buttons,
while they are actually performing actions on the hidden/invisible page. The
attackers can trick users into performing actions which the users never
intended. There is no way of tracing such actions to the attackers later as the
users would have been genuinely authenticated on the hidden page. Some
examples are:
Tricking users into enables the webcam and microphone through flash
Tricking users into making their social networking profile information
public
Downloading and running a malware (malicious software) allowing to a
remote attacker to take control of others computer
Making users follow someone on Twitter
Sharing or liking links on Facebook
3) Cross-site Scripting (XSS) Attack:
To run malicious JavaScript code in a victims browser, an attacker must first
find a way to inject a payload into a web page that the victim visits. Of
course, an attacker could use social engineering techniques to convince a
user to visit a vulnerable page with an injected JavaScript payload.
There are many more attacks but I am discussing only these.
Social Engineering
Social engineering is a non-technical strategy cyber attackers use that relies
heavily on human interaction and often involves tricking people into breaking
standard security practices. The success of social engineering techniques
depends on attackers ability to manipulate victims into performing certain
actions or providing confidential information.
I have done a lot of literature review to understand the cause of
how and why social media incidents, frauds and loss occur. Few
attacks I have highlighted above but there are several more will be
mentioned in final paper.

MOTIVATION
1) To highlight the threat and vulnerability of future internet.
2) Many companies and personals have been affected by social media
attacks.
2

Project Update: Internet Social Networking


Samia Saad
Date:03/21/2016
3) Purpose of SysSec research in Europe
4) To overcome social media attacks by highlighting the ways used by
SysSec project.
5) The common attacks done in social media, how to overcome it easily.
6) To make people aware of the social media threats
Best practices to reduce social media risks
Assess Develop a social media risk analysis and include IT, HR, legal,
marketing and communications/public relations, along with the executive
team.
Govern Create a social media governance structure with clear roles and
responsibilities. Senior management should direct the use and
administration of social media.
Source Appoint the appropriate professionals to be responsible for social
media, given their knowledge and roles. For example, marketing
professionals for social media, and marketing and audit or compliance
professionals for monitoring and policy adherence.
Monitor Keep an eye regularly on social media comments and postings
across all platforms.
Manage Create a due diligence process for managing third parties,
including third parties who monitor your organizations social media.
Train Make sure you regularly train employees on social media policies.
SysSec: It is Research done in Europe, the SysSec consortium has taken a
stepwise application approach. SysSec is generating a research roadmap
that encompasses the identified threats of future Internet from the projects
yearly achievements.
SysSec proposes to create a Network of Excellence in the field of Systems
Security for Europe to play a leading role in changing the rules of the game.

Current state of work


I have been reading a lot of research papers regarding social
media threats and how to overcome these vulnerabilities in future. I
have done research about SysSec, what is the purpose of SysSec
research done in Europe and I have to learn about the ways they
suggest how system security will be done in future to acquire
network of excellence.

References
1) https://www.sophos.com/en-us/security-news-trends/security-trends/socialnetworking-security-threats/facebook.aspx
3

Project Update: Internet Social Networking


Samia Saad
Date:03/21/2016
2) http://newsroom.fb.com/news/2014/08/news-feed-fyi-click-baiting/
3) http://www.darkreading.com/the-7-best-social-engineering-attacks-ever/d/did/1319411
4) http://www.webroot.com/us/en/home/resources/tips/online-shoppingbanking/secure-what-is-social-engineering
5) http://www.informit.com/articles/article.aspx?p=1350956
6) http://resources.infosecinstitute.com/phishing-and-social-engineeringtechniques/
7) http://www.huffingtonpost.com/debra-carpenter/is-social-media-worththe_b_8032316.html
8) http://www.hacking-tutorial.com/hacking-tutorial/hack-facebook-passwordsocial-engineering/#sthash.luwCi3ws.dpbs
9) http://www.socialfish.org/wp-content/downloads/socialfish-policieswhitepaper.pdf
10)
http://www.sans.org/reading-room/whitepapers/privacy/riskassessment-social-media-33940

Das könnte Ihnen auch gefallen