Add to collection(s) Add to saved
  1. Arts & Humanities
  2. Communications

Facebook Security and Privacy Issues

advertisement 
Facebook Security and Privacy
Issues
Brian Allen
Network Security Analyst
Washington University
December 2, 2010
Alumni House
Today’s Discussion Items
• Social Networking Security and Privacy:
– Facebook photo settings
– Phishing examples
• Facebook and Computer Tips
• Ursa Bear Observations
• Highlighted Facebook Malware:
– Koobface
Twitter Phish 1 of 2
Twitter Phish 2 of 2
Facebook Options
• Facebook User
• Facebook Page
• Facebook Group
– Open: All content is public.
– Closed: Limited public content. Members can see
all content.
– Secret: Members and content are private.
Facebook Group Problems
1. Members can add friends. No confirmation is
required by the person being added.
– One of your “friends” could add you to the new,
closed “Al-Qaeda lovers” group.
2. When Facebook group administrators step
down, anyone else can take over.
– For small groups, administrators can edit a group
name or info, moderate discussion, and message
group members.
Social Network Policy
• http://isc.sans.edu/diary.html?storyid=9733
• http://isc.sans.edu/diary.html?storyid=9826
Link Security Tips
• Use caution when clicking a link or opening an
attachment, even if sent or posted by a friend.
• If you have any doubt, get confirmation directly
from the sender.
• Be wary of messages that include attractive offers
or urgent requests.
• Watch out for links that require you to
immediately provide a login and password.
• Type the URL (for example, www.facebook.com)
directly into your browser address bar.
Browser Security Tips
• Use Firefox as your regular browser and have
it automatically update itself.
• Firefox 3+ has Phishing and Malware
Protection on by default to help keep you safe.
• Use the Add Block Plus Firefox Addon.
• Use the NoScript Firefox Addon (for diehard
users only)
Four OS Security Tips
• Make sure the operating system has:
– Update automatically
– Up-to-date Anti-virus/Anti-spyware
– Firewall turned on
– All accounts have strong passwords
Facebook Security
• Facebook provides easy tools to help you:
– Keep track of your activity
– Keep track of your logins
– Control the information you share
– Prove your identity if you ever lose access to your
account
Facebook Security Tips
Facebook Account Security
Facebook Download Info
Ursa Bear 1
Ursa Bear 2
Ursa Bear 3
Ursa Bear 4
Ursa Bear 5
What To Do With A Scam
• If you come across a scam, report it so that it
can be taken down.
• Facebook provides report links next to most
pieces of content, as well as ways to report
spam messages and emails.
• You can also let the Network Security Office
know about it.
Koobface Botnet
• Koobface made an estimated $2m since July 2009
• It makes money by selling scareware (fake antivirus), doing click fraud and other scams.
• Koobface targets Facebook and other sites.
• 400,000+ bots; 20,000+ fake Facebook accounts
• Tricks users to execute malware disguised as
Flash updates needed to view shocking content.
• The malware turns compromised PCs into zombie
drones under the control of hackers.
•
http://www.theregister.co.uk/2010/11/15/koobface_take_down/
Fake Anti-Virus Screen Shot
KoobFace Botnet
• How it works in one example:
• Koobface is a Russian based botnet
• The threat arrives as a Facebook private
message that contains a supposed link to a
youtube video
Don’t Click the LINK!
Koobface Example Continued
• Users who are tricked into clicking the link are
redirected to other pages until they finally end
up at a spoofed YouTube site called YuoTube
Don’t Trust the “Adobe Flash Update”!
How KoobFace works
• It searches for social-networking-related cookies
and connects to these using saved login sessions.
• It then navigates through users’ pages to search
for their friends.
• It phones home to get the actual message that
the worm will then spread to your friends.
• McAfee says it is not unusual to see 10,000
Koobface variants in one month.
•
http://blogs.mcafee.com/mcafee-labs/malware-at-midyear-a-summary
• TrendLabs considers Zeus and Koobface to be the
most prolific malware families
•
http://us.trendmicro.com/imperia/md/content/us/trendwatch/researchandanalysis/tm101hthreat_report.pdf
Koobface Targets MacOSX
• A new version of Koobface attacks Mac OSX
spreads through Facebook.
• Security company Intego says this version uses
a malicious Java applet to attack users.
•
http://krebsonsecurity.com/2010/10/koobface-worm-targets-java-on-mac-os-x/
Facebook Survey Scam
• A message is posted with an enticing link.
• It appears to be posted by one of your friends.
Facebook Survey Scam
• Clicking the link takes you to a page which
makes you "Like" the page before showing you
the “SICK hidden message" from Toy Story 3.
Facebook Survey Scam
• The goal for this scam is to direct users to an
online survey.
• The survey is required if you want to view the
Toy Story 3 content.
• The scammers make money for the traffic they
bring to the survey, and the survey-makers will
benefit from collecting your data.
Related documents
Presentation Facebook trials and tribulations Social networking sites
Presentation Facebook trials and tribulations Social networking sites
Facebook-Cover-Image-Template
Facebook-Cover-Image-Template
Facebook Connect Presentation PPT
Facebook Connect Presentation PPT
教學檔案連結一
教學檔案連結一
Final project PowerPoint
Final project PowerPoint
What Facebook and Twitter mean for news
What Facebook and Twitter mean for news
This project was made with MS Powerpoint 2010
This project was made with MS Powerpoint 2010
Using Facebook in the Classroom: A Case Study Approach
Using Facebook in the Classroom: A Case Study Approach
The Harms of Facebook
The Harms of Facebook
Download
advertisement