SlideShare una empresa de Scribd logo

Social Networks - The Good and the Bad

Xavier Mertens
Xavier Mertens

This presentation gives an overview of how social networks are used in companies and what are the risks associated with them. Some actions points are proposed to mitigate those risks.

TecnologíaEmpresariales
1 de 40
Social Networks The Good and The Bad Beltug Security SIG 2012 - Xavier Mertens
$ whoami • Xavier Mertens (@xme) • Security Consultant • CISSP, CISA, CeH • Security Blogger • Volunteer for security projects:
$ cat disclaimer.txt “The opinions expressed in this presentation are those of the speaker and do not reflect those of past, present or future employers, partners or customers”
Agenda • Definitions & Common Usages • Nightmare Stories • Risks • Actions!
Definition & Common Usages
Some Facts • Technology changed the way people communicate • “Usage of social networks by the Fortune 500 companies has seen an explosive growth in 2010 with 83% of the companies using at least one of the social media sites” • The usage of blogs has also increased by 50% (corporate blogs) • Around 34% have developed policies to govern blogging by their employees (Source: socialtimes.com)
Nothing New! (Source: idfive.com)
Do You Know Them?
In Belgium? (Source: google.com/addplanner)
Definition? “Social network sites are defined as web- based services that allow individuals or organizations to construct a public or semi- public profile within a bounded system, articulate a list of other users with whom they share a connection, and view and traverse their list of connections and those made by others within the system. ”
Common Usages • Communication about company & brands (marketing) • Live support • Technology & competition follow-up • Human Resources
Marketing • Social Networks give a sense of “dynamic” company • Direct Reach / Close to customers. • Extended circle of contacts at low costs • Personal touch
Live Support • Close contact with customers • Low Costs • Give a sense of “Real time”
Follow Up • What are doing my competitors? • What’s new in my field of activity? • Almost real-time news trending
Human Resources • “Hire” & “Fire” • Online recruiting • Employees screening
And you as individual? • Split your personal and professional activities • Use a disclaimer: “My Tweets reflect my personal opinion”
Nightmare Stories
Barbara Streisand The “Streisand Effect” is a primarily online phenomenon in which an attempt to hide or remove a piece of information has the unintended consequence of publicizing the information more widely.
The Belgian Jeweler In 2009, a Belgian Jeweler made a buzz with Belgian Twitter users with a complete misunderstanding of the social networks impacts.
Domino’s Pizza A Domino’s Pizza employee inserted nasal mucus on pizza’s. He was fired but video was posted on Youtube. 250.000+ views!
Koobface • Multi-platform worm that targeted Facebook users • First reported in 2009 • Botnet, DNS filter, Proxy feature
Risks
Malware & Viruses • Corporate devices used to access Social Networks • They are based on Web technologies. All known attacks are usable (see the OWASP Top-10) • URL shorteners / QRcodes (“click”- generation)
Wasted Resources • In big companies, usage of Social Network can waste a lot of bandwidth! Example: Facebook on a network of 10000+ users: 200GB/day • Waste of time by employees • Peak of wasted resources during popular events
“Users” • Users remain the weakest link • Facebook password same as Active Directory password? • Attackers use breaking news • How many “friends” are really friends?
Mobiles & Apps • People use mobile devices to access Social Networks • Suspicious browser extensions or 3rd party apps
Data Leak • People might post confidential information • Intentional or not! • Data Extrusion • Bypass regular communication channels (Skype)
Fake Accounts • Typo-squatting • Cyber-squatting
Social Engineering • All information to conduct a social engineering attack is already online • Google is your best friend • Tools like Maltego are gold mines
Degraded Brand Image • It takes years to build a brand image • It takes minutes to kill it!
Data Resilience • Once posted, it’s indexed! • Are removed data really deleted?
Reputation & Legal Liability • Disgruntled employees • “My boss is a bastard!” • “I’m pissed off by this f*cking job...” • Employers could be held responsible for failing to protect employees from accessing “sensitive” material.
Actions!
Official Support • Information can’t be published by employee self-initiative • Social Media must be defined as a regular communication channel with rules & guidelines
Monitor Your Brand • Even if not used immediately, register your account (if not too late!) • Google Alerts • Commercial services (buzzcapture.com) • Monitoring tools
Local Policies • No Social Networks access from business critical environments. • Restrict Social Networks access (“read-only”). • Modern firewalls may filter based on domains
Remote Policies • Read carefully the Social Networks policies • Follow updates & fix your profiles (Ex: LinkedIn can use your profile picture) • Similarities with cloud services
Security Awareness • Add Social Networks to your existing security awareness program. • “What employers and employees need to know.”
pastebin.com • pastebin.com is a website where people can anonymously post “pasties” (data) • Track monitoring about your company (Example: IP’s, domain names)
Thank You! Q&A? http://blog.rootshell.be http://twitter.com/xme

Recomendados

Social Media
Social MediaSocial Media
Social Medianekka casinto
 
Social networking boon or a bane
Social networking boon or a baneSocial networking boon or a bane
Social networking boon or a baneAbhishek Sharma
 
Social Media and Inclusion
Social Media and InclusionSocial Media and Inclusion
Social Media and InclusionJason Scott
 
Social media
Social mediaSocial media
Social mediaAmina Moussa
 
social media and it's impact to the society
social media and it's impact to the societysocial media and it's impact to the society
social media and it's impact to the societyMadushan Sandaruwan
 
social media
social mediasocial media
social mediaAkhil Kumar
 
Social networking ... Boon or a Bane
Social networking ... Boon or a Bane Social networking ... Boon or a Bane
Social networking ... Boon or a Bane Nivesh Yadav
 
LinkedIn 101: LinkedIn in 10 Minutes or Less
LinkedIn 101: LinkedIn in 10 Minutes or LessLinkedIn 101: LinkedIn in 10 Minutes or Less
LinkedIn 101: LinkedIn in 10 Minutes or LessLinkedIn Higher Education
 

Recomendados

Social Media
Social MediaSocial Media
Social Medianekka casinto
 
Social networking boon or a bane
Social networking boon or a baneSocial networking boon or a bane
Social networking boon or a baneAbhishek Sharma
 
Social Media and Inclusion
Social Media and InclusionSocial Media and Inclusion
Social Media and InclusionJason Scott
 
Social media
Social mediaSocial media
Social mediaAmina Moussa
 
social media and it's impact to the society
social media and it's impact to the societysocial media and it's impact to the society
social media and it's impact to the societyMadushan Sandaruwan
 
social media
social mediasocial media
social mediaAkhil Kumar
 
Social networking ... Boon or a Bane
Social networking ... Boon or a Bane Social networking ... Boon or a Bane
Social networking ... Boon or a Bane Nivesh Yadav
 
LinkedIn 101: LinkedIn in 10 Minutes or Less
LinkedIn 101: LinkedIn in 10 Minutes or LessLinkedIn 101: LinkedIn in 10 Minutes or Less
LinkedIn 101: LinkedIn in 10 Minutes or LessLinkedIn Higher Education
 
Social media and the future of social networking
Social media and the future of social networkingSocial media and the future of social networking
Social media and the future of social networkingRussetanSc
 
Social Media & it's Impact in Today's World
Social Media & it's Impact in Today's WorldSocial Media & it's Impact in Today's World
Social Media & it's Impact in Today's WorldStephen Mokiwa
 
Social Media
Social MediaSocial Media
Social Mediasantosh sahani
 
facebook power point presentation ppt 2017
facebook power point presentation ppt 2017 facebook power point presentation ppt 2017
facebook power point presentation ppt 2017 Phanindra Mannepalli
 
Linkedin Training Basic
Linkedin Training BasicLinkedin Training Basic
Linkedin Training BasicJames Pendergrass
 
Brief history of social media
Brief history of social mediaBrief history of social media
Brief history of social mediaKent State University
 
SOCIAL NETWORK - BOON OR BANE?
SOCIAL NETWORK - BOON OR BANE?SOCIAL NETWORK - BOON OR BANE?
SOCIAL NETWORK - BOON OR BANE?Sudip Ghose
 
Social Media
Social MediaSocial Media
Social MediaRachel Smith
 
Social networks: Advantages and disadvantages
Social networks: Advantages and disadvantagesSocial networks: Advantages and disadvantages
Social networks: Advantages and disadvantagesntechproject
 
Social media
Social media Social media
Social media HazZ-DhRilz Almazon
 
Social Media Awareness for Students
Social Media Awareness for StudentsSocial Media Awareness for Students
Social Media Awareness for StudentsTom Matys
 
Social media
Social media Social media
Social media RussellGatdula
 
Social Media Boon or curse?
Social Media Boon or curse?Social Media Boon or curse?
Social Media Boon or curse?Mayur Tank
 
LinkedIn Benefits and Features
LinkedIn Benefits and FeaturesLinkedIn Benefits and Features
LinkedIn Benefits and FeaturesMaryam Golabgir
 
How to Use Social Media to Influence the World
How to Use Social Media to Influence the WorldHow to Use Social Media to Influence the World
How to Use Social Media to Influence the WorldSean Si
 
LinkedIn features guide
LinkedIn features guideLinkedIn features guide
LinkedIn features guideomlogic11
 
The Power of LinkedIn: Building Your Profile & Leveraging Connections
The Power of LinkedIn: Building Your Profile & Leveraging ConnectionsThe Power of LinkedIn: Building Your Profile & Leveraging Connections
The Power of LinkedIn: Building Your Profile & Leveraging ConnectionsGary Wood
 
Social media
Social mediaSocial media
Social mediaEeshan Mishra
 
Effects of social media on Youth
Effects of social media on YouthEffects of social media on Youth
Effects of social media on YouthSubham Dwivedi
 
Social Media
Social MediaSocial Media
Social MediaDarshit
 
Lost in Cultural Translation
Lost in Cultural TranslationLost in Cultural Translation
Lost in Cultural TranslationVanessa Vela
 
The Business of Social Media
The Business of Social Media The Business of Social Media
The Business of Social Media Dave Kerpen
 

Más contenido relacionado

La actualidad más candente

Social media and the future of social networking
Social media and the future of social networkingSocial media and the future of social networking
Social media and the future of social networkingRussetanSc
 
Social Media & it's Impact in Today's World
Social Media & it's Impact in Today's WorldSocial Media & it's Impact in Today's World
Social Media & it's Impact in Today's WorldStephen Mokiwa
 
facebook power point presentation ppt 2017
facebook power point presentation ppt 2017 facebook power point presentation ppt 2017
facebook power point presentation ppt 2017 Phanindra Mannepalli
 
SOCIAL NETWORK - BOON OR BANE?
SOCIAL NETWORK - BOON OR BANE?SOCIAL NETWORK - BOON OR BANE?
SOCIAL NETWORK - BOON OR BANE?Sudip Ghose
 
Social networks: Advantages and disadvantages
Social networks: Advantages and disadvantagesSocial networks: Advantages and disadvantages
Social networks: Advantages and disadvantagesntechproject
 
Social Media Awareness for Students
Social Media Awareness for StudentsSocial Media Awareness for Students
Social Media Awareness for StudentsTom Matys
 
Social Media Boon or curse?
Social Media Boon or curse?Social Media Boon or curse?
Social Media Boon or curse?Mayur Tank
 
LinkedIn Benefits and Features
LinkedIn Benefits and FeaturesLinkedIn Benefits and Features
LinkedIn Benefits and FeaturesMaryam Golabgir
 
How to Use Social Media to Influence the World
How to Use Social Media to Influence the WorldHow to Use Social Media to Influence the World
How to Use Social Media to Influence the WorldSean Si
 
LinkedIn features guide
LinkedIn features guideLinkedIn features guide
LinkedIn features guideomlogic11
 
The Power of LinkedIn: Building Your Profile & Leveraging Connections
The Power of LinkedIn: Building Your Profile & Leveraging ConnectionsThe Power of LinkedIn: Building Your Profile & Leveraging Connections
The Power of LinkedIn: Building Your Profile & Leveraging ConnectionsGary Wood
 
Effects of social media on Youth
Effects of social media on YouthEffects of social media on Youth
Effects of social media on YouthSubham Dwivedi
 
Social Media
Social MediaSocial Media
Social MediaDarshit
 

La actualidad más candente (20)

Social media and the future of social networking
Social media and the future of social networkingSocial media and the future of social networking
Social media and the future of social networking
 
Social Media & it's Impact in Today's World
Social Media & it's Impact in Today's WorldSocial Media & it's Impact in Today's World
Social Media & it's Impact in Today's World
 
Social Media
Social MediaSocial Media
Social Media
 
facebook power point presentation ppt 2017
facebook power point presentation ppt 2017 facebook power point presentation ppt 2017
facebook power point presentation ppt 2017
 
Linkedin Training Basic
Linkedin Training BasicLinkedin Training Basic
Linkedin Training Basic
 
Brief history of social media
Brief history of social mediaBrief history of social media
Brief history of social media
 
SOCIAL NETWORK - BOON OR BANE?
SOCIAL NETWORK - BOON OR BANE?SOCIAL NETWORK - BOON OR BANE?
SOCIAL NETWORK - BOON OR BANE?
 
Social Media
Social MediaSocial Media
Social Media
 
Social networks: Advantages and disadvantages
Social networks: Advantages and disadvantagesSocial networks: Advantages and disadvantages
Social networks: Advantages and disadvantages
 
Social media
Social media Social media
Social media
 
Social Media Awareness for Students
Social Media Awareness for StudentsSocial Media Awareness for Students
Social Media Awareness for Students
 
Social media
Social media Social media
Social media
 
Social Media Boon or curse?
Social Media Boon or curse?Social Media Boon or curse?
Social Media Boon or curse?
 
LinkedIn Benefits and Features
LinkedIn Benefits and FeaturesLinkedIn Benefits and Features
LinkedIn Benefits and Features
 
How to Use Social Media to Influence the World
How to Use Social Media to Influence the WorldHow to Use Social Media to Influence the World
How to Use Social Media to Influence the World
 
LinkedIn features guide
LinkedIn features guideLinkedIn features guide
LinkedIn features guide
 
The Power of LinkedIn: Building Your Profile & Leveraging Connections
The Power of LinkedIn: Building Your Profile & Leveraging ConnectionsThe Power of LinkedIn: Building Your Profile & Leveraging Connections
The Power of LinkedIn: Building Your Profile & Leveraging Connections
 
Social media
Social mediaSocial media
Social media
 
Effects of social media on Youth
Effects of social media on YouthEffects of social media on Youth
Effects of social media on Youth
 
Social Media
Social MediaSocial Media
Social Media
 

Destacado

Lost in Cultural Translation
Lost in Cultural TranslationLost in Cultural Translation
Lost in Cultural TranslationVanessa Vela
 
The Business of Social Media
The Business of Social Media The Business of Social Media
The Business of Social Media Dave Kerpen
 
10 Steps of Project Management in Digital Agencies
10 Steps of Project Management in Digital Agencies 10 Steps of Project Management in Digital Agencies
10 Steps of Project Management in Digital Agencies Alemsah Ozturk
 
The hottest analysis tools for startups
The hottest analysis tools for startupsThe hottest analysis tools for startups
The hottest analysis tools for startupsLiane Siebenhaar
 
All About Beer
All About Beer All About Beer
All About Beer Ethos3
 

Destacado (7)

Lost in Cultural Translation
Lost in Cultural TranslationLost in Cultural Translation
Lost in Cultural Translation
 
The Business of Social Media
The Business of Social Media The Business of Social Media
The Business of Social Media
 
Flyer
FlyerFlyer
Flyer
 
10 Steps of Project Management in Digital Agencies
10 Steps of Project Management in Digital Agencies 10 Steps of Project Management in Digital Agencies
10 Steps of Project Management in Digital Agencies
 
The hottest analysis tools for startups
The hottest analysis tools for startupsThe hottest analysis tools for startups
The hottest analysis tools for startups
 
All About Beer
All About Beer All About Beer
All About Beer
 
Displaying Data
Displaying DataDisplaying Data
Displaying Data
 

Similar a Social Networks - The Good and the Bad

Skillteam workshop social media final v1.0 05.10.2011
Skillteam workshop social media final v1.0 05.10.2011Skillteam workshop social media final v1.0 05.10.2011
Skillteam workshop social media final v1.0 05.10.2011Fishtank
 
Social Media for Internal Company Communications by @JoeyShepp
Social Media for Internal Company Communications by @JoeySheppSocial Media for Internal Company Communications by @JoeyShepp
Social Media for Internal Company Communications by @JoeySheppEarthsite
 
Final social media in business is 460
Final social media in business is 460Final social media in business is 460
Final social media in business is 460msiakpere
 
GovLoop Training Webinar: Social Media Basics Part 2
GovLoop Training Webinar: Social Media Basics Part 2GovLoop Training Webinar: Social Media Basics Part 2
GovLoop Training Webinar: Social Media Basics Part 2GovLoop
 
GovLoop Training Webinar: Social Media Basics Part 2
GovLoop Training Webinar: Social Media Basics Part 2GovLoop Training Webinar: Social Media Basics Part 2
GovLoop Training Webinar: Social Media Basics Part 2GovLoop
 
Social networks and social media analysis in the context of the enterprise
Social networks and social media analysis in the context of the enterpriseSocial networks and social media analysis in the context of the enterprise
Social networks and social media analysis in the context of the enterpriseRamez Al-Fayez
 
Social engineering
Social engineeringSocial engineering
Social engineeringRobert Hood
 
Enterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence GatheringEnterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence GatheringTom Eston
 
Building your online professional profile
Building your online professional profileBuilding your online professional profile
Building your online professional profileLisa Harris
 
Digital mindset for Social HR
Digital mindset for Social HRDigital mindset for Social HR
Digital mindset for Social HRRuchi Bhatia
 
online identity & employability feb 2015
online identity & employability feb 2015online identity & employability feb 2015
online identity & employability feb 2015Lisa Harris
 
Exploring social theory through enterprise social media (muller, ibm research)
Exploring social theory through enterprise social media (muller, ibm research)Exploring social theory through enterprise social media (muller, ibm research)
Exploring social theory through enterprise social media (muller, ibm research)Michael Muller
 
Social Media: Infiltrating The Enterprise
Social Media: Infiltrating The EnterpriseSocial Media: Infiltrating The Enterprise
Social Media: Infiltrating The EnterpriseJay McLaughlin
 
Effective Training and Policy Takes the Fear out of Social Networking - Shawn...
Effective Training and Policy Takes the Fear out of Social Networking - Shawn...Effective Training and Policy Takes the Fear out of Social Networking - Shawn...
Effective Training and Policy Takes the Fear out of Social Networking - Shawn...sdavis532
 
SocialSafe for SMEs/SMBs - V1
SocialSafe for SMEs/SMBs - V1SocialSafe for SMEs/SMBs - V1
SocialSafe for SMEs/SMBs - V1Julian Ranger
 

Similar a Social Networks - The Good and the Bad (20)

Skillteam workshop social media final v1.0 05.10.2011
Skillteam workshop social media final v1.0 05.10.2011Skillteam workshop social media final v1.0 05.10.2011
Skillteam workshop social media final v1.0 05.10.2011
 
Social Media for Internal Company Communications by @JoeyShepp
Social Media for Internal Company Communications by @JoeySheppSocial Media for Internal Company Communications by @JoeyShepp
Social Media for Internal Company Communications by @JoeyShepp
 
Final social media in business is 460
Final social media in business is 460Final social media in business is 460
Final social media in business is 460
 
GovLoop Training Webinar: Social Media Basics Part 2
GovLoop Training Webinar: Social Media Basics Part 2GovLoop Training Webinar: Social Media Basics Part 2
GovLoop Training Webinar: Social Media Basics Part 2
 
GovLoop Training Webinar: Social Media Basics Part 2
GovLoop Training Webinar: Social Media Basics Part 2GovLoop Training Webinar: Social Media Basics Part 2
GovLoop Training Webinar: Social Media Basics Part 2
 
Social networks and social media analysis in the context of the enterprise
Social networks and social media analysis in the context of the enterpriseSocial networks and social media analysis in the context of the enterprise
Social networks and social media analysis in the context of the enterprise
 
Twitter for Business webinar
Twitter for Business webinarTwitter for Business webinar
Twitter for Business webinar
 
Social engineering
Social engineeringSocial engineering
Social engineering
 
Enterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence GatheringEnterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence Gathering
 
Building your online professional profile
Building your online professional profileBuilding your online professional profile
Building your online professional profile
 
Digital mindset for Social HR
Digital mindset for Social HRDigital mindset for Social HR
Digital mindset for Social HR
 
online identity & employability feb 2015
online identity & employability feb 2015online identity & employability feb 2015
online identity & employability feb 2015
 
Why Should Big Law do Social Media
Why Should Big Law do Social MediaWhy Should Big Law do Social Media
Why Should Big Law do Social Media
 
Exploring social theory through enterprise social media (muller, ibm research)
Exploring social theory through enterprise social media (muller, ibm research)Exploring social theory through enterprise social media (muller, ibm research)
Exploring social theory through enterprise social media (muller, ibm research)
 
Social Media: Infiltrating The Enterprise
Social Media: Infiltrating The EnterpriseSocial Media: Infiltrating The Enterprise
Social Media: Infiltrating The Enterprise
 
WSA 031215
WSA 031215WSA 031215
WSA 031215
 
Effective Training and Policy Takes the Fear out of Social Networking - Shawn...
Effective Training and Policy Takes the Fear out of Social Networking - Shawn...Effective Training and Policy Takes the Fear out of Social Networking - Shawn...
Effective Training and Policy Takes the Fear out of Social Networking - Shawn...
 
SocialSafe for SMEs/SMBs - V1
SocialSafe for SMEs/SMBs - V1SocialSafe for SMEs/SMBs - V1
SocialSafe for SMEs/SMBs - V1
 
Intranet 2.0 Webinar Oct 2008
Intranet 2.0 Webinar Oct 2008Intranet 2.0 Webinar Oct 2008
Intranet 2.0 Webinar Oct 2008
 
Top 10 Social Media Management Tools - October 2011
Top 10 Social Media Management Tools - October 2011Top 10 Social Media Management Tools - October 2011
Top 10 Social Media Management Tools - October 2011
 

Más de Xavier Mertens

FPC for the Masses (SANSFire Edition)
FPC for the Masses (SANSFire Edition)FPC for the Masses (SANSFire Edition)
FPC for the Masses (SANSFire Edition)Xavier Mertens
 
FPC for the Masses - CoRIIN 2018
FPC for the Masses - CoRIIN 2018FPC for the Masses - CoRIIN 2018
FPC for the Masses - CoRIIN 2018Xavier Mertens
 
HTTP For the Good or the Bad - FSEC Edition
HTTP For the Good or the Bad - FSEC EditionHTTP For the Good or the Bad - FSEC Edition
HTTP For the Good or the Bad - FSEC EditionXavier Mertens
 
HTTP For the Good or the Bad
HTTP For the Good or the BadHTTP For the Good or the Bad
HTTP For the Good or the BadXavier Mertens
 
Developers are from Mars, Security guys are from Venus
Developers are from Mars, Security guys are from VenusDevelopers are from Mars, Security guys are from Venus
Developers are from Mars, Security guys are from VenusXavier Mertens
 
Building A Poor man’s Fir3Ey3 Mail Scanner
Building A Poor man’s Fir3Ey3 Mail ScannerBuilding A Poor man’s Fir3Ey3 Mail Scanner
Building A Poor man’s Fir3Ey3 Mail ScannerXavier Mertens
 
$HOME Sweet $HOME SANSFIRE Edition
$HOME Sweet $HOME SANSFIRE Edition$HOME Sweet $HOME SANSFIRE Edition
$HOME Sweet $HOME SANSFIRE EditionXavier Mertens
 
Automatic MIME Attachments Triage
Automatic MIME Attachments TriageAutomatic MIME Attachments Triage
Automatic MIME Attachments TriageXavier Mertens
 
$HOME Sweet $HOME Devoxx 2015
$HOME Sweet $HOME Devoxx 2015$HOME Sweet $HOME Devoxx 2015
$HOME Sweet $HOME Devoxx 2015Xavier Mertens
 
Malware Analysis Using Free Software
Malware Analysis Using Free SoftwareMalware Analysis Using Free Software
Malware Analysis Using Free SoftwareXavier Mertens
 
Because we are just humans
Because we are just humansBecause we are just humans
Because we are just humansXavier Mertens
 
You have a SIEM! And now?
You have a SIEM! And now?You have a SIEM! And now?
You have a SIEM! And now?Xavier Mertens
 
What are-you-investigate-today? (version 2.0)
What are-you-investigate-today? (version 2.0)What are-you-investigate-today? (version 2.0)
What are-you-investigate-today? (version 2.0)Xavier Mertens
 
The BruCO"NSA" Network
The BruCO"NSA" NetworkThe BruCO"NSA" Network
The BruCO"NSA" NetworkXavier Mertens
 
What Will You Investigate Today?
What Will You Investigate Today?What Will You Investigate Today?
What Will You Investigate Today?Xavier Mertens
 
Unity Makes Strength SOURCE Dublin 2013
Unity Makes Strength SOURCE Dublin 2013Unity Makes Strength SOURCE Dublin 2013
Unity Makes Strength SOURCE Dublin 2013Xavier Mertens
 

Más de Xavier Mertens (20)

FPC for the Masses (SANSFire Edition)
FPC for the Masses (SANSFire Edition)FPC for the Masses (SANSFire Edition)
FPC for the Masses (SANSFire Edition)
 
FPC for the Masses - CoRIIN 2018
FPC for the Masses - CoRIIN 2018FPC for the Masses - CoRIIN 2018
FPC for the Masses - CoRIIN 2018
 
HTTP For the Good or the Bad - FSEC Edition
HTTP For the Good or the Bad - FSEC EditionHTTP For the Good or the Bad - FSEC Edition
HTTP For the Good or the Bad - FSEC Edition
 
Unity Makes Strength
Unity Makes StrengthUnity Makes Strength
Unity Makes Strength
 
HTTP For the Good or the Bad
HTTP For the Good or the BadHTTP For the Good or the Bad
HTTP For the Good or the Bad
 
Developers are from Mars, Security guys are from Venus
Developers are from Mars, Security guys are from VenusDevelopers are from Mars, Security guys are from Venus
Developers are from Mars, Security guys are from Venus
 
Building A Poor man’s Fir3Ey3 Mail Scanner
Building A Poor man’s Fir3Ey3 Mail ScannerBuilding A Poor man’s Fir3Ey3 Mail Scanner
Building A Poor man’s Fir3Ey3 Mail Scanner
 
$HOME Sweet $HOME SANSFIRE Edition
$HOME Sweet $HOME SANSFIRE Edition$HOME Sweet $HOME SANSFIRE Edition
$HOME Sweet $HOME SANSFIRE Edition
 
Automatic MIME Attachments Triage
Automatic MIME Attachments TriageAutomatic MIME Attachments Triage
Automatic MIME Attachments Triage
 
$HOME Sweet $HOME Devoxx 2015
$HOME Sweet $HOME Devoxx 2015$HOME Sweet $HOME Devoxx 2015
$HOME Sweet $HOME Devoxx 2015
 
$HOME Sweet $HOME
$HOME Sweet $HOME$HOME Sweet $HOME
$HOME Sweet $HOME
 
Secure Web Coding
Secure Web CodingSecure Web Coding
Secure Web Coding
 
Malware Analysis Using Free Software
Malware Analysis Using Free SoftwareMalware Analysis Using Free Software
Malware Analysis Using Free Software
 
Because we are just humans
Because we are just humansBecause we are just humans
Because we are just humans
 
You have a SIEM! And now?
You have a SIEM! And now?You have a SIEM! And now?
You have a SIEM! And now?
 
What are-you-investigate-today? (version 2.0)
What are-you-investigate-today? (version 2.0)What are-you-investigate-today? (version 2.0)
What are-you-investigate-today? (version 2.0)
 
The BruCO"NSA" Network
The BruCO"NSA" NetworkThe BruCO"NSA" Network
The BruCO"NSA" Network
 
What Will You Investigate Today?
What Will You Investigate Today?What Will You Investigate Today?
What Will You Investigate Today?
 
Unity Makes Strength SOURCE Dublin 2013
Unity Makes Strength SOURCE Dublin 2013Unity Makes Strength SOURCE Dublin 2013
Unity Makes Strength SOURCE Dublin 2013
 
Mobile Apps Security
Mobile Apps SecurityMobile Apps Security
Mobile Apps Security
 

Último

Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 

Último (20)

Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 

Social Networks - The Good and the Bad

  • 1. Social Networks The Good and The Bad Beltug Security SIG 2012 - Xavier Mertens
  • 2. $ whoami • Xavier Mertens (@xme) • Security Consultant • CISSP, CISA, CeH • Security Blogger • Volunteer for security projects:
  • 3. $ cat disclaimer.txt “The opinions expressed in this presentation are those of the speaker and do not reflect those of past, present or future employers, partners or customers”
  • 4. Agenda • Definitions & Common Usages • Nightmare Stories • Risks • Actions!
  • 5. Definition & Common Usages
  • 6. Some Facts • Technology changed the way people communicate • “Usage of social networks by the Fortune 500 companies has seen an explosive growth in 2010 with 83% of the companies using at least one of the social media sites” • The usage of blogs has also increased by 50% (corporate blogs) • Around 34% have developed policies to govern blogging by their employees (Source: socialtimes.com)
  • 7. Nothing New! (Source: idfive.com)
  • 8. Do You Know Them?
  • 9. In Belgium? (Source: google.com/addplanner)
  • 10. Definition? “Social network sites are defined as web- based services that allow individuals or organizations to construct a public or semi- public profile within a bounded system, articulate a list of other users with whom they share a connection, and view and traverse their list of connections and those made by others within the system. ”
  • 11. Common Usages • Communication about company & brands (marketing) • Live support • Technology & competition follow-up • Human Resources
  • 12. Marketing • Social Networks give a sense of “dynamic” company • Direct Reach / Close to customers. • Extended circle of contacts at low costs • Personal touch
  • 13. Live Support • Close contact with customers • Low Costs • Give a sense of “Real time”
  • 14. Follow Up • What are doing my competitors? • What’s new in my field of activity? • Almost real-time news trending
  • 15. Human Resources • “Hire” & “Fire” • Online recruiting • Employees screening
  • 16. And you as individual? • Split your personal and professional activities • Use a disclaimer: “My Tweets reflect my personal opinion”
  • 18. Barbara Streisand The “Streisand Effect” is a primarily online phenomenon in which an attempt to hide or remove a piece of information has the unintended consequence of publicizing the information more widely.
  • 19. The Belgian Jeweler In 2009, a Belgian Jeweler made a buzz with Belgian Twitter users with a complete misunderstanding of the social networks impacts.
  • 20. Domino’s Pizza A Domino’s Pizza employee inserted nasal mucus on pizza’s. He was fired but video was posted on Youtube. 250.000+ views!
  • 21. Koobface • Multi-platform worm that targeted Facebook users • First reported in 2009 • Botnet, DNS filter, Proxy feature
  • 22. Risks
  • 23. Malware & Viruses • Corporate devices used to access Social Networks • They are based on Web technologies. All known attacks are usable (see the OWASP Top-10) • URL shorteners / QRcodes (“click”- generation)
  • 24. Wasted Resources • In big companies, usage of Social Network can waste a lot of bandwidth! Example: Facebook on a network of 10000+ users: 200GB/day • Waste of time by employees • Peak of wasted resources during popular events
  • 25. “Users” • Users remain the weakest link • Facebook password same as Active Directory password? • Attackers use breaking news • How many “friends” are really friends?
  • 26. Mobiles & Apps • People use mobile devices to access Social Networks • Suspicious browser extensions or 3rd party apps
  • 27. Data Leak • People might post confidential information • Intentional or not! • Data Extrusion • Bypass regular communication channels (Skype)
  • 29. Social Engineering • All information to conduct a social engineering attack is already online • Google is your best friend • Tools like Maltego are gold mines
  • 30. Degraded Brand Image • It takes years to build a brand image • It takes minutes to kill it!
  • 31. Data Resilience • Once posted, it’s indexed! • Are removed data really deleted?
  • 32. Reputation & Legal Liability • Disgruntled employees • “My boss is a bastard!” • “I’m pissed off by this f*cking job...” • Employers could be held responsible for failing to protect employees from accessing “sensitive” material.
  • 34. Official Support • Information can’t be published by employee self-initiative • Social Media must be defined as a regular communication channel with rules & guidelines
  • 35. Monitor Your Brand • Even if not used immediately, register your account (if not too late!) • Google Alerts • Commercial services (buzzcapture.com) • Monitoring tools
  • 36. Local Policies • No Social Networks access from business critical environments. • Restrict Social Networks access (“read-only”). • Modern firewalls may filter based on domains
  • 37. Remote Policies • Read carefully the Social Networks policies • Follow updates & fix your profiles (Ex: LinkedIn can use your profile picture) • Similarities with cloud services
  • 38. Security Awareness • Add Social Networks to your existing security awareness program. • “What employers and employees need to know.”
  • 39. pastebin.com • pastebin.com is a website where people can anonymously post “pasties” (data) • Track monitoring about your company (Example: IP’s, domain names)
  • 40. Thank You! Q&A? http://blog.rootshell.be http://twitter.com/xme

Notas del editor

  1. \n
  2. \n
  3. \n
  4. \n
  5. \n
  6. \n
  7. \n
  8. \n
  9. \n
  10. \n
  11. \n
  12. \n
  13. \n
  14. \n
  15. \n
  16. \n
  17. \n
  18. \n
  19. \n
  20. \n
  21. \n
  22. \n
  23. \n
  24. \n
  25. \n
  26. \n
  27. \n
  28. \n
  29. \n
  30. \n
  31. \n
  32. \n
  33. \n
  34. \n
  35. \n
  36. \n
  37. \n
  38. \n
  39. \n
  40. \n