A research of software vulnerabilities
- 1. Software Insecurity Distribution Through Social Networking by Alireza Aghamohammadi Samir Tout (Ph.D.) Graduate Research Fair March 17, 2010
- 2. Quick preview - Introduction - Background B. Background Social Network A. Background Software Insecurity - Core Topic A. Virus propagation via communication in social networks B. Applications and tools of social networking a device for insecurity
- 3. Quick preview, cntd.. C. Automated social networks bots, crawler, spider, scanners and sniffers - Conclusion
- 4. Introduction - Information Security Challenges A. Complexity while being dynamic B. Multiplicity - Internet Growth A. Share, learn … B. Vulnerabilities and information insecurity (examples ?) C. Data mining increase
- 5. Introduction, cntd.. According to Solomon Eyal Shimony and Natalia Vanetik, (2008, p. 1441) - Social Network Analysis and Social Networking increase.
- 6. Introduction , cntd.. - Researchers use of social network analysis and Data Mining studies. - Many risks associated with social networking. - let’s examine how software insecurity can be distributed via social networking.
- 7. Background social network 1920 - Kurt Lewin 1960 - Anthropological study of kinship systems 1997 - Medical researchers 2008 - social networking represents a novel approach to the approximate similarity query processing
- 8. Background software insecurity - Personal Computers - Sharing Floppy disks - Early 1970s - Internet - Today ?
- 10. Definitions - Social networking: a network of entities which have properties, actions and (direct or indirect) communication. Entities could be humans, computers or other beings or things. However, in this paper social networking refers to none-physical social networking in most cases.
- 11. Definitions , cntd.. - Software insecurity: this is referred to any system weakness, failure, risk or functionality problems due to poor software quality or malfunction as it pertains to security only. Bot or Robots: are automated programs to do various functionalities including collecting data.
- 12. Definitions , cntd.. - Web crawler: are a form of bot which run on web to search for data or perform other searching tasks on webs sites. -Trojan: it is a software that may appear as something useful on the computer but it actually is a harmful software. -Virus: is a computer program/code that performs harmful activities. Virus will spread unlike Trojans.
- 13. Core topic 1.Virus propagation via communication in social networks - facebook, linkedin, twitter - staying connected and find new friends - risks ? Social network and transmitting software insecurity A: flash drive, CD/DVD B:emails, social network sites, SMS, IM, Posts
- 14. Core topic , cntd.. 1.Virus propagation via communication in social networks A. Lack of virus scan for social networking sites. B. IM, SMS and Images as a medium. applications for social networking sites do not have the functionality to prevent insecurity propagation to other users or encrypt users contact lists and information.
- 15. Core topic , cntd.. 1.Virus propagation via communication in social networks C. Hand held devices and cell phones have applications for social networking ! another method to propagate .
- 16. Core topic , cntd.. 2. Applications and tools of social networking a device for insecurity Type A (does not require local installation ): tools for entertainment, gaming or simply for fun. Examples: - Facebook - Who Has The Biggest Brain? - Orkut -MindJolt Games - Myspace –Mobsters Problem ? application could be a host to infect other computers.
- 17. 2. Applications and tools of social networking a device for insecurity Type B: Collaborations or sharing tools • Google -groups.google.com • Google- google docs • Yahoo-groups.yahoo.com Problem : infected macros or viruses can get propagated via social networking
- 18. 2. Applications and tools of social networking a device for insecurity Type C: The API or tools created by other third parties to allow users to take full advantage of social networking. http://www.digsby.com/ (works with facebook, twitter, myspace) http://www.meebo.com/notifier/ (works with facebook, AIM, MSN, Yahoo) Problem : channels of insecurity distribution.
- 19. 3. Automated social networks bots, crawler, spider, scanners and sniffers - Many bots or robots which automatically can crawl into various social network sites and perform data gathering and even analysis to launch attacks on user’s computer or host . Web crawler/spider demo
- 21. 3. Automated social networks bots, crawler, spider, scanners and sniffers, cntd.. - Collecting data from users profile or gaining access to an individual account will allow hackers to attack and harm computers or systems indirectly. So, how is it going to create software insecurity ?
- 22. 3. Automated social networks bots, crawler, spider, scanners and sniffers , cntd.. • create crawler • launch crawler to collect data • analyze data • attempt to hack users profile • send emails or invitations to other to open a file or visit a website
- 23. Conclusion • Social networking has become a medium of communication for many Internet users. • However, there are many ways which social networking allows for software insecurity distribution.
- 24. Reference Gudes, E., Shimony, S., Member, & Vanetik, N. (2006). Discovering frequent graph patterns using disjoint paths. IEEE Computer Society, 18(11), November 1, 2009. doi:10.1109/TKDE.2006.173
Editor's Notes
- #5: -Information security has been very important to personal, corporate computer users, engineers, Information security experts and researchers for many yearsInformation Security is complex and dynamic because every day at least a new threat is explored by hackers and new viruses are created for various operating systems or software. Furthermore, it is important to recognize security is not just one dimensional and has various aspects and types. For example, just installing anti-virus software will not resolve all security problems. It is critical to address and consider all variety of security risks in order to prevent, detect and manage security vulnerabilities in a comprehensive manner.
- #8: 1920 : according to Helen Northen, Roselle Kurland, “perhaps the best known theoretical approaches to the study of small groups in field theory, is associated with work of Kurt Lewin”-He studied the relationships between individual behaviors as it pertains to space, environments and groups.- In 1960s, the concept of social network analysis improved and things such as roles and positions came as a part of social network analysis concept-. For example, Samuel R. Friedman, Alan Neaigus, Benny Jose,D, Richard Curtis, Marjorie Goldstein, Gilbert Ildefonso, Richard B. Rothenberg,and Don C. Des Jarlais , (1997) studied how HIV spreads via social networking. -example, Jan Sedmidubsky, StanislavBartonl, VlastislavDohnal and PavelZezula, (2008) studied “the concepts of social networking represents a novel approach to the approximate similarity query processing” (p. 1424).
- #9: 1920 : according to Helen Northen, Roselle Kurland, “perhaps the best known theoretical approaches to the study of small groups in field theory, is associated with work of Kurt Lewin”-He studied the relationships between individual behaviors as it pertains to space, environments and groups.- In 1960s, the concept of social network analysis improved and things such as roles and positions came as a part of social network analysis concept-. For example, Samuel R. Friedman, Alan Neaigus, Benny Jose,D, Richard Curtis, Marjorie Goldstein, Gilbert Ildefonso, Richard B. Rothenberg,and Don C. Des Jarlais , (1997) studied how HIV spreads via social networking. -example, Jan Sedmidubsky, StanislavBartonl, VlastislavDohnal and PavelZezula, (2008) studied “the concepts of social networking represents a novel approach to the approximate similarity query processing” (p. 1424).
- #19: installed on users local computer
- #20: installed on users local computer