social media and mobile risk - cio perspective - michalis mavis - icompetences rsi2012
TRANSCRIPT
![Page 1: Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012](https://reader033.vdocument.in/reader033/viewer/2022052607/577ce46f1a28abf1038e571e/html5/thumbnails/1.jpg)
7/30/2019 Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012
http://slidepdf.com/reader/full/social-media-and-mobile-risk-cio-perspective-michalis-mavis-icompetences 1/50
Risk case studies- Social Networks Risk Management - A CIO Perspective
- Mobile applications risks in the modern business environment
byMichalisMavis,MSc,MSc
f.ChairmanofHellenicFraudForumSecurityCountermeasures
![Page 2: Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012](https://reader033.vdocument.in/reader033/viewer/2022052607/577ce46f1a28abf1038e571e/html5/thumbnails/2.jpg)
7/30/2019 Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012
http://slidepdf.com/reader/full/social-media-and-mobile-risk-cio-perspective-michalis-mavis-icompetences 2/50
2
SNsinthe21stcentury
OnlineSocialNetworks(SNs),orweb2.0are
oneofthemostremarkabletechnological
phenomenaofthe21stcentury,
withseveralSNs
nowamongthemost
visitedwebsitesglobally.
2
![Page 3: Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012](https://reader033.vdocument.in/reader033/viewer/2022052607/577ce46f1a28abf1038e571e/html5/thumbnails/3.jpg)
7/30/2019 Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012
http://slidepdf.com/reader/full/social-media-and-mobile-risk-cio-perspective-michalis-mavis-icompetences 3/50
Agenda• UnderstandingtheopportuniGesandtherisks
ofsocialnetworks(SNs)tocorporatesecurity
andthedangersfortheindustry.
• CIOconcernsrelatedtoSN,onhowtoprotecttheITinfrastructure,thecompanybusiness&
reputaGon.
• RisksofmobileapplicaGonsandcounter-
measures.
• ConclusionsandRecommendaGons.
![Page 4: Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012](https://reader033.vdocument.in/reader033/viewer/2022052607/577ce46f1a28abf1038e571e/html5/thumbnails/4.jpg)
7/30/2019 Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012
http://slidepdf.com/reader/full/social-media-and-mobile-risk-cio-perspective-michalis-mavis-icompetences 4/50
4
THE ENISA Report
• AccordingtoENISAreportexperiencingonlineSocialNetworkingSites(SNSs)hasbecomeoneofthemostpopularacGviGescarriedouton
theInternet,forstayingintouchwithbusinessandpersonalcontacts.
• RecentstaGsGcsshowedthatmorethan80millionacGve
usersareaccessingFacebookthroughtheirmobiledevices.
![Page 5: Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012](https://reader033.vdocument.in/reader033/viewer/2022052607/577ce46f1a28abf1038e571e/html5/thumbnails/5.jpg)
7/30/2019 Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012
http://slidepdf.com/reader/full/social-media-and-mobile-risk-cio-perspective-michalis-mavis-icompetences 5/50
Social Network popularity around
the world in 2012 • Onlinesocialnetworksareeverywherethesedays,atrulyglobalphenomenon.
• Butwherearethedifferentsocialnetworkshavingthemostsuccessin
termsofpopularity?
![Page 6: Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012](https://reader033.vdocument.in/reader033/viewer/2022052607/577ce46f1a28abf1038e571e/html5/thumbnails/6.jpg)
7/30/2019 Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012
http://slidepdf.com/reader/full/social-media-and-mobile-risk-cio-perspective-michalis-mavis-icompetences 6/50
Countrieswiththehighestinterestin
1. Turkey
2. Venezuela
3. Tunisia
4. Colombia
5. Dominican
Republic
![Page 7: Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012](https://reader033.vdocument.in/reader033/viewer/2022052607/577ce46f1a28abf1038e571e/html5/thumbnails/7.jpg)
7/30/2019 Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012
http://slidepdf.com/reader/full/social-media-and-mobile-risk-cio-perspective-michalis-mavis-icompetences 7/50
7
Opportunies-1(ISACAwhitepaper)
• Enterprisesthataggressivelyembracesocialmediaaspartoftheirstrategyaremorefinanciallysuccessful.
• UseofSocialNetworkshascreatedhighlyeffecGvecommunicaonplaHormswhereanyuser,virtually
anywhereintheworld,canfreelycreatecontentand
disseminatethisinfoinrealGmetoaglobalaudience,
ofpotenGallymillionsofpeople,inlessGmethanit
takestoreadasmalldocument.
• S.N.provides the ability to reachlargepopulaons
almostinstantly.
![Page 8: Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012](https://reader033.vdocument.in/reader033/viewer/2022052607/577ce46f1a28abf1038e571e/html5/thumbnails/8.jpg)
7/30/2019 Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012
http://slidepdf.com/reader/full/social-media-and-mobile-risk-cio-perspective-michalis-mavis-icompetences 8/50
![Page 9: Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012](https://reader033.vdocument.in/reader033/viewer/2022052607/577ce46f1a28abf1038e571e/html5/thumbnails/9.jpg)
7/30/2019 Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012
http://slidepdf.com/reader/full/social-media-and-mobile-risk-cio-perspective-michalis-mavis-icompetences 9/50
Butarethereany
securityconcerns?
![Page 10: Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012](https://reader033.vdocument.in/reader033/viewer/2022052607/577ce46f1a28abf1038e571e/html5/thumbnails/10.jpg)
7/30/2019 Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012
http://slidepdf.com/reader/full/social-media-and-mobile-risk-cio-perspective-michalis-mavis-icompetences 10/50
10
Social Networks risks, the CIO headaches (security and privacy concerns)
• S.N.useisabenefit,buttheenterprisesshouldalsoconsiderrisksvs.opportunies.
• Variousvulnerabilies,suchasinsecureapplicaGonsforexample,maycauseunacceptableexposureofthecorporatenetworktovariousrisks.
• Maliciousoutsiderscoulduseemployeesocialmedia
pagestolaunchtargeteda_acksbygatheringinfoto
executesophisGcatedsocialengineeringcampaigns,orhackinga_acks.
![Page 11: Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012](https://reader033.vdocument.in/reader033/viewer/2022052607/577ce46f1a28abf1038e571e/html5/thumbnails/11.jpg)
7/30/2019 Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012
http://slidepdf.com/reader/full/social-media-and-mobile-risk-cio-perspective-michalis-mavis-icompetences 11/50
11
Majorrisksandthreats
• IdenGtythe`.• MalwarepropagaGon
• CorporatedataleakageandreputaGonrisk.
• User’sposiGontracking(whentheusermobilephoneisequippedwiththenecessary
technology–mapfuncGon).
• Datamisuseandmore…
![Page 12: Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012](https://reader033.vdocument.in/reader033/viewer/2022052607/577ce46f1a28abf1038e571e/html5/thumbnails/12.jpg)
7/30/2019 Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012
http://slidepdf.com/reader/full/social-media-and-mobile-risk-cio-perspective-michalis-mavis-icompetences 12/50
MorePhishingbyusingSNs
• Thereisatrendofhighlytargetedphishinga_acks,facilitatedbyfakedprofiles.
• SNsaremorevulnerabletosocialengineering
techniques.
12
![Page 13: Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012](https://reader033.vdocument.in/reader033/viewer/2022052607/577ce46f1a28abf1038e571e/html5/thumbnails/13.jpg)
7/30/2019 Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012
http://slidepdf.com/reader/full/social-media-and-mobile-risk-cio-perspective-michalis-mavis-icompetences 13/50
13
Itissoeasy...to
buildacompanydirectory
Icompetenceslistofemployeesbya
simpleLinkedinsearch.
13
![Page 14: Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012](https://reader033.vdocument.in/reader033/viewer/2022052607/577ce46f1a28abf1038e571e/html5/thumbnails/14.jpg)
7/30/2019 Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012
http://slidepdf.com/reader/full/social-media-and-mobile-risk-cio-perspective-michalis-mavis-icompetences 14/50
14
CorporateEspionage
SNswillbeusedmoreandmoreinthe futureforgatheringsensiGveenterprise
databyusingtheemployeesposGngs.
• Dataiso`engatheredgradually,piecebypiece.
• Forexample,severalprofessionalSNspublishinformaGononlistsof
employees.Itallowsa_ackerstoseetheconnecGonsbetweenemployees.
• IfanemployeepublishessensiGveinformaGononaSN,thismightposeaseriousthreattoacompany.
• Themainriskhereisthelossofcorporate
intellectualproperty,blackmailingofemployees
torevealsensiGvecustomerinformaGonand
eventoaccessphysicalassets.
14
![Page 15: Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012](https://reader033.vdocument.in/reader033/viewer/2022052607/577ce46f1a28abf1038e571e/html5/thumbnails/15.jpg)
7/30/2019 Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012
http://slidepdf.com/reader/full/social-media-and-mobile-risk-cio-perspective-michalis-mavis-icompetences 15/50
15
Whereandhow…?
• Intelligencegathering.SomeGmesthereisnoreasontospendalotofmoneytogatherusefulinformaGon.ItisavailablefreeontheInternet,byusingtherighttools.
• WiththeuseoftherighttoolsandtechniquesyoumayfindextremelyusefulinformaGonaboutcompeGtors,individuals,governments,companiesandnotonly.
• ItispossiblebyusinglegiGmateorillegalways.
• Butyoushouldknowhowandwheretosearchfor…• YoushouldmakeaDEEPwebsearch!
![Page 16: Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012](https://reader033.vdocument.in/reader033/viewer/2022052607/577ce46f1a28abf1038e571e/html5/thumbnails/16.jpg)
7/30/2019 Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012
http://slidepdf.com/reader/full/social-media-and-mobile-risk-cio-perspective-michalis-mavis-icompetences 16/50
16
LeakageofconfidenalInfo
• Doyouknowwhatisbeingpostedbyyouremployees,customers,oryourcompeGGon?
• WhatdoestheInternetsayaboutyourcompany?
• WeallknowinformaGonorintelligencegatheringis
oneofthemostimportantphasesofapenetraGontest.
• However,gatheringinformaGonandintelligenceabout
yourowncompanyisevenmorevaluableandcan
helpanorganizaGonproacGvelydeterminethe
informaGonthatmaydamageyourbrand,reputaGon
andhelpmiGgateleakageofconfidenGalinformaGon.
![Page 17: Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012](https://reader033.vdocument.in/reader033/viewer/2022052607/577ce46f1a28abf1038e571e/html5/thumbnails/17.jpg)
7/30/2019 Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012
http://slidepdf.com/reader/full/social-media-and-mobile-risk-cio-perspective-michalis-mavis-icompetences 17/50
AREALRISKSCENARIO
• YouareconnectedtoLinkedinnetworkatofficeorhomeandsomeonecapturesthecookiesin
traffice.g.byusingFiresheepandyouraccountis
hijacked.
• Youasauserwillnotknowthatthecookieisstolenortherehavebeenanyparallelloginby
thea_acker.
• Thehackersareusingyourhijackedaccounttoaackyouandthereputaonofyourcompany!
![Page 18: Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012](https://reader033.vdocument.in/reader033/viewer/2022052607/577ce46f1a28abf1038e571e/html5/thumbnails/18.jpg)
7/30/2019 Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012
http://slidepdf.com/reader/full/social-media-and-mobile-risk-cio-perspective-michalis-mavis-icompetences 18/50
![Page 19: Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012](https://reader033.vdocument.in/reader033/viewer/2022052607/577ce46f1a28abf1038e571e/html5/thumbnails/19.jpg)
7/30/2019 Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012
http://slidepdf.com/reader/full/social-media-and-mobile-risk-cio-perspective-michalis-mavis-icompetences 19/50
Firesheep characteriscs• Firesheeptargets26onlineservices,andincludesmanypopularonlineservicessuchas
Amazon,Facebook,Foursquare,oogle,The
NewYorkTimes,Twi_er,WindowsLive,
WordpressandYahoo.• Theextensionisalsocustomizableallowinga
hackertotargetotherWebsites
notlistedbyFiresheep.• ItworksoverWiFiconnecGons.
d h Y
![Page 20: Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012](https://reader033.vdocument.in/reader033/viewer/2022052607/577ce46f1a28abf1038e571e/html5/thumbnails/20.jpg)
7/30/2019 Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012
http://slidepdf.com/reader/full/social-media-and-mobile-risk-cio-perspective-michalis-mavis-icompetences 20/50
Id-TheYinSNs• IdenGtythe`inSNsisoneofthemostimportant
threatsasitmayaffectthereputaGonandprivacyoftheuser.Itmaytakeplaceindifferentways.
• Incasethea_ackerisabletotakefullcontroloftheuser’saccount,hemaypublishcommentsinthe
nameofthelegiGmateuser,changethecurrentpasswordande-mailaddress.Thenusethecompromisedaccounttospreadmaliciouss/w.
• Id-the`mayhaveveryseriousimpact
touser’spersonallifeandreputaGonatwork.
![Page 21: Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012](https://reader033.vdocument.in/reader033/viewer/2022052607/577ce46f1a28abf1038e571e/html5/thumbnails/21.jpg)
7/30/2019 Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012
http://slidepdf.com/reader/full/social-media-and-mobile-risk-cio-perspective-michalis-mavis-icompetences 21/50
21
BLOGSposngs
• BlogscanbesearchedviaanytradiGonalsearchengine,however,thechallengewithblogsarenotthepoststhemselvesbutthe
comments.• EspeciallycommentscomingfromcurrentorformeremployeesorcustomersonhighlysensiGvepublicrelaGonsissues.
• Itisimportanttobemonitoringblogsandtheircomments,beforetheygoviral.
![Page 22: Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012](https://reader033.vdocument.in/reader033/viewer/2022052607/577ce46f1a28abf1038e571e/html5/thumbnails/22.jpg)
7/30/2019 Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012
http://slidepdf.com/reader/full/social-media-and-mobile-risk-cio-perspective-michalis-mavis-icompetences 22/50
Countermeasures?
![Page 23: Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012](https://reader033.vdocument.in/reader033/viewer/2022052607/577ce46f1a28abf1038e571e/html5/thumbnails/23.jpg)
7/30/2019 Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012
http://slidepdf.com/reader/full/social-media-and-mobile-risk-cio-perspective-michalis-mavis-icompetences 23/50
23
Trainingandpolicy-standards
• TrainingshouldbeconductedonaregularbasisandshouldfocusonthebenefitsandopportuniGesaswell
asonthedangersrelatedtouseofsocialmedia.
• Emphasisshouldbeplacedonspecificdangersand
methodsofsocialengineering,commonexploitsand
threatstoprivacy.
• Effecvecontrolsshouldbeinplace.Professionalswithintheenterpriseshouldvalidateandmonitorthecontrolsaccordingtoawelldefinedsocialmedia
securitypolicy.
![Page 24: Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012](https://reader033.vdocument.in/reader033/viewer/2022052607/577ce46f1a28abf1038e571e/html5/thumbnails/24.jpg)
7/30/2019 Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012
http://slidepdf.com/reader/full/social-media-and-mobile-risk-cio-perspective-michalis-mavis-icompetences 24/50
24
Sothat:
• TheyknowhowtouseS.N.intheworkplace.• Theyknowwhatisallowedandwhatnot,outsidetheworkplace.
• HowtouseS.N.forbusinessuse.Whoisapproving
publishingofinformaGonrelatedtothecompany.
• Whatisnotallowedandwhenitisnotallowed.
Employees
shouldbetrained…
![Page 25: Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012](https://reader033.vdocument.in/reader033/viewer/2022052607/577ce46f1a28abf1038e571e/html5/thumbnails/25.jpg)
7/30/2019 Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012
http://slidepdf.com/reader/full/social-media-and-mobile-risk-cio-perspective-michalis-mavis-icompetences 25/50
25
GoldenRules?
• Paya_enGontowhatyoupostandupload.Considercarefullywhichimages,videosandinformaGonyouchoosetopublish.
• Neverpostsensiveinfoandifneededuseapseudonym.
• Verifyallyourcontactsanddonotacceptfriendrequestsfrompeopleyoudon’tknow.
• Protectyourworkenvironmentandavoidreputaonrisk
• Useprivacyandsecurityorientedse]ngsinyourprofile.
• Deacvatelocaonbasesservicesofyourmobilephoneif
youdon’tneedthem.
![Page 26: Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012](https://reader033.vdocument.in/reader033/viewer/2022052607/577ce46f1a28abf1038e571e/html5/thumbnails/26.jpg)
7/30/2019 Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012
http://slidepdf.com/reader/full/social-media-and-mobile-risk-cio-perspective-michalis-mavis-icompetences 26/50
Anexample:LinkedInhousekeepingsecuritymeasures...
Plselp!MySNprofilehasbeenhacked!!
![Page 27: Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012](https://reader033.vdocument.in/reader033/viewer/2022052607/577ce46f1a28abf1038e571e/html5/thumbnails/27.jpg)
7/30/2019 Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012
http://slidepdf.com/reader/full/social-media-and-mobile-risk-cio-perspective-michalis-mavis-icompetences 27/50
owtobackupyourLinkedinProfile
• Saveyourfullprofiletoapdfdocument,bypressingthepdficonunderyourphoto.
• Saveyourconnecons,byfollowingthelink:h_p://www.linkedin.com/addressBookExport
• Restoretheconneconsincaseofproblem
fromtherelevantfile.LinkedinConnecGons
=>AddConnecGons=>ContactsFile..........
i k di
![Page 28: Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012](https://reader033.vdocument.in/reader033/viewer/2022052607/577ce46f1a28abf1038e571e/html5/thumbnails/28.jpg)
7/30/2019 Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012
http://slidepdf.com/reader/full/social-media-and-mobile-risk-cio-perspective-michalis-mavis-icompetences 28/50
ExportLinkedinConnecons
![Page 29: Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012](https://reader033.vdocument.in/reader033/viewer/2022052607/577ce46f1a28abf1038e571e/html5/thumbnails/29.jpg)
7/30/2019 Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012
http://slidepdf.com/reader/full/social-media-and-mobile-risk-cio-perspective-michalis-mavis-icompetences 29/50
QuickpsonSecurityandPrivacy
• Alwayshaveatleastoneotheremailaddressassignedtoyouraccountshouldyoulose
accesstotheprimaryemailaddress.
• Log-outyourLinkedinAccountwhenfinished.• Ensureyourcomputer’ssecurityso`wareis
uptodate.
• Don’tclickonalinkyoudon’ttrust.• SetyourProfilesengs.
![Page 30: Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012](https://reader033.vdocument.in/reader033/viewer/2022052607/577ce46f1a28abf1038e571e/html5/thumbnails/30.jpg)
7/30/2019 Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012
http://slidepdf.com/reader/full/social-media-and-mobile-risk-cio-perspective-michalis-mavis-icompetences 30/50
Twoimportantse]ngs
• Preventyourconneconsfromseeingwhoyouaredirectlyconnectedtoo.Thiswillmake
surekeyvendorscontactsandclients
connectedthroughLinkedInremains
confidenGal.
• ProfileViews –Whatothersseewhenyou
visittheirprofile.
![Page 31: Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012](https://reader033.vdocument.in/reader033/viewer/2022052607/577ce46f1a28abf1038e571e/html5/thumbnails/31.jpg)
7/30/2019 Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012
http://slidepdf.com/reader/full/social-media-and-mobile-risk-cio-perspective-michalis-mavis-icompetences 31/50
Recommendaon
• NeverprovideyourLinkedincredenGals(email+password)whenclickingonalink.Always
useh_ps://www.linkedin.comtologin.
• Log-outimmediatelywhenfinished.• Setyourbrowsertodeleteallcookiesattheendofthesession
(whenbrowserisclosed).
![Page 32: Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012](https://reader033.vdocument.in/reader033/viewer/2022052607/577ce46f1a28abf1038e571e/html5/thumbnails/32.jpg)
7/30/2019 Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012
http://slidepdf.com/reader/full/social-media-and-mobile-risk-cio-perspective-michalis-mavis-icompetences 32/50
32
Internetposngsmetadata
• Metadata(dataaboutdata)areindocumentstradiGonallyusedforindexingfiles,andfindingoutinformaGonabout:
– Thedocumentcreator.
– s/wusedtocreatethedocument,andmanymore...
• Byreadingmetadatayoumaydiscover
– vulnerableversionsofs/w,thatcanbeusedforclientsidea_acks,
– OSversions, – pathdisclosure, – userid’sandmore…
![Page 33: Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012](https://reader033.vdocument.in/reader033/viewer/2022052607/577ce46f1a28abf1038e571e/html5/thumbnails/33.jpg)
7/30/2019 Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012
http://slidepdf.com/reader/full/social-media-and-mobile-risk-cio-perspective-michalis-mavis-icompetences 33/50
33
Metadata(thesilentKiller…)
• Metadataarehiddenfromtheuser.
• Therearelotsoftoolstopulloutmetadatafromdocumentsandpictures(seepaperby
LarryPesceinwww.sans.org).• Onaposteddocumentalotofrevealingmetadatamayexist,likeuserid,OS,s/wversionnumber,telephonenumber&emailaddressofdocumentowner,MACaddress,documentpath,LocaGon(city),etc…
![Page 34: Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012](https://reader033.vdocument.in/reader033/viewer/2022052607/577ce46f1a28abf1038e571e/html5/thumbnails/34.jpg)
7/30/2019 Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012
http://slidepdf.com/reader/full/social-media-and-mobile-risk-cio-perspective-michalis-mavis-icompetences 34/50
MobileAppsandphonefeatures
securityconcerns
![Page 35: Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012](https://reader033.vdocument.in/reader033/viewer/2022052607/577ce46f1a28abf1038e571e/html5/thumbnails/35.jpg)
7/30/2019 Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012
http://slidepdf.com/reader/full/social-media-and-mobile-risk-cio-perspective-michalis-mavis-icompetences 35/50
Mobile Apps plus & minus points• Mobile apps make our lives
easier, but they also give a wider group of application developersand advertising networks theability to collect information aboutour activities and leverage the
functionality of our devices.• Even though a list of permissions
is presented when installing anapp, most people don’tunderstand what they areagreeing to.
• Free apps are more dangerous.
Séminaire International RSI'2012 Morocco, 19 & 20 Novembre 2012
![Page 36: Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012](https://reader033.vdocument.in/reader033/viewer/2022052607/577ce46f1a28abf1038e571e/html5/thumbnails/36.jpg)
7/30/2019 Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012
http://slidepdf.com/reader/full/social-media-and-mobile-risk-cio-perspective-michalis-mavis-icompetences 36/50
Some of the
major risks ?
![Page 37: Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012](https://reader033.vdocument.in/reader033/viewer/2022052607/577ce46f1a28abf1038e571e/html5/thumbnails/37.jpg)
7/30/2019 Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012
http://slidepdf.com/reader/full/social-media-and-mobile-risk-cio-perspective-michalis-mavis-icompetences 37/50
Whatfreemobileappsmaybedoing?
• TheymaygetpermissiontotrackyourlocaGon.
• Theymayhavepermissiontoaccesstoyouraddressbook.
• Theymayhavepermissiontosilentlysendtextmessages!
• TheymayiniGatecallsinthebackground(acGngasaspy
device).• Theymayhavepermissiontoaccess
thedevicecamera.
• Theymaysilentlyconnecttothe
Internet…
![Page 38: Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012](https://reader033.vdocument.in/reader033/viewer/2022052607/577ce46f1a28abf1038e571e/html5/thumbnails/38.jpg)
7/30/2019 Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012
http://slidepdf.com/reader/full/social-media-and-mobile-risk-cio-perspective-michalis-mavis-icompetences 38/50
Spyingonyourphone
• Unauthorizedtransferof Mobiledatathataackerscanintercept:
– Calls(CDRs)andbrowsinghistory(sites). – ourcurrentlocaon. – Contacts(addressbook). – EmailsandSMSssent&received. – Acvateaudio&video(online–realme). – Datafiles(personalphotos,videos,recordingsetc.).
![Page 39: Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012](https://reader033.vdocument.in/reader033/viewer/2022052607/577ce46f1a28abf1038e571e/html5/thumbnails/39.jpg)
7/30/2019 Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012
http://slidepdf.com/reader/full/social-media-and-mobile-risk-cio-perspective-michalis-mavis-icompetences 39/50
Fraud• Enforcethecompromiseddeviceto...
– MakePRScalls(highcost) – SendPRSSMSmessages. – Makeunauthorizedmobilepayments. – Propagatevirusandworms – Contributetobotnets.
![Page 40: Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012](https://reader033.vdocument.in/reader033/viewer/2022052607/577ce46f1a28abf1038e571e/html5/thumbnails/40.jpg)
7/30/2019 Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012
http://slidepdf.com/reader/full/social-media-and-mobile-risk-cio-perspective-michalis-mavis-icompetences 40/50
Phishing&Impersonaon
• Vicmisaskedtoauthencatethinkingitisconnecngtoasecuresiteandendsup
sendinghiscredenalstoanaacker.
• ThemaliciousappcreatesaUserInterfacethatimpersonatesalegimateapplicaon,
forobviousreasons.
![Page 41: Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012](https://reader033.vdocument.in/reader033/viewer/2022052607/577ce46f1a28abf1038e571e/html5/thumbnails/41.jpg)
7/30/2019 Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012
http://slidepdf.com/reader/full/social-media-and-mobile-risk-cio-perspective-michalis-mavis-icompetences 41/50
Rootkitbehavior
• Rootkitsaremalwarethatstealthilyachievetheirgoalsbymodifyingoperangsystem
codeanddatainordertohidetheir
presence.
• Forexampletheyaremodifyingtheproxyconfiguraonand/ortheysetupe-mail
forwardingtocopyreceivedemailswithoutbeenidenfied.
![Page 42: Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012](https://reader033.vdocument.in/reader033/viewer/2022052607/577ce46f1a28abf1038e571e/html5/thumbnails/42.jpg)
7/30/2019 Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012
http://slidepdf.com/reader/full/social-media-and-mobile-risk-cio-perspective-michalis-mavis-icompetences 42/50
Legimateappsvulnerabilies
• Poorsecurityimplementaonofalegimateapplicaonsmayexposedeviceinformaon
andauthencaoncredenalsandother
sensivedatato3rdpares.
• ExamplesincludelocaonandownerIDinformaon,telephonenumberanddevice
ID,authencaoncredenalsandauthorizaontokens.
Social Network on your Iphone !
![Page 43: Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012](https://reader033.vdocument.in/reader033/viewer/2022052607/577ce46f1a28abf1038e571e/html5/thumbnails/43.jpg)
7/30/2019 Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012
http://slidepdf.com/reader/full/social-media-and-mobile-risk-cio-perspective-michalis-mavis-icompetences 43/50
Social Network on your Iphone !
Wh t i G T i ?
![Page 44: Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012](https://reader033.vdocument.in/reader033/viewer/2022052607/577ce46f1a28abf1038e571e/html5/thumbnails/44.jpg)
7/30/2019 Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012
http://slidepdf.com/reader/full/social-media-and-mobile-risk-cio-perspective-michalis-mavis-icompetences 44/50
Whatis Geo Tagging ?
Geo Tagging is the processof adding geographical
idenGficaGon metadata to
various media such as a
photos, videos, websites,SMSmessages,etc.
Any use of geo tagging ?
![Page 45: Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012](https://reader033.vdocument.in/reader033/viewer/2022052607/577ce46f1a28abf1038e571e/html5/thumbnails/45.jpg)
7/30/2019 Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012
http://slidepdf.com/reader/full/social-media-and-mobile-risk-cio-perspective-michalis-mavis-icompetences 45/50
Any use of geo tagging ?
• GeotaggingcanhelpusersfindawidevarietyoflocaGon-specificinformaGon.
• Forinstance,onecanfindimagestakenneara
givenlocaGonbyenteringlaGtudeandlongitudecoordinatesintoasuitable
imageSearchEngine.
![Page 46: Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012](https://reader033.vdocument.in/reader033/viewer/2022052607/577ce46f1a28abf1038e571e/html5/thumbnails/46.jpg)
7/30/2019 Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012
http://slidepdf.com/reader/full/social-media-and-mobile-risk-cio-perspective-michalis-mavis-icompetences 46/50
Geo Tagging concerns
• Smartphonesmayallowsomeonewiththenecessarytechnicalknowledgetofindwhere
youareoneverymoment,withafewsimple
clicks?
![Page 47: Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012](https://reader033.vdocument.in/reader033/viewer/2022052607/577ce46f1a28abf1038e571e/html5/thumbnails/47.jpg)
7/30/2019 Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012
http://slidepdf.com/reader/full/social-media-and-mobile-risk-cio-perspective-michalis-mavis-icompetences 47/50
LocationBased Services (LBS)
• SocialNetworkswithgeotaggingfacilityONmayallowsomeintruderstolinkinformaonaboutyou
moreeasily.
• DoyoureallyneedLBS?SomeonemayconnectthepiecesofinformaGonrelatedtoyouracGviGes,and
leadtoproblems.
• IfneededlimitpeoplewhoareabletouseandseenetworklocaonservicesinyourSNprofile.
![Page 48: Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012](https://reader033.vdocument.in/reader033/viewer/2022052607/577ce46f1a28abf1038e571e/html5/thumbnails/48.jpg)
7/30/2019 Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012
http://slidepdf.com/reader/full/social-media-and-mobile-risk-cio-perspective-michalis-mavis-icompetences 48/50
Which mobile OS is more secure ?
• Android• iOS• Blackberry• WindowsPhone
• Symbian
![Page 49: Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012](https://reader033.vdocument.in/reader033/viewer/2022052607/577ce46f1a28abf1038e571e/html5/thumbnails/49.jpg)
7/30/2019 Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012
http://slidepdf.com/reader/full/social-media-and-mobile-risk-cio-perspective-michalis-mavis-icompetences 49/50
CONCLUSIONS
• Socialnetworksareheretostay,andastheycanbringbusinessbenefitsaswellasrisks,it
isbe_ertoensurethatuserscanparGcipate
insocialnetworkssensiblyandsafelyrather
thanbanningthemfromtakingpartatall.
• TrainingandpublishingofSMpolicyiscriGcal.
• MobileappsareextremelyusefulbuttheypotenGallyopendoorstomaliciousbehaviour.
![Page 50: Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012](https://reader033.vdocument.in/reader033/viewer/2022052607/577ce46f1a28abf1038e571e/html5/thumbnails/50.jpg)
7/30/2019 Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012
http://slidepdf.com/reader/full/social-media-and-mobile-risk-cio-perspective-michalis-mavis-icompetences 50/50
ThankyouMichalisMavis,MSc,MSc
//gr.linkedin.com/in/mmavis