the jeopardy of social media - · pdf filethe jeopardy of social media ... your first response...
TRANSCRIPT
The Jeopardy of
Social Media
Ed Miller CISA CIA CISM CIPP/IT March 6, 2014
Virginia Chapter Meeting
• For smartphone or tablet users, you can find the app at your local App store (apple,
google play or whatever) by searching for Turning Technologies or Responseware.
• Download the app directly to your device
– Download Options • Android™ App
• iPhone®/iPad®/iPod touch® App
• Or try http://www.rwpoll.com/download.aspx
• You also don’t need the app at all. Just use your browser and type www.rwpoll.com
Clicker Players We are going to be using audience response devices, or
“clickers”. You just click the number when you want to
answer.
Smartphone Players
Session ID: ISACA
Scoring • We’re going to divide into teams, so everyone plays.
• Team scores are the average of the total team.
• For example, let’s say there are 10 teammates
answering a 1000 point question. 7 answer correctly
and 3 are wrong.
(7 correct x 1000) + (3 incorrect x 0) = 7000
7000 / 10 teammates
= 700 points
“POLLING” is the length of time from when the question is
first displayed until the question is closed from further
answers.
You can start answering as soon as the question is
revealed. I’ll close polling as soon as I think most people
have had a chance to answer the question.
In addition, your first response on the clicker is the only one
that counts. You cannot change your mind.
Also, SPEED scoring is in effect. In speed scoring, the
player’s score is reduced by the length of time it took to
respond based on how long “polling” is open & when the
response was input.
So if polling is open for 10 seconds for a 1000 point
question, then each full second taken before the
correct answer is clicked, reduces the player’s score
by 100 points.
Example, if it’s a 1000 point question & polling is open
for 10 seconds and it takes a player 7 seconds to
respond correctly, the player loses 700 points from the
1000 point maximum & only scores 300 points for his
team. But if the player takes only ½ second to respond
correctly, the player loses only 50 points from the
maximum of 1000 & scores 950 points for the team.
You’ll see a lot of decimal places in the scoring.
LET’S PLAY!
Select the day of your birthday
Days 1 th
rough 1
0
Days 11 th
rough 20
Days 21 th
rough 31
0% 0%0%
1. Days 1 through 10
2. Days 11 through 20
3. Days 21 through 31
l also need a team captain from each
team to choose questions.
Team Captains
LAW &
ORDER
FACTS &
FIGURES
THERE’S
AN APP
FOR THAT
PRIVACY
RISKY
BUSINESS
POTPOURRI
200 200 200 200 200 200
400 400 400 400 400 400
600 600 600 600 600 600
800 800 800 800 800 800
1000 1000 1000 1000 1000 1000
Jeopardy
Can the police spy on people using social
media networking sites?
1. No, it is unconstitutional
2. Not without a warrant
3. Yes, but only for suspected terrorists
4. Only if probable cause of a crime is established
5. Yes
No, it i
s unco
nstitu
tional
Not with
out a w
arrant
Yes, but o
nly fo
r susp
ecte...
Only if
pro
bable
cause
of .
.. Yes
0% 0% 0%0%0%
Law and Order - 200
In 2011 Allergy Pathway Ltd. was fined for allegedly allowing
misleading reviews of its products to be published on its website via
links to Facebook; Twitter and YouTube. While the company had not
written the testimonials posted in these social media areas; the court
found that by deciding not to remove them it had effectively become
the publisher. What country was this in?
1. South Africa
2. Ireland
3. Canada
4. Australia
5. England
Law and Order 400
South A
frica
Ireland
Canada
Australia
England
0% 0% 0%0%0%
78% of these types of criminals admitted to
using Facebook; Twitter; FourSquare &
Google Street View to select victims?
Law and Order - 600
1. Credit Card Fraudsters
2. Hackers
3. Spammers
4. Burglars
5. Identity Thieves
1. 2. 3. 4. 5.
0% 0% 0%0%0%
This US government agency has collected
and archived ALL public tweets since
Twitter’s inception in 2006.
1. National Security Agency
2. Federal Trade Commission
3. National Bureau of Records & Archives
4. Library of Congress
5. Central Intelligence Agency
Law and Order - 800
Nat
iona
l Sec
urity Age
ncy
Fede
ral T
rade
Com
mission
Nat
iona
l Bur
eau of
Rec
o...
Libr
ary of
Con
gres
s
Cent
ral Int
ellig
ence
Age
ncy
0% 0% 0%0%0%
You are evaluating resumes for a new IT tech position. The job requires
lifting & mounting servers into racks. You review your most qualified
applicant’s LinkedIn page. Her resume checks out completely but after
seeing her picture you have concerns. What should you do?
1. Schedule the applicant for an interview
2. Do not interview, the applicant does not appear to be physically able to perform the job
3. Do not interview, the applicant is too old for the position
Schedule
the applic
ant fo...
Do not i
nterv
iew
, the ap
p...
Do not i
nterv
iew
, the ap
p...
0% 0%0%
Law & Order - 1000
How many malicious links does Facebook
block every DAY?
1. 22,000
2. 220,000
3. 220 million
4. 220 billion
22,000
220,000
220 mill
ion
220 billi
on
0% 0%0%0%
Facts and Figures- 200
Per a 2010 survey: how many Tweets
containing spam or malicious links did the
average Twitterer receive per DAY?
1. 27
2. 17
3. 7
4. 1
27 17 7 1
0% 0%0%0%
Facts and Figures- 400
Social media apps for smart mobile devices have
exploded in popularity over the last few years. How
many smart phones were “lost” or “stolen” in 2012?
1. 7 million
2. 25 million
3. 50 million
4. 70 million
5. 100 million
7 mill
ion
25 mill
ion
50 mill
ion
70 mill
ion
100 mill
ion
0% 0% 0%0%0%
Facts and Figures-600
Will Victoria’s Secret really give me a $500 gift
card for sharing a link on my Facebook page?
1. Yes, they will. It is a reward given to users who advertise for them
2. Yes, but only if the established number of your friends also share the same link
3. No, they don’t do that Yes,
they w
ill. I
t is a
rew
...
Yes, but o
nly if
the e
stab
...
No, they d
on’t do th
at
0% 0%0%
Facts & Figures– 800
“ I don't have a bank
account because I don't
know my mother's maiden
name.“
- Paula Poundstone
Password hint questions such as pet’s name; city of birth; favorite
sports team etc. are often used to help social media users who
have forgotten their passwords. Statistically; how many users
forget the answers to their own secret questions?
1. 1 out of 1000
2. 1 out of 100
3. 1 out of 10
4. 1 out of 5
1 out o
f 1000
1 out o
f 100
1 out o
f 10
1 out o
f 5
0% 0%0%0%
Facts and Figures-1000
Smartphones include audio sensors; image sensors; touch
sensors; acceleration sensors; light sensors; proximity sensors; &
location sensors. Studies have shown that apps utilizing just some
of these features can successfully predict this with over 80%
accuracy.
1. User’s height/
weight
2. User’s gender
3. User’s age
4. User’s ethnicity
There’s an APP for that – 200
1. 2. 3. 4.
0% 0%0%0%
This social media smartphone app lets users send
photos that will “self-destruct” within 10 seconds
making users feel “safer” about sending silly & even
explicit photos.
1. Instagram
2. Flickr
3. Photobucket
4. Snapchat
5. Image Shack
6. KIK
Inst
agram
Flick
r
Photobuck
et
Snapchat
Image Shac
k KIK
0% 0% 0%0%0%0%
There's an APP for that - 400
Which “app store” has the best reputation
for providing “secure” apps?
1. Google Play
2. Amazon
3. Blackberry World
4. Apple iTunes
5. Facebook
Google P
lay
Amazo
n
Black
berry W
orld
Apple iT
unes
Face
book
0% 0% 0%0%0%
There's an APP for that - 600
Using a specially developed app that runs facial-recognition
software ; researchers have matched randomly collected digital
photos to Facebook users and could often determine the person’s
Name; Birthday; Place of Birth; and SSN. Where was this research
conducted?
1. MIT
2. Center for Cyberspace Research
3. Carnegie Mellon
4. Georgia Tech
5. National Institute of Standards & Technology M
IT
Center f
or Cybers
pace R
e...
Carnegie
Mello
n
Georgia
Tech
Natio
nal Inst
itute
of S
ta...
0% 0% 0%0%0%
There’s an APP for that - 800
FourS
quare
Creepy
Where
DoYouGo
Loopt
0% 0% 0%0%0%
This APP lets you enter a social media username or use their search
utility to find users of interest. When you hit the 'GEOLOCATE
TARGET' button; the app downloads every photo; tweet or facebook
post that the person has ever published. It then generates a map of
when and where that person has been. What is the APP?
1. FourSquare
2. Creepy
3. Reddit
4. WhereDoYouGo
5. Loopt
There's an APP for that - 1000
What percentage of users surveyed do not check
the privacy settings in any of their social media
networks?
1. 10%
2. 15%
3. 20%
4. 25%
5. 35%
10%15%
20%25%
35%
0% 0% 0%0%0%
Privacy - 200
All of these things can lead to IDENTITY
THEFT; but researchers have determined
that the most common problem is?
1. Poor Password Management
2. Providing Too Much Personal Information (TMI)
3. Clicking on malicious links
4. Engaging in inappropriate online behavior
Poor Pas
sword
Manage...
Provid
ing T
oo Much
Per..
.
Clickin
g on m
alicio
us lin
ks
Engaging i
n inappro
pria..
0% 0%0%0%
Privacy - 400
Enter Question Text
1. Subscription fees
2. Ad streaming
3. Sale of demographic &
user behavior data
4. Click tracking
5. Corporate sponsors
Subscrip
tion fe
es
Ad stre
amin
g
Sale o
f dem
ographic
& u...
Click tr
ackin
g
Corpora
te sp
onsors
0% 0% 0%0%0%
Privacy - 600 Social media networks make most of their
money through?
John McAfee; inventor of McAfee Anti-Virus & a person of interest in a
murder case in Belize; was located in Guatemala when digital pictures
of him were posted online. The pictures contained metadata revealing
the GPS coordinates of where he was hiding. This particular format of
“picture” metadata is known as?
1. Dublin Core
2. EXIF
3. ONYX
4. MPEG-7
5. MODS
Dublin C
oreEXIF
ONYX
MPEG
-7
MODS
0% 0% 0%0%0%
Privacy - 800
Joe is a valued employee and never uses Facebook at work. His FB
page identifies the name of his employer. He posted this picture of
himself on FB from his personal smartphone. Joe has many
colleagues from his office as FB “friends” including his boss who saw
this picture. Joe’s boss should:
1. Ignore this picture, Joe has 1st Amendment rights.
2. Fire Joe immediately
3. Talk to Joe about the picture
4. Refer Joe to a drug treatment program
Ignore
this
picture
, Joe h
..
Fire Jo
e imm
ediate
ly
Talk to
Joe ab
out the p
i...
Refer J
oe to a
dru
g trea...
0% 0%0%0%
Privacy - 1000
Per a 2011 survey in the UK; who is more likely to
fall victim to a phony Facebook friend request?
1. Men
2. Women
Men
Wom
en
0%0%
Potpourri- 200
A study from the U.K. indicates that people who post too many
self-taken photos of themselves on Facebook and similar social
networks risk damaging their real-life relationships. These types
of photos are known as what?
1. Selfies
2. Faceplants
3. GessHoos
4. MyPix
5. MeMe’s
Selfies
Face
plants
GessHoos
MyPix
MeM
e’s
0% 0% 0%0%0%
Potpourri - 400
http://bit.ly/aaI9KV
What is Bit.ly and why might it be
unsafe? 1. It’s a “clickjacker”, a malicious script
that can make a user’s computer automatically & repetitively click on pay-for-click advertising links
2. It’s a URL shortener that may redirect a social media user to a malicious website or script
3. It’s a Libyan hacker forum that trades in credit card numbers stolen from social media websites
4. It’s a virus targeted through social media networks, that overlays the first 64 bits of a boot sector with all 0’s.
It’s a
“clic
kjack
er”, a
mal.
..
It’s a
URL s
hortener t
hat...
It’s a
Libya
n hack
er foru
...
It’s a
virus t
argete
d thro
...
0% 0%0%0%
Potpourri – 600
This worm targets social networking sites by delivering
messages to “friends” of a social network user whose
computer has already been infected. When the message is
opened, the user is prompted to download a fake and
malicious Adobe update.
1. Koobface
2. Pikachu
3. Mikeyy Mooney
4. Anna Kournikova
5. Michelangelo
Koobface
Pikachu
Mik
eyy M
ooney
Anna Kourn
ikova
Mich
elange
lo
0% 0% 0%0%0%
Potpourri - 800
In 2012 Manti Te’o; a Notre Dame football player &
Heisman Trophy candidate; was lured into a social
media relationship with a non-existent woman. This
type of scam is known as?
1. Like-jacking
2. Identity Theft
3. Cyberstalking
4. Catfishing
5. Social Engineering
Like-ja
ckin
g
Identit
y Theft
Cybersta
lkin
g
Catfish
ing
Social E
ngineerin
g
0% 0% 0%0%0%
Potpourri - 1000
Francesca’s Holdings Corp. fired it’s CFO for improperly communicating
company information through social media. His Twitter feed and
Facebook wall contained several items that could have led to his
downfall.
One study showed show that 76% of the Inc. 500 lack this essential
control?
1. Social media analytics
2. Social media employee training
3. Social media usage policy
4. Social media monitoring
5. Social media risk assessment
Risky Business - 200
Social m
edia analytics
Social m
edia emplo
yee tr
...
Social m
edia usage polic
y
Social m
edia monito
ring
Social m
edia risk
assess
ment
0% 0% 0%0%0%
This fashion designer & online store suffered significant
damage to their brand when it tweeted about the 2012 uprising
in Egypt; “Millions are in uproar in Cairo. Rumor is that they
heard our new spring collection is now available online at ….”
1. Max Raab
2. Kenneth Cole
3. Perry Ellis
4. Nikki Sixx
5. Kelly Carrington
Risky Business - 400
Max R
aab
Kenneth Cole
Perry Ellis
Nikki S
ixx
Kelly Carri
ngton
0% 0% 0%0%0%
In April 2013; this hacker group hacked the twitter feed of the
Associated Press & tweeted that the White House had been
bombed; causing great confusion & temporarily sending the
stock market down 143 points in a matter of minutes.
1. Anonymous
2. LulzSec
3. Chaos Computer Club
4. Syrian Electronic Army
5. NCPH
Risky Business - 600
Anonymous
LulzS
ec
Chaos Com
puter C
lub
Syria
n Ele
ctro
nic Arm
yNCPH
0% 0% 0%0%0%
Companies have flocked to Facebook & Twitter as a way to
advertise using short posts & tweets. New regulations
introduced in March 2013 now require such posts to first
state that it is an advertisement & to be followed up with
disclosure to the claim. What agency created these
regulations?
1. Dept of Commerce
2. Bureau of Industry & Security
3. Federal Trade Commission
4. Consumer Financial Protection Bureau
Risky Business - 800
Before Regulations
After Regulations
A white-hat hacker created this fictitious person using profiles on Facebook; Twitter
& LinkedIN. The profiles described her as a 25-year-old MIT graduate & "cyber
threat analyst" working at the Naval Network Warfare Command in Norfolk, Va.
Within days; “she” was able to "friend" nearly 300 people, most of them security
specialists; US military personnel; and staff at intelligence agencies & defense
contractors.
Despite the completely fake profile & any real corroborative evidence; “she” was
offered consulting work with Google & Lockheed Martin & received numerous
dinner date invitations. “She” was able to gain access to email addresses; bank
accounts & the locations of secret military units based on soldiers' FB photos.
“She” was also given private documents for review & was offered speaking
engagements at several conferences.
What name was used for this fictitious person?
1. Lennay Kekua
2. Robin Sage
3. Shawna Kenney
4. April Tyler
Risky Business - 1000
Lennay K
ekua
Robin Sage
Shawna Kenney
April Tyler
0% 0%0%0%
Cumulative Team Scores Points Team
Individual
Individual Leaders Points Participant Points Participant
TEAM
Team Racing Scores
Thank you!
We now return you to your
regular programming.