Information Leakage through Social Networking Websites leads to Lack of Privacy and Identity Theft Security Issues
Keywords:
Social Network Website Privacy Issues, Social Network Website Security Issues, Social Network Threats, Identity Theft, Social Network Spam, Social Network Malware, Facebook And Twitter Security IssuesAbstract
Social Networking Websites (SNW) such as Facebook, Orkut and Twitter etc., have gained more attractiveness in recent days. Because of its large number of usage, and large amount of information, they become a potential network for malicious users or attackers to exploit. Most of the social networking websites try to prevent those exploitations, but many malicious users or attackers are still able to overcome those security countermeasures by using different prevention techniques. Social network website end users may not be aware of such potential threats. Unfortunately, social networking is also common with their own security and privacy policy issues which stance a challenge for organizations trying to balance the benefits of social networking with the risks and it can pose to network and data security. Therefore, this paper will present a different privacy and security issues in online social network websites. The SNW issues include privacy issues, identity theft or personal information leakage, social networks spam and physical threats.
References
ENISA: Enisa position paper no.1, security issues and recommendations for online social networks http://www.enisa.europa.eu/doc/pdf/deliverables/enisa_pp_social_networks.pdf.
IETF,RFC2109: HTTP State Management Mechanis http://www.ietf.org/rfc/rfc2109.txt
Gross, R., Acquisti, A., Heinz III, H.: Information revelation and privacy in online social networks. In: Proceedings of the 2005 ACM workshop on Privacy in the electronic society, ACM Press New York, NY, USA (2005) 71-80
The Open Web Application Security Project,Cross Site.Scriptinghttp://www.owasp.org/asac/input_validation/css.shtml
Ahn, Y., Han, S., Kwak, H., Moon, S., Jeong, H.: Analysis of topological characteristics of huge online social networking services. In: Proceedings of the 16th international conference on World Wide Web, ACM Press New York, NY, 835-844
Mislove, A., Marcon, M., Gummadi, K., Druschel, P., Bhattacharjee, B.: Measurement and analysis of online social networks. In: Proceedings of the 7th ACM SIGCOMM conference on Internet measurement, ACM New York, NY, USA, 29-42
The Open Web Application Security Project, Session Hijacking. http://www.owasp.org/asac/authsession/hijack.shtml
David Endler, »Brute-Force Exploitation of Web Application Session ID. http://online.securityfocus.com/data/library/SessionIDs.pdf
Kumar, R., Novak, J., Tomkins, A.: Structure and evolution of online social networks. In: Proceedings of the 12th ACM SIGKDD international conference on Knowledge discovery and data mining, ACM Press New York, NY, USA. 611-617
O¡¦Murchu, I., Breslin, J., Decker, S.: Online social and business networking communities. In: Proceedings of ECAI 2004 Workshop on Application of Semantic Web Technologies to Web Communities.
Boyd, D.: Friendster and publicly articulated social networks. Conference on Human Factors and Computing Systems (CHI 2004), Vienna, Austria, April . 24-29
Acquisti, A.: Privacy in electronic commerce and the economics of immediate gratification. In: Proceedings of the 5th ACM conference on Electronic commerce, ACM Press New York, NY, USA. 21-29
Jourard, S., Lasakow, P.: Some factors in self-disclosure. Journal of Abnormal and Social Psychology 56(1) 91-98
Ajzen, I. (1991). The Theory of Planned Behaviour. Organisational Behaviour and Human Decision Process, 50(2), 179-211.
Joinson, A.N., Paine (Schofield), C. Oxford Handbook of Internet Psychology. In: Self-Disclosure, Privacy and the Internet. Oxford University Press 237-252
Farmer, R.: Instant messaging-collaborative tool or educator's nightmare. In: The North American Web-based Learning Conference.
Judge, P., Alperovitch, D., Yang, W.: Understanding and reversing the profit model of spam. In: Workshop on Economics of Information Security.
Bulgurcu, B., Cavusoglu, H., & Benbasat, I. (2010). Information Security Policy Compliance: An Empirical Study of Rationality-based Beliefs and Information Security Awareness. MIS Quarterly, 34(3), 523-548.
Oscar, P., VWANI, R.: Personal Email Networks: An Effective Anti-Spam Tool. IEEE Computer 38(4) 61-68
Carvalho, V., Balasubramanyan, R., & Cohen, W. (2009). Information Leaks and Suggestions: A Case Study using Mozilla Thunderbird. Paper presented at the CEAS 2009 - Sixth Conference on Email and Anti-Spam.
Seigneur, J., Dimmock, N., Bryce, C., Jensen, C.: Combating spam with TEA (trustworthy email addresses). In: Proceedings of the Second Annual Conference on Privacy, Security and Trust (PST¡¦04). 47-58
Garcia, F., Hoepman, J., van Nieuwenhuizen, J.: Spam Filter Analysis. In: Proceedings of 19th IFIP International Information Security Conference, WCC2004-SEC, Kluwer Academic Publishers.
Facebook. (2010). Facebook Statistics. Retrieved 14 Sept 2010, from http://www.facebook.com/press/info.php?statistics.
Zhang, Y., Egelman, S., Cranor, L., Hong, J.: Phinding phish: Evaluating anti-phishing tools. In: Proceedings of the 14th Annual Network and Distributed System Security Symposium.
Microsoft.com: Recognize phishing scams and fraudulent emails. http://www.microsoft.com/athome/security/email/phishing.mspx.
PayPal: Phishing guide part 2 https://www.paypal.com/us/cgi-bin/webscr?cmd=xpt/cps/securitycenter/general/RecognizePhishing-outside.
Wu, M., Miller, R., Garfinkel, S.: Do security toolbars actually prevent phishing attacks? In: Proceedings of the SIGCHI conference on Human Factors in computing systems, ACM Press New York, NY, USA. 601-610
Downloads
Published
How to Cite
Issue
Section
License
This work is licensed under a Creative Commons Attribution 4.0 International License.
Authors contributing to this journal agree to publish their articles under the Creative Commons Attribution 4.0 International License, allowing third parties to share their work (copy, distribute, transmit) and to adapt it, under the condition that the authors are given credit and that in the event of reuse or distribution, the terms of this license are made clear.
