2012年3月30日 星期五

Security and Privacy Issue in Social Networking






It is the time to share the information for the last 3 lectures. I will mainly focus on the Security and Privacy Issue in Social Networking. As you know, almost everyone should have at least one account on famous social network platform, for instance, Facebook, Twitters, etc. We are living in a world where people would communicate by sending a text message from their mobile phone, post comments on their favorite online network. 

Having the social networking sites, it provides the following benefits:

  1. People can find easily and reach their audience for their businesses
  2. It help a business to improve its reputation.
  3. It provide low cost marketing with free advertising.
  4. It increases the personal touch of each others.

However, due to the social networking, the main two issues can be the XSS Attacks/ worms and LikeJacking.

1. XSS Attacks




XSS attacks are attacks that target the end user instead of your actual site. As private information is a valuable items. Hackers want to steal it.  Under XSS Situation, hackers can steal the end users cookie data or redirecting to a different site, to embedding a browser exploit on a page. Anything that can be done with JavaScript. 

Do you know the "Samy worm"? It was an XSS worm developed to propagate across the MySpace social-networking site.  It gained significant media attention.

The worm carried a payload that would display the string "but most of all, Samy is my hero" on a victim's profile. When a user viewed that profile, they would have the payload planted on their page. Within just 20 hours, over one million users had run the payload. It propagated across so fast over the site. MySpace XSS worm that effectively shut the site down for a few days in October 2005. Luckily, no private information was stolen at that time.

How to prevent XSS Attacks?

The following list outlines the general approaches to prevent cross-site scripting attacks:
  • Encode output based on input parameters.
  • Filter input parameters for special characters.
  • Filter output based on input parameters for special characters.
For example, in ASP.NET,  use URLEncode and HTMLEncode to encode the output data to the web site.

Possible sources of malicious data


While the problem applies to any page that uses input to dynamically generate HTML, the following are some possible sources of malicious data to help you spot check for potential security risks:
  • Query String
  • Cookies
  • Posted data
  • URLs and pieces of URLs, such as PATH_INFO
  • Data retrieved from users that is persisted in some fashion such as in a database

2. Likejacking
Facebook-enabled clickjacking attack that tricks users into clicking links that mark the clicked site as one of your Facebook "likes." These likes then show up on your profile and, of course, in your Facebook News Feed where your friends can see the link and click it, allowing the vicious, viral cycle to continue.



Usually, the content of the likejacking site is video. The content is very interesting and attractive. It attracts users to click on the links and watch the video into details. Victims then invited to a Facebook application asking them for user information and access to the user profile. Using this permission, the application posts spam, asks users to fill out surveys (a genuine source of commission revenue). Our privacy and credit cards information may be stolen in this case.

How to prevent Likejacking?
The following ways can prevent Likejacking:
1) If a link leads you a page which says "Click here to continue", close the page.
2) Watch out for Facebook content that involves a lot of clicking before you get to the point.
3) Facebook taking steps with pop-up message to warns users if they want to open a suspected link.
4) Log in the website and log out after uses.

Conclusion
Actually, we get used to social network and sometimes we may forget to verify the integrity of contents in our friends posts. We should look at it carefully before clicking any suspected link in order to protect our privacy data carefully. "Please slow down our steps. Think before action!"

Reference

張貼者: 9 則留言:

2012年3月15日 星期四

Sharing on Social Network Analysis


What is Social Network Analysis (SNA) ?

Social Network Analysis (SNA) is the study of social relations among a set of actors. For instance, people, groups, organizations, computers, URLs, and other connected information/knowledge entities. The nodes in the network are the people and groups while the links show relationships or flows between the nodes. SNA provides both a visual and a mathematical analysis of human relationships. We can base on the analysis and conduct new form of information and knowledge.


My knowledge on SNA

    Figure 1: Social Network
The above figures shows a simple social network, In Social Network Analysis (SNA), it can be represented by adjacency matrix or sociomatrix like the following:

The symbol, "1", represent the link exists between two nodes while represents there is no relationships between them This kind of social network is an undirected graph.

Let L be the number of links in a network, and g is the number of nodes.
In this case, L = 6 and g = 5
In order to find out the most influential people within the social network. We take the above example, several techniques can be used. 

1. Density 

It measures the closeness of a network, is an indicator for the general level of connectedness of the graph
The value of computed density is between 0 and 1.
Density = (L/ [g(g-1) / 2]) = 2* 6/20  = 0.6
2. Centrality
Three standard centrality measures capture a wide range of “importance” in a network:

2.1 Degree Centrality
It counts the number of direct connections a node has:
For the below graph, each value in "Values" rows means the Degree of the node i, we denote it as D(node i)
For the Normialized/ Standardized value,  D(node i) / (g-1)

Result:
Network Centralization = 66.67%


2.2 Closeness Centrality
Closeness represents the mean of the geodesic distances between some particular node and all other nodes connected with in. It describes the average distances between one node and all other nodes connected with it.

The formula is like the following:


Result:





Network Centralization (Closeness) = 58.33%

2.3 Betweenness Centrality
It is a measure of the potential for control as an actor who is high in “betweenness” is able to act as a gatekeeper controlling the flow of resources (information, money, power, e.g.) between the alters that he or she connects.

It can be calculated by the following formula:


Result:
Network Centralization (Betweenness) = 56.25%

In figure 1, we can find out David is the most influential people within the social network.

Conclusion
Centrality is a basic technique to measure how central an individual is positioned in a social network.

For the closeness centrality basically counting the inverse of the average shortest-path distance from the vertex to any other vertex in the graph. It can be viewed as the efficiency of each individual in spreading information to all others.

Actually, beside of the above techniques, if we transform the internet web-pages into a complicated directed graph , we can also use ranking algorithm, for example: PageRank, Hits, EigenRumor, etc They are the methods to find out the rankings. Good homepage will have a good ranking.

As SNA become more and more popular, those SNA technique will help us make the social network data to be high conceptional level into new information and knowledge in different aspects. We can find out and understand more behavior of each social network user and develop a better semantic web in the future. 

On the other hand, we need more sampling in order to make the analysis to be more accurate. However, it may lack of sufficient computing resources to handle large sampling datasets.

張貼者: 2 則留言:
訂閱: 意見 (Atom)