Monday, November 12, 2012

Vulnerabilities To Be Addressed To Safely Utilize Online Social Networking: Interaction Safety

Interacting with contacts on an online social networking site has two dangerous scenarios which a user must protect themselves from. The first, and more readily apparent, is interacting with a new contact. This can be either someone whom the user thinks they know, but has not established a connection with through the site, or a stranger. In either situation, the person behind the persona may be a malicious actor attempting to gain access to the user’s private data. The second is that a user to communicating with a malicious actor impersonating a friend through compromised account credentials.

Both of these scenarios are cases which pose dangerous to the user’s confidentiality, as any private information divulged is being turned over to unauthorized recipients. Any files received from such an actor may very possibly be trojan horse malware which poses threats to all three cybersecurity facets.

Risks from tainted interactions are low when there is a reasonable belief that the other party is known and medium when the other party is unknown. Rarely will the friend you talk to actually be an imposter and even among strangers, most are not malicious. As the impact of a tainted interaction is potentially very high, the mitigation policies should still be followed.

Mitigation of these dangerous scenarios can be achieved through policies which instruct users to view all online interactions as potentially compromised, and as such not to ignore any suspicious indicators in a conversation. Before friending a ‘known’ contact, an out-of-band communication should be performed to verify that the account in question belongs to the expected person. Any conversation that only includes the other party referencing data available on the site should be questioned as well, because it may be an impostor.

Vulnerabilities To Be Addressed To Safely Utilize Online Social Networking
INTRODUCTION
PRIVACY
 UNREMOVABLE CONTENT
 PRIVACY RISK
 PRIVACY PROTECTION
SAFETY
 ACCOUNT SAFETY
 NETWORK SAFETY
 INTERACTION SAFETY
CONCLUSION

No comments:

Post a Comment