No, it has nothing to do with « sécurité sociale », or when you’re bereft without work, and the local government forks out a tax or tithe portion to keep the nation healthy. It has to do with how secure your online life is.
Should Social Networking platforms implement strategies to curb fraud amongst members – should the idea of implementing risk solutions the better way to keep defragmented data in its place – protected?
The questions in mind came crashing unto the blueprint when I wanted to create a professional social network way back in the mid-eighties. We didn’t have OpenBC, nor MySpace or the likes of Facebook then. Even back then the idea of being ’secured’ on a simple community platform had been critically looked into by potential investors who wanted to know how best I could ensure that a member’s information is not compromised, or safety, endangered.
There are certainly ways to curb « fraud » from unprincipled people as near as your back door neighbor and as far as your eyes can see across the horizon, via fiber optics unseen on ocean beds.
Discussions went as far as to how we could work in tandem with intra-governmental agencies, Chambers of Commerce through D&B and BBB, and the Interpol. It was not easy – we wanted to look at simpler solutions without having to have Corporate members forking principled amount paying for such a service – the abstraction is not to charge a premium fee but fair enough to ensure the margins were well considered for everyone – from technology suppliers through administration to stockholders, and board members.
Facebook’s network architecture and privacy controls limit the availability of personal data to networks and people that have been confirmed as friends. Our extensive privacy settings and security measures empower our users and make it very difficult to get to personal information and misuse it. – Chris Kelly, Facebook’s Chief Privacy Officer.
The idea then was to create secured software in the backend {even to the point as applying SAAS} that were not at all misrepresented and easily exploited by casuistic individuals especially when outsourcing. Hence the idea of transparency came into the picture, and data collated to be shared amongst ourselves, extending through business intelligence {BI} throughout the world.
The mantra of any good security engineer is: ‘Security is a not a product, but a process.’ It’s more than designing strong cryptography into a system; it’s designing the entire system such that all security measures, including cryptography, work together. – Bruce Schneier
Today with more than five popular mainstream SNS we learn and hear of the dangers facing members who are ignorant of Online culture – causing them to blindly click on links received in emails, and online messengers, sent in via worms/trojans/password-info stealer and assumed ‘friends’ in their buddy-list. Should SNS accommodate the screening process at sign-up? What are the ways we as developers and architects do in order to maintain safer platforms for the populace?
Ideas and hints to look into when designining your architecture – implementing a secure bottomline!
Phoraging – Taking data from many different online sources to build up the identity of a consumer to commit identity theft.
An ICM study carried out in the United Kingdom has revealed that around 25 percent of users signed up to social-networking Web sites are unknowingly providing criminals with ample opportunity to strike by posting sensitive information on their personal pages.
Money, politics, or revenge motivates the insider who commits fraud, compromises sensitive data, or sabotages a network. Access control is often discussed as part of identity and access management {IAM}, a market segment that has grown substantially during the past few years as organizations seek to secure their data from insider threat and meet compliance requirements.
While social networking sites can increase a person’s circle of friends, they also can increase exposure to people with less than friendly intentions.
In addition to providing users with a platform to exchange and get access to information about fraud and revenue management, IRMA lets users of the company’s FraudView system upload and download controls they can apply to their fraud protection configurations.
“This generation is much more forward in the information they’re giving over to sites like Facebook,” he says. “There’s no reservation in revealing date of birth, schools, football teams, even mobile phone numbers. They don’t have that worry about security.”
Before the users can play the video they are told they need to download a video player upgrade, which is in fact a password-stealing virus. The next time the victim logs into Facebook the malware-laden message is sent to all of their friends and the infected link is automatically added in comments on friends’ pages.
In the most recent outbreak of the Nigerian scam – an advance fee fraud that is estimated to gross hundreds of millions of dollars annually – the scam letter is sent as a LinkedIn, or other social networking sites – invite to join the user’s network. A profile page is established with the social networking site, to make the claims in the scam letter appear legitimate. Since the scams are only delivered to the social networking site’s user accounts, they completely bypass antispam filters.
Hack attacks, ID theft and malicious software target growing membership of online communities: Internet Scambusters™ #306
Identity theft is a misleading term. It implies the identity is gone completely, and it implies a singular identity. Perhaps persona cloning is a better term.
Future social networking sites will become more important because platforms will expand further. “Killer apps” will include mobility, presence, and location awareness, with the goal of making your physical life more convenient through your virtual network; you’ll have a traveling social network in your back pocket. Not only will you be able to know which of the friends in your network is online, but you’ll also be able to know which are nearby. Cell tower triangulation and global positioning systems will be able to pass along your location to whomever you allow. Location-aware services could match local businesses and entertainment to your interests based on your profile. Business travelers could more easily rendezvous with coworkers and clients at conferences and trade shows.
Beginning 2005, methods for executing Internet attacks have been quietly evolving. The shift has remained subtle to date, but enterprises that ignore newer attack methods may experience significant losses. Hackers’ motivation for launching attacks has changed, causing the current threat evolution. Today attacks are profit driven, not glory and fame. The more organized attempts for financial gain are harnessing intellectual talent within the hacker community to devise new attack strategies and innovative malicious code {malcode} that invades enterprises systems without detection. Information security solutions used to protect organizations from hackers intending to generate front page news about a successful denial of service attack or a web site defacement. In the new era of Internet threats, attackers are motivated by profit or politics and use cutting edge technology to probe networks undetected for as long as possible. The longer attacks go unnoticed, the more opportunity for success in data theft and other profit-generating activities.
To mitigate the risk of being defrauded, Rivner advised firms to employ several key strategies. They involve limiting credit harvesting by detecting, blocking and shutting down attacks and then rolling out two-factor and adaptive authentication to customers, and finally transaction monitoring.
In 10 tips for social networking safety, Microsoft cautions that risks increase as more and more people use these sites. “Hackers, spammers, virus writers, identity thieves, and other criminals follow the traffic.”
There are benefits as well as risks to using business-controlled social networking solutions. Whether the benefits outweigh the risks is a question each management team must answer, given its unique culture, industry, regulatory issues, etc.
Companies need to become educated on the nuances of the various utilities and develop strategies and policies that take into account both the risks and the benefits.
