OSN security is about protecting data and sensitive information from those with malicious intentions. New vulnerabilities are constantly being discovered and threats against corporate networks are getting increasingly sophisticated. That’s why we need to know about the principles of information systems security and to have an idea about the possible vulnerabilities and attacks that could threaten our privacy.
A. Fundamentals of information security
Most threats to information system come from people not from computers. So we need to know about the core principles on which the information security relies:
Confidentiality: is about making sensitive information reach right people and prevents wrong people from getting it.
Integrity: refers to
…show more content…
//here I will paste the content of the previous part that talks about OSNs and I will just talk there about the web applications vulnerabilities that’s all.
1. Facebook
Likejacking attacks The main idea is that attackers create interesting posts using social engineering tactics [10]. This technique is based on the use of intriguing posts that rely on rumors, celebrity news and even disasters. By clicking the link some malicious scripts would automatically re-post the image or video on their contacts’ walls and even in some groups that they joined. This attack could also make users like a Facebook page without their consent.
Rogue applications
Facebook allows anyone to develop an app and submit it on its open platform to make it accessible to the users. Cybercriminals use this opportunity to collect sensitive information about people including their email addresses, Facebook Ids and even their GPS coordinates and use them later in spamming and phishing attacks.
Chat Attacks
Cybercriminals use the chat feature for phishing attacks and even to launch denial-of-service attacks although they are not friends of the
…show more content…
The result of the scan with this limited capabilities trial version of Acunetix as presented in the figure 3 shows more than a 100 XSS injection and a breach attack with some other medium and low threats.
The “BREACH attack” threat in MySpace allows an attacker to leverage information leaked by compression to recover targeted parts of the plaintext. For the “Cross site scripting” threat here, it allows an attacker to inject malicious code to another user in order to steal the session cookie and take over the account.
The medium level risk or the “HTML form without CSRF protection” could be a false positive alert. But it allows an attacker to make the user execute actions of the attacker’s choice in order to compromise the users’ data.
The “Clickjacking: X-Frame-Options header missing” vulnerability means that the server didn’t return an X-Frame-Options which means that this web site could be at risk of a Clickjacking attack.
“File Upload” risk is about allowing users uploading files like pictures, documents and others to the web application without being safely checked which may be used by an attacker to upload a malicious
This prevents unauthorized access, modification, or disclosure of system data. The chance of fraud, or embellishment is reduced by limiting access to non-conflicting job duties, e.g. individuals who set up approved vendors cannot initiate purchasing transactions, and individuals who have access to claims processing should not be able to set up or amend a policy
The word integrity comes from the Latin word ‘integritas’, meaning wholeness, coherence, rightness, or purity.
... these concerns. The next issue of focus is on information system security because it is one of the most pressing challenges confronting all present day organizations. Information system security is very critical to the success of business operations. It is essential for us to find effective ways to maintain secure information, avoiding unauthorized access, preventing intrusions, and stopping secret information disclosure.
Privacy does not have a single definition and it is a concept that is not easily defined. Information privacy is an individual's claim to control the terms under which personal information is acquired, disclosed, and used [9]. In the context of privacy, personal information includes any information relating to or traceable to an individual person [ 1]. Privacy can be defined as a fundamental human right; thus, privacy protection which involves the establishment of rules governing the collection and handling of personal data can be seen as a boundary line as how far society can intrude into a person's affairs.
The concept of privacy is often used interchangeably when discussing confidentiality. Privacy is a right to not be bothered. The difference between the two is that privacy is being respectful of an individual and confidentiality is being respectful of that individual’s personal information. There are times when there
Security helps the organization meet its business objectives or mission by protecting its physical and financial resources, reputation, legal position, employees, and other tangible and intangible assets through the selection and application of appropriate safeguards. Businesses should establish roles and responsibilities of all personnel and staff members. However, a Chief Information Officer should be appointed to direct an organization’s day to day management of information assets. Supporting roles are performed by the service providers and include systems operations, whose personnel design and operate the computer systems. Each team member must be held accountable in ensuring all of the rules and policies are being followed, as well as, understanding their roles, responsibilities and functions. Organizations information processing systems are vulnerable to many threats that can inflict various types of damage that can result in significant losses (Harris, 2014). Losses can come from actions from trusted employees that defraud the system, outside hackers, or from careless data entry. The major threat to information protection is error and omissions that data entry personnel, users, system operators and programmers make. To better protect business information resources, organizations should conduct a risk analysis to see what
There are Different meanings applied to integrity, the most common meaning refer to integrity as consistency (brown 2005:5)
The first category is private communications. This includes all forms of communication between 2 or more people, who want to keep the conversation private. Often businesses will read emails from workers to ensure employees are staying on task and doing their jobs, but the majority of emails are meant to be kept private. When a company does this they invade the privacy of both the sender and receiver of the email. The next category is privacy of the body, which usually involves medical information. This means that a person has the right to know about the illness they have, they also have to right to keep their medical information private. Another category is privacy of personal information. This refers to information about a specific person, for example details like their name, address, and financial information, which they wish to keep private. Bank records are a good example of this, because for each member or client the bank has all of their financial information and also personal information stored on information technology. Another example of the impact technology has on privacy is the monitoring of people in the workplace. Businesses try to justify the use of “electronic eyes” by saying they use it to increase productivity, however this is a problem because it threatens worker’s privacy. The last category for private information is information about one's possessions, which is related to property rights. “According
Despite the increasing competition in the internet sphere, LinkedIn has been performing since its establishment in 2003. LinkedIn is always going to have the benefit of being pioneer in launching a website that targeted the specific niche of professionals for networking and recruiting. As of March 2012, LinkedIn was declared as the largest professional network on the internet with revenue of $522.2 million in 2011. By 2012, the website has more than 150 million members in over 200 countries. The success of LinkedIn can be determined from the fact that it is the first major U.S. social networking company that completed its initial public offering in 2011 by raising an aggregate of $270.2 million for general corporate purposes and working capital (Our Social Times, 2012).
Computers; they are a part of or in millions of homes; they are an intricate part of just about every if not all successful businesses, the government, and the military. Computers have become common place in today’s society and the lives of the people who live in it. They have crossed every national, racial, cultural, educational, and financial barrier, which consequently ushered in the information age. A computer is a programmable electronic device that can store, retrieve and process data, and they come in all shapes, and sizes. They can be used for and in just about anything. As stated before, they are used in just about every aspect of modern society. They are so fundamental to modern society that it would be disastrous to society without them. As stated before, there are many areas in modern society that are run by computers. They play an intricate part of millions of homes in the world. Office workers in business, government and the military may use them to write letters, keep rosters, create budgets, find information, manage projects, communicate with workers, and so on. They are used in education, medicine, music, law enforcement, and unfortunately crime. Because computers have become such a part of the world and how it operates, there is a tremendous responsibility for those who are in control of these computers and the vital information that they carry, to manage and protect them properly. This is management and protection is vital because any loss or damage could be disastrous for the affected entity. For example, a mistake or intentional alteration of a personal credit file could affect ones ability to buy a car or home, or can lead to legal actions against the affected person until the mistake or intentional alteration has been corrected. Therefore, with the advent of computers in the information age, and all of the intentional and unintentional violations against them, comes the need to safeguard them and the information they carry with strong systems and policies of computer security.
Authenticity does not come from hiding behind a fake persona or masking your true identity. Instead, authenticity stems from being genuine and true to yourself. Authenticity was not always one of my core values. It wasn’t until my senior year of high school that I was truly able to embrace my authentic self. Up until this time, I would pretend to be someone that I was not in order to feel “cool” or “popular”.
Lastly is an insider threat. Insider threats is attacks on computer by outsider (crackers) are more publicized, attacks perpetrated by insiders are very common and often more damaging. Even with the stronger technology safeguard in place, information systems still suffer a lot of damage. The main reason for this threat it is that the security measures cater only for external threat and none can be used to catch the most dangerous threat, but trusted insider
Information security refers to “the process and methodologies that are designed and implemented to protect print, electronic, or any other form of confidential, private and sensitive information or data from unauthorized access, use, misuse, disclosure, destruction, modification, or disruption” (SANS Institute, n.d.). Information security programs are important in maintaining confidentiality, integrity, and availability (figure 1 page X). For example, a Trojan horse was planted on your system and result in the loss of customers’ personal and financial information. This failure to protect data will result in a loss, legal liability, and goodwill. In this scenario, both confidentiality and
Security is a required building block for privacy to exist and security involves technology to ensure that information is properly protected. Privacy involves mechanisms to support compliance with some basic principles and other explicitly stated policies.
Integrity has been defined as “Moral soundness; honesty; freedom from corrupting influence or motive” by a good friend of mine and college graduate. The dictionary describes it as “Unimpaired, unadulterated, or genuine state; entire correspondence with an original condition; purity.” I enjoy Peter’s definition more then the official definition, however, the “genuine state” part of the dictionary definition is also really good.