Identify Risk, Threats, and Vulnerabilities
Some risks that I have identified are social engineering techniques due to the excessive trust given to messages coming from friends, contacts or followed people within the OSN(Online-Social Network) identity theft and information leaking furthermore, spam sending and malware distribution through Social Networks are increasing at an incredible pace. They are not the only threats. Within the World Wide Web, social network is becoming the favorite target for cybercriminals. This Attention requires an intensive focusing of web security efforts and money the most significant threats along with the common vulnerabilities exploited. Sensitive attribute inference through machine learning algorithms it is possible to infer sensitive data from one user. Collecting data from user’s contacts and experimented attacker can predict some not explicit data. For example, if all the friends of one user belong to one political party, it is safe to predict that the user has the same political tendencies. Excessive exposition of private data inadequate privacy configuration settings may lead to publishing sensitive information.
Some of the threats are private data management is a key feature that I have found inside of social networks. Digital dossier building- Everyone can collect published information through different OSN about one user and extract a complete dossier about it, Secondary Data Collection users may grant the platform secondary information (such as IP address, contacts list, messages or visited pages) Re-identification in spite of using fake data to register on a Social Network it is feasible to associate users shared data (such as text, photos, and video’s) with real names or e-mail directions.
Vulnerabilities associated with OSN it is difficulty to completely remove all user information when deleting an account. When users try to leave a Social Network, license agreement clauses appear rights that are transferred to the platform when the content is uploaded. Thus if one would like to remove there uploaded material, it would find that the only way to do so is by deleting the videos or photos one by one manually another vulnerability would be weak authentication method on the internet are one of the most important vulnerabilities that web environments have nowadays.
The combination of user-name and password is commonly misused by the user who seeks easy-to-remember login details (such as short user-name and passwords, passwords with no combination of numbers and letters same username and password for several domains) another vulnerability is non-validation of users data during registration process. Most of the OSN do not use a validation process during new user’s registration. Unfortunately, just checking a valid email address, the preferred validation requirements, is not an adequate method, which leads to proliferation of fake populating the network.
In conclusion On-line social networks represent one of the last and most important internet services most of the enterprises hesitate to integrate OSN into their business model, this new phenomenon cannot be ignored, but neither can be adopted without knowing the risks account when attempting to protect users and systems. I have identified the risk, the threats that compromise them and noted the vulnerabilities exploited by those threats.