Information Leakage through Social Networking Websites leads to Lack of Privacy and Identity Theft Security Issues

Ramesh Bandaru¹ , Rao S Basavala²

Section:Research Paper, Product Type: Isroset-Journal
Vol.1 , Issue.3 , pp.1-7, May-2013

Online published on Jul 07, 2013

Copyright © Ramesh Bandaru , Rao S Basavala . This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
 

View this paper at   Google Scholar | DPI Digital Library

XML View     PDF Download

How to Cite this Paper

Abstract :
Social Networking Websites (SNW) such as Facebook, Orkut and Twitter etc., have gained more attractiveness in recent days. Because of its large number of usage, and large amount of information, they become a potential network for malicious users or attackers to exploit. Most of the social networking websites try to prevent those exploitations, but many malicious users or attackers are still able to overcome those security countermeasures by using different prevention techniques. Social network website end users may not be aware of such potential threats. Unfortunately, social networking is also common with their own security and privacy policy issues which stance a challenge for organizations trying to balance the benefits of social networking with the risks and it can pose to network and data security. Therefore, this paper will present a different privacy and security issues in online social network websites. The SNW issues include privacy issues, identity theft or personal information leakage, social networks spam and physical threats.

Key-Words / Index Term :
Social Network Website Privacy Issues, Social Network Website Security Issues, Social Network Threats, Identity Theft, Social Network Spam, Social Network Malware, Facebook And Twitter Security Issues

References :
ENISA: Enisa position paper no.1, security issues and recommendations for online social networks http://www.enisa.europa.eu/doc/pdf/deliverables/enisa_pp_social_networks.pdf.
[2] IETF,RFC2109: HTTP State Management Mechanis
http://www.ietf.org/rfc/rfc2109.txt
[3] Gross, R., Acquisti, A., Heinz III, H.: Information revelation and privacy in online social networks. In: Proceedings of the 2005 ACM workshop on Privacy in the electronic society, ACM Press New York, NY, USA (2005) 71-80
[4] The Open Web Application Security Project,Cross Site.Scriptinghttp://www.owasp.org/asac/input_validation/css.shtml
[5] Ahn, Y., Han, S., Kwak, H., Moon, S., Jeong, H.: Analysis of topological characteristics of huge online social networking services. In: Proceedings of the 16th international conference on World Wide Web, ACM Press New York, NY, 835-844
[6] Mislove, A., Marcon, M., Gummadi, K., Druschel, P., Bhattacharjee, B.: Measurement and analysis of online social networks. In: Proceedings of the 7th ACM SIGCOMM conference on Internet measurement, ACM New York, NY, USA, 29-42
[7] The Open Web Application Security Project, Session Hijacking.
http://www.owasp.org/asac/authsession/hijack.shtml
[8] David Endler, »Brute-Force Exploitation of Web Application Session ID.
http://online.securityfocus.com/data/library/SessionIDs.pdf
[9] Kumar, R., Novak, J., Tomkins, A.: Structure and evolution of online social networks. In: Proceedings of the 12th ACM SIGKDD international conference on Knowledge discovery and data mining, ACM Press New York, NY, USA. 611-617
[10] O¡¦Murchu, I., Breslin, J., Decker, S.: Online social and business networking communities. In: Proceedings of ECAI 2004 Workshop on Application of Semantic Web Technologies to Web Communities.
[11] Boyd, D.: Friendster and publicly articulated social networks. Conference on Human Factors and Computing Systems (CHI 2004), Vienna, Austria, April . 24-29
[12] Acquisti, A.: Privacy in electronic commerce and the economics of immediate gratification. In: Proceedings of the 5th ACM conference on Electronic commerce, ACM Press New York, NY, USA. 21-29
[13] Jourard, S., Lasakow, P.: Some factors in self-disclosure. Journal of Abnormal and Social Psychology 56(1) 91-98
[14] Ajzen, I. (1991). The Theory of Planned Behaviour. Organisational Behaviour and Human Decision Process, 50(2), 179-211.
[15] Joinson, A.N., Paine (Schofield), C. Oxford Handbook of Internet Psychology. In: Self-Disclosure, Privacy and the Internet. Oxford University Press 237-252
[16] Farmer, R.: Instant messaging-collaborative tool or educator's nightmare. In: The North American Web-based Learning Conference.
[17] Judge, P., Alperovitch, D., Yang, W.: Understanding and reversing the profit model of spam. In: Workshop on Economics of Information Security.
[18] Bulgurcu, B., Cavusoglu, H., & Benbasat, I. (2010). Information Security Policy Compliance: An Empirical Study of Rationality-based Beliefs and Information Security Awareness. MIS Quarterly, 34(3), 523-548.
[19] Oscar, P., VWANI, R.: Personal Email Networks: An Effective Anti-Spam Tool. IEEE Computer 38(4) 61-68
[20] Carvalho, V., Balasubramanyan, R., & Cohen, W. (2009). Information Leaks and Suggestions: A Case Study using
Mozilla Thunderbird. Paper presented at the CEAS 2009 - Sixth Conference on Email and Anti-Spam.
[21] Seigneur, J., Dimmock, N., Bryce, C., Jensen, C.: Combating spam with TEA (trustworthy email addresses). In: Proceedings of the Second Annual Conference on Privacy, Security and Trust (PST¡¦04). 47-58

[22] Garcia, F., Hoepman, J., van Nieuwenhuizen, J.: Spam Filter Analysis. In: Proceedings of 19th IFIP International Information Security Conference, WCC2004-SEC, Kluwer Academic Publishers.
[23] Facebook. (2010). Facebook Statistics.
Retrieved 14 Sept 2010, from http://www.facebook.com/press/info.php?statistics.
[24] Zhang, Y., Egelman, S., Cranor, L., Hong, J.: Phinding phish: Evaluating anti-phishing tools. In: Proceedings of the 14th Annual Network and Distributed System Security Symposium.
[25] Microsoft.com: Recognize phishing scams and fraudulent emails.
http://www.microsoft.com/athome/security/email/phishing.mspx.
[26] PayPal: Phishing guide part 2 https://www.paypal.com/us/cgi-bin/webscr?cmd=xpt/cps/securitycenter/general/RecognizePhishing-outside.
[27] Wu, M., Miller, R., Garfinkel, S.: Do security toolbars actually prevent phishing attacks? In: Proceedings of the SIGCHI conference on Human Factors in computing systems, ACM Press New York, NY, USA. 601-610