Always wanted to learn about exploits but didn't know which course to...
by Giovanni Cerrato
Lead: In this article you can see some techniques to secure your data in social media. In particular we will analyze the tools provided by Facebook to protect your account and the data contained.
What you will learn…
Some practices to protect your personal information
What is otp (one time password) and how you can use it with Facebook
What is “multifactor authentication” and how you can use it with Facebook
What you should know…
Use of Facebook
Social media has a strong influence on daily life. Although it has considerably facilitated the exchange of information and communication, it has created some issues such as privacy and security of personal information. Many social media users don’t understand that social media can expose personal information if the user doesn’t take the right precautions. The stolen data can be used for various purposes including simple commercial use, criminal purposes and identity theft. It is also important to consider that now most companies manage their public image and advertisements using social networks. In this case an identity theft would damage a company’s reputation and result in significant financial losses.
In this article we are going to show some techniques to limit and protect data access in social media. We will focus on the most prominent social media Facebook. Many people don’t know that Facebook provides some very useful tools to protect our data. In fact some provided solutions are also used in online banking and reflect the guidelines employed by important figures in web security such as OWASP.
We will demonstrate how to protect an account instead of simply personal information. It is important to consider that access to an account allows access to the personal information contained.
Most of following techniques are hosted in the security section of our Facebook profile which can be reached by clicking on “Settings” in the drop-down menu in the top right corner. In the figure below we can see all the functions that may be modified with a short description attached.
The first suggestion, which is often overlooked, is to activate the use of https protocol. This prevents potential hackers from tracking the data exchanged in a Facebook session. Fig 1 shows how to modify the “ Secure browsing” section to allow Https protocol. The section can be reached through these steps:
Settings -> Security -> Security -> Edit the Secure Browsing -> Save changes
If this function is not enabled, every sniffing software, like the most famous Wireshark, will be able to easily access the network traffic, which contains the username and password to a social networking account.
Enable secure browsing
Often we need to access Facebook in public places and in workstations to which other people have access. In this situation it is recommended to use the “secure browsing ” option. It is a function provided by every Internet surfing software to avoid data memorization such as cookies, password, email,login, and cache which do not allow other users to access information.
Enable login notifications
If we suspect that somebody improperly uses our social media credentials, Facebook provides the option to receive a message when someone accesses our account. This feature is called “login notifications”. We can choose to receive this alert via e-mail, text message, or both. The steps to activate this feature are:
Settings -> Security tab -> Edit “Login notifications”
Included in this alert are details about the operating system, IP address and browser used to access the Facebook account.
Control active sessions
Social networks also supply important information through the “active session” function. An active session is any session in which a personal account is used. During each session, a series of information is recorded including device and/or browser used, IP address and estimated position. Because the location is not often precise, the most useful information is the device/browser used and the time of access. This information can be used to alert us of possible hacking. To view active sessions, go to:
Settings -> Security tab -> Edit “Where You’re Logged In”
Below there are my results.
The full article would be published soon in Hakin9 Magazine.
About the author
Giovanni Cerrato has master’s degree in Computer Engineering and he has always had a passion for computer security issues. The thesis works were great opportunities to research them. Particularly, the bachelor’s thesis concerned the design and development of a secure web application in accordance with the OWASP directives, while the master’s thesis was an experimental work, part of a Google-financed project, concerning censorship detection techniques on the internet focusing on the TOR network. Giovanni works as penetration tester and malware analyst.