Bye Bye Facebook

Posted: December 15th, 2014 | Author: | Filed under: personal, privacy | Tags: , , , , , , , | 1 Comment »

I will close my Facebook account for good on the 31st of December 2014. It is no secret that Facebook is bad for your personal information and ultimately leads to security problems (shameless promo of my own research e.g. 1,2,3). Originally I intended to close my account once I am done with my PhD. One year later it is finally time to say bye bye Facebook.

Some advice on saving your Facebook data before you close your account:

See you guys offline!
markus

*SNOOB might stop working soon, once Facebook rolls out the Graph 2.0 API.

Social Snapshot Pilot survey

Posted: January 19th, 2012 | Author: | Filed under: random | Tags: , , , , , , , , | No Comments »

Securely download a copy of your Facebook account:

  • Account data (JSON + Gephi Files)
  • All tagged pictures

It only takes two clicks:
http://is.gd/snapshotsurvey


Social Snapshots and Gephi

Posted: September 23rd, 2011 | Author: | Filed under: personal, random, research, security | Tags: , , , , , , , , , , | No Comments »

We will present a new tool to extract the complete account information from social networks, like Facebook, at this years’ ACSAC.
More information on the social snapshot project are also available here:  Social Snapshots: Digital Forensics for Online Social Networks
Currently I am looking for ways to visualize extracted data from Facebook. Gephi is a graph visualization tool that looks very promising for creating fancy graphs. Below are two graphs I created with Gephi on my Facebook data (extracted with a social snapshot of my account).

Download Gephi examples on my FB account data (pdf)

The first graph outlines how my Facebook Friends are connected with each other – the bigger the Graph nodes – the more connected is a given friend with other FB friends of mine. The second graph outlines who tags whom the most – on pictures amongst my FB friends.


Google+ and Diaspora: Secure Connection (HTTPS) per default

Posted: July 19th, 2011 | Author: | Filed under: random, security | Tags: , , , , , | No Comments »

I recently got invited to Google+ and had a curious first look. Google+ seems to be enforcing HTTPS on all pages. Given the current Facebook security issue with HTTPS this is good news. Also had a look at diaspora*, which has some active development. First public community supported diaspora* pods, such as diasp.org or diasp.eu also seem to enforce HTTPS on all pages.

Bottomline

Regarding network security, there are now two good alternatives to Facebook:

https://plus.google.com/ (Open to everyone)

https://joindiaspora.com/ (Open to everyone)


Enable HTTPS on Facebook!

Posted: June 7th, 2011 | Author: | Filed under: fitm, personal, random, security | Tags: , , , , , , , , , , , , , , , | No Comments »

A couple of month passed since Facebook introduced full SSL support. This optional feature lets you browse Facebook via a secure connection (https) whenever possible. Facebook via https is now available to all users and why are so few people using it? I suppose because the option is disabled per default. -> Enable this option!

SOPHOS How-To enable the Facebook HTTPS option.
They also provide a video How-To:

Using Facebook without a secure communication puts your account data at high risk. First Firesheep and now Faceniff offer script-kiddie tools to hijack Facebook accounts over wireless. Research we conducted shows that unencrypted Facebook sessions are low-hanging fruits for large scale spam attacks. We published our first findings in 2010 (technical report), a revised version has been published in the current issue of IEEE’s Internet Computing.

Friend-in-the-middle (FiTM) attacks

In our article we present friend-in-the-middle attacks that extract social networking data in an automated fashion. The harvesting of data is possible because people do not use a secure connection with Facebook. We show that the extracted social data can be exploited for large-scale context-aware spam and social-phishing attacks. Our attack simulations on Facebook showed that an attacker could easily spam a high number of users with context-aware spam (e.g. spam that appears to be coming from a friend) in a short period of time (Over 300,000 spammed users with 4,000 uncrypted Facebook sessions we observed over two weeks).

Download the preprint: FITM_InternetComputing_preprint.pdf

More information on Friend-in-the-Middle Attacks can be also found here: http://www.sba-research.org/2011/02/02/ieee-internet-computing-special-issue-on-security-and-privacy-in-social-networks/
http://fitm.nysos.net