2.

Security flaws and attacks in the Social Media

1) Identify the potential flaws / assumption flaws in the selected social media.
Facebook is a target for potential flaws. Facebook can reveal or expose personal data of a user to
another user. A user profile in Facebook can include personal data such as name, phone number,
address and images. Hackers may use Facebook application programming interface (API) to
identify users profile or account information without decrypt the ID. With a phone number of a
profile in Facebook, hackers can steal user personal information.
Cross-site scripting, click jacking, surveycams are scams on Facebook. Most used scams
attack was cross-site scripting or could be said as Self-XSS. Example, Why are you tagged in
this photo/ video? and placing a sexual video link which will bring to a webpage that tries to cut
and paste a malicious JavaScript code into your browsers address bar. Self-XSS is attack which
run hidden or obfuscated JavaScript on a user computer allowing for installation of malware
without users knowledge.
Clickjacking or like jacking which known as UI redressing are some the malware attacks in
Facebook. Clickjacking is a way of tricking web user to click something different from what user
recognize they are clicking on. This could reveal personal or confidential information of a user.
The Clickjacking method would be like Advertisement. Without users knowledge clickjacking
takes the embed code or script. Scammers use attract user intentions with messages like The
World Funniest Condom Commercial LOL. This could create it is a video posted or watched or
like by you and the link shared and spread throughout your friends.

Example of attacks :

The scam messages use user name claiming that they watched the video or watched the video.
The phrases in the attack used:

YO [name] why are you tagged in this video

WTF!! [name] why are you tagged in this video
hey [name] i cant believe youre tagged in this video
hey [name] you look so stupid in this video
omg! [name] why are you tagged in this vid
OMG [name] why are you in this video
OMG [name] you should untag yourself in this video

Each link could create random number views or likes. If user accidentally click the link it will
take to a new webpage.
Facebook new security feature has protection attack against scam and spam but it is still
ineffective. Other than Facebook, even Google try to against malicious attack. Google removed

more than 100 applications from Android market which could have malicious software. Malware
was create to hack users information to third party, destroy user data or impersonate the device
owner.

References
Anon., 2015. Facebook hack: Security flaw allows hackers to harvest personal data
using only a phone number. [Online]
Available at: http://www.cityam.com/221907/facebook-hack-security-flaw-allowshackers-harvest-personal-data-using-only-phone-number
[Accessed 15 10 2015].
Anon., 2015. Facebook Responds To Security Vulnerability That May Leave Your
Phone Number Exposed. [Online]
Available at: http://www.ibtimes.com/facebook-responds-security-vulnerability-mayleave-your-phone-number-exposed-2048198
Anon., n.d. Georgia Tech Finds 11 Security Flaws in Popular Internet Browsers Using
New Analysis Method. [Online]
Available at: http://www.cc.gatech.edu/news/434021/georgia-tech-finds-11-securityflaws-popular-internet-browsers-using-new-analysis-method
Anon., n.d. Privacy concerns with social networking services. [Online]
Available at:
https://en.wikipedia.org/wiki/Privacy_concerns_with_social_networking_services#Sex
ual_predators

Anon., n.d. Social Networking Security Threats. [Online]

Available at: https://www.sophos.com/en-us/security-news-trends/securitytrends/social-networking-security-threats/facebook.aspx
Anon., n.d. Why are you tagged in this video? It's a viral Facebook scam. [Online]
Available at: https://nakedsecurity.sophos.com/2011/05/16/why-are-you-tagged-inthis-video-its-a-viral-facebook-scam/