Monday, December 10, 2018

All about Facebook data breach

Privacy Issues of Facebook

In this 2018 Facebook (FB) received severe criticism due to its major data breach occurred. The company’s chief Mark Zuckerberg was asked to testify before the U.S. Congress about a major data breach or leak of private user information. For this even Mark admitted the company made mistakes that led to private data being shared with a third party firm, a British research company. 

In their own post FB have clearly stated that, the attackers or hackers controlled a set of accounts with access to many personal identifiable information (PII) data.

They used an programmed technique to visit from account to account so they could steal the access tokens of those friends, and for friends of those friends, and so on to multiple profiles. As of total they were able to steal information about 400,000 people. In this process, however, this technique automatically loaded those accounts FB profiles, mirroring what these 400,000 people would have seen when looking at their own profiles. Such as using a “View As” button sometimes we use.

That includes posts on their timelines, their lists of friends, Groups they are members of, and the names of recent Messenger conversations. Although message content was not available to the attackers, with one exception. If a person in this group was a page admin whose Page had received a message from someone on Facebook, the content of that message was available to the attackers.

The attackers used a segment of these 400,000 people’s lists of friends to steal access tokens for about 30 million people. For 15 million people, attackers accessed two sets of information including name and contact details (phone number, email, or both, depending on what people had on their profiles). 

For 14 million people, the attackers accessed the same two sets of information, as well as other information user had in their profiles. This included username, gender, language, relationship status, religion, hometown, self-reported current city, birth date, device types used to access FB, education, work, the last 10 places they checked into or were tagged in, website, people or Pages they follow, and the 15 most recent searches. 

The breach comes as FB has been  struggling to crack down on data misuse and privacy issues on its platform, particularly since the Cambridge Analytica scandal that broke out in March.

However, that vulnerability was fixed by FB later. 

Other things to know:

Access Token: Access Token are used in a token based authentication to allow an application to access an API. It is a string that identifies a user, app or page. 

API: Application Programming Interfaces (API) give operators the opportunity to customize their application and where two application can talk to each other (integrate). Every time we are using applications such as Facebook and send messages using messenger, we are using API. 

PII: Personal Identifiable Information are the information by which a person can be identified or contacted such as name, address, date of birth, Vehicle number, Full face photo, Biometric data, Account number, Social security number, Aadhaar Number, mobile number etc. 

-DR 


at No comments:

Saturday, December 1, 2018

NIST Cyber Security Framework

NIST Cyber Security Framework for Critical Infrastructure


Cyber Security threats exploit the increased complexity and connectivity of critical infrastructure systems, which is turning the Nation’s security, economy, and public safety and health at risk.


NIST Cyber Security Framework V1.1 published on April 2018 is a flexible, risk based approach and is designed to manage Cyber security Risk in organizations. 

The framework basically consists of five functions as mentioned below:

Identify

Develop an organizational understanding to manage cyber security risk to system, people, assets, data and capabilities.

Example:

Asset Management, Risk Assessment, Risk Management, Governance

Protect

Develop and implement appropriate safeguards to ensure delivery of critical services.

Example:

Identity Management and Access Control, awareness and training, Data Security practices, Maintenance etc.

Detect

Develop and implement appropriate activities to identify the occurrence of a Cyber Security event. The Detect Function enables timely discovery of Cyber Security events.

Example:

Anomalies and Events, Security Continuous Monitoring  and Detection Processes.

Respond

Develop and implement appropriate activities to take action regarding a detected Cyber Security incident.

Example:

Response Planning, Communications, Analysis,  Mitigation and Improvements.

Recover

Develop and implement appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a Cyber Security incident.

Example:

Recovery Planning, Improvements and Communications.

 

How to Use the Framework

An organization can use the Framework as a key part of its systematic process for identifying, assessing, and managing Cyber Security risk. The Framework is not designed to replace existing processes; an organization can use its current process and overlay it onto the Framework to determine gaps in its current Cyber Security risk approach and develop a roadmap to improvement. Using the Framework as a Cyber Security risk management tool, an organization can determine activities that are most important to critical service delivery and prioritize expenditures to maximize the impact of the investment.

The Framework is designed to complement existing business and Cyber Security operations. It can serve as the foundation for a new Cyber Security program or a mechanism for improving an existing program. The Framework provides a means of expressing Cyber Security requirements to business partners and customers and can help identify gaps in an organization’s Cyber Security practices.

Below are basic steps to improvise the Cyber Security and Implement the framework across organization.

Step 1: Prioritize and Scope

Step 2: Orient

Step 3: Create a Current Profile

Step 4: Conduct a Risk Assessment

Step 5: Create a Target Profile

Step 6: Determine, Analyze, and Prioritize Gaps

Step 7: Implement Action Plan

Below is a framework core just highlighted for reference. To understand it more easily, each component of the Framework Core is given a unique identifier such as ID.AM, PR.AC etc.


(Image made from Source: NIST CSF document)

For more detailed overview of above implementation steps you can refer to the Framework document. I have just summarized the information in single page. Please visit to NIST site for more details. 

The Publication is available online freely at below mentioned site.

Reference:

https://doi.org/10.6028/NIST.CSWP.04162018


Thanks

-DR


 







at No comments:
Subscribe to: Posts (Atom)

Network Scanning Tools

Network Scanning through Nmap and Nessus Network scanning is a process used to troubleshoot active devices on a network for vulnerabilities....

  • Basics of Ethernet
    Ethernet   Ethernet is the Media access method in a network where all the device or hosts , that share data or share the bandwidth in betw...
  • Telecom | STM-1/4/16 SDH Multiplexer- Part 2
    STM-1/4/16 SDH Multiplexer In my older post I have covered the basic STM and STM-1. STM1 is a synchronous digital hierarchy (SDH) is standar...
  • Basics of Switching | Switches- part 2
    Basics of Switching Switching is a basic function of networking. Switching breaks up large collision domains in to smaller ones. A Swit...