Академический Документы
Профессиональный Документы
Культура Документы
University of Plymouth
VIVEK GUPTA
ACKNOWLEDGEMENT
University of Plymouth
VIVEK GUPTA
INDEX
Chapter 1: Introduction ............................................................................................................... 2
1.1 Justification for the project:................................................................................................... 3
1.2 Aims and Objectives of the project ....................................................................................... 3
1.3 Thesis Structure ..................................................................................................................... 4
University of Plymouth
VIVEK GUPTA
28
31
University of Plymouth
VIVEK GUPTA
Chapter 7: Conclusions......................................................................................... .. 72
7.1 Inferences 73
7.2 Limitations.. 74
7.3 Future work.
75
References . 76
Appendix 1 .. 81
Appendix 2 83
Appendix 3 .. 85
University of Plymouth
VIVEK GUPTA
List of Figures
Figure
Description
7a
Game Board
7b
10
11
12
13
14
15
Respondents Gender
16
Respondents Profession
17
18
19
20
21
22
23
24
25
26
27
University of Plymouth
VIVEK GUPTA
28
29
30
31
32
33
34
35
36
37a
37b
List of tables
No
Description
University of Plymouth
VIVEK GUPTA
ABSTRACT
Tremendous increase has been noticed in the growth of social networking sites in which millions
of users take part and register their accounts. It is very easy to create a personal profile on the
social networking sites which mainly consists of the personal data. So it is important for each
and every user to keep their personal information hidden from other users on these social
networking sites. Users knowingly or unknowingly disclose their personal data on SNSs which
can be considered as Loss of Personal Data. All social networking sites give an option to their
users to enhance the level of privacy but due to lack of knowledge about it, the users do not
change their privacy settings after creating their account.
In this paper, I am presenting about the risks and privacy issues surrounding the social
networking sites so that the users are much more aware and get educated. It will also focus on
some of the awareness raising programs and some security tips which will help them in keeping
their profile safe. Many examples of incidents will be explained through which the users will get
more educated about the social networking sites. This publication also focuses on the risks of
social networking sites and tries to gain users attention by means of a scenario based game in an
interactive way through which the users get educated. The results that were produced by the
research was very encouraging showing that almost 83% users revealed that they were benefited
by the game and almost 85% users also said that they would never share their credentials with
anyone after playing the game.
University of Plymouth
VIVEK GUPTA
University of Plymouth
Page 1
VIVEK GUPTA
Chapter 1
Introduction
University of Plymouth
Page 2
VIVEK GUPTA
Page 3
VIVEK GUPTA
Exploring and understanding the privacy and security issues in social networking.
The problems that have been faced by the users on these social networking sites.
Review the past research techniques
Investigate the effectiveness of research done on these social networking sites.
The aim of this project is to raise security awareness of social networking users through a
fun and interactive game, and evaluate the success of such an effort.
The objectives of the project are as follows:
Analyze the level of security that has been adopted by the users on SNSs.
Analyze the security tips that have been provided by some of the bodies and calculate the
effectiveness of it on the users.
Create awareness among the users about the disadvantages of SNSs with the help of
different examples.
Also help the users by creating awareness about the social networking sites with the help
of a fun and an interactive game based on the security features.
1.3 Thesis Structure
Chapter 2: Literature review:
This chapter includes work done by previous authors in the field of SNS. It describes about the
background and in depth analysis of the work done by the past researchers which is followed by
a conclusion.
Chapter 3: Overview of SNSs:
This chapter gives an overview of Social networking sites, the threats related to the SNSs and
also the vulnerabilities to which the users are exposed when they log in to these social
networking sites. This section also includes the need for security to users when they get logged
into these social networking sites.
Chapter 4: Security Guidelines and User Awareness:
When it comes to security guidelines, whose responsibility is too aware the users whether the
governing body, the social networking sites or the users themselves? This is a very important
University of Plymouth
Page 4
VIVEK GUPTA
section which will be looked into depth and also security guidelines will be presented in this
chapter. Even after the awareness had been raised users do not feel it very important to make the
changes where arises another discussion on how users react to these awareness programs. This
will be justified with past surveys on social networking sites. This chapter will also give the
possible solution based on security.
Chapter 5: Research Methodology and Design of game:
This chapter gives you the overview of Flash with the help of which the game is developed. It
will include the different scenarios with the help of which awareness is being raised. It will also
explain the different methodology taken while developing the game. It will also discuss in brief
the design of the game.
Chapter 6: Analysis and Discussion:
There will be a set of questionnaire that will be passed on to the users playing the game. The user
will have to fill the same questionnaires before and after playing the game. An analysis will be
made based on the results of the questionnaires which will show the success of the game. It will
also be followed by a discussion based on the results.
Chapter 7: Conclusion:
The chapter ends with a conclusion in the end which will give a brief summary about the
perception of security and privacy issues which will be followed by a possible solution in short.
It will also include the future work that can be carried out.
University of Plymouth
Page 5
VIVEK GUPTA
Chapter 2
Overview of Social
Networking Sites
University of Plymouth
Page 6
VIVEK GUPTA
University of Plymouth
Page 7
VIVEK GUPTA
Fig 1: Launch of major social networking sites (Boyd and Elison, 2007)
University of Plymouth
Page 8
VIVEK GUPTA
University of Plymouth
Page 9
VIVEK GUPTA
Social networking sites are free to use and does not cost much to the company other than
some valuable time and to maintain the website (GFI, 2011).
The Downs:
Most of the organizations do not have a problem with the social networking site but the
major concern is the employee using SNS at their work station which are the weakest link
and cause major concerns.
Also the employees spend a considerable amount of time sitting on the SNSs which is a
big shame when factors like productivity and salaries come into picture.
Social browsing does not take enough bandwidth but the videos and links that have been
posted on the SNSs occupies a certain amount of bandwidth which is not desirable for
the organization.
Organizations often tend to overlook the problem of malware and a virus on the SNS
which is another concern is because now-a-days attackers are trying to launch attacks on
SNS (GFI, 2011).
2.2 Threats on social Networking Sites
As there has been a tremendous rise in the field of social networking, there has been an increase
in the number of threats that have been posted to the social networking sites. The users are
somewhere not aware of such threats on these social networking sites. So this section will clearly
explain the major threats that are attached to social networking sites and what and how the
attackers want from these social networking sites.
2.2.1 Needs of attackers
It has been seen that the threats posted on to the social networking sites are similar to one that
have been posted on the internet. The main purpose of the attackers is to spread malicious
contents and virus and also to obtain personal information such as username and passwords. This
can be explained with some common needs that the attackers are looking for.
2.2.1.1 Jokes
University of Plymouth
Page 10
VIVEK GUPTA
This is the most common attack that the attackers are always looking for on social networking
sites. There are some users who just like to play with other user by creating jokes and just show
that they are the most reputed or also satisfy them thinking that they are the best. Such type of
attacks will not really hamper the user but sometimes makes the user bored and also create
network congestion.
2.2.1.2 Have a control on others computers
The attackers are always looking to be on the top of the users by gaining control over their
computers which is very dangerous. After gaining control, these attackers can do whatever they
wish to do and the user has to face adverse effects. Such attackers combine all these accessed
computers and create a botnet which is used to target the users with a DDOS attack. It is been
said that the service providers are the biggest attacker on these social networking sites. They
have access to the entire users information, private or public. Also these service providers can
share such private information with big companies, used for government surveys and also
research groups (Beato et al., 2010).
2.2.1.3 Personal Identity
There are some social networking sites which provide the user with privacy settings which the
user can use so that they can keep their personal information private. But according to a survey it
has been found out that in spite of the privacy settings being provided; between 55% and 90% of
the users keep their default privacy settings which can be easily used by strangers to view
information (Claburn, 2009). So the users have to blame themselves for being attacked by the
attackers. Once the attacker gains personal information about the users, they can easily attack the
users and commit crimes.
2.2.1.4 Company Information
Social networking site such as LinkedIn consists of users who are business professionals which
mean that there is a lot of personal information which is being revealed on social networking
site. So it is very easy for the attackers to add such business professionals on social networking
site and gain personal information. After gaining some trust over the user, the business
University of Plymouth
Page 11
VIVEK GUPTA
information can easily be revealed by the users and the attackers can attack the companys
infrastructure and financial secrets.
2.2.1.5 Money related attacks
There have been number of attacks which are being carried out for different purposes but the
main concern in modern day is to gain access over the bank accounts and many more financial
driven. So this is the major concern for the users on the social networking sites and they should
be very aware of it.
University of Plymouth
Page 12
VIVEK GUPTA
Social networking site like Facebook refuses to review the applications before they are
put on the site. So it becomes easy for the spammers to trick the users and gain personal
information from them.
On social networking sites, users trust the post that has been updated by the friends
resulting in many applications such as who viewed your profile etc. So the spammers
only have to gain users trust and curiosity.
Also it is quite easy for the spammers to spread variety of spams on social networking
sites by making users add to a group or any other fan page (Walsh, 2011).
Page 13
VIVEK GUPTA
in with their credentials. Once the user entered their credentials, the attacker gained a hand on the
profile (Cole, 2010).
2.2.2.4 Malware
Attackers are always looking to target those ways which are very effective and the speed of
spreading is relatively high. So in order to spread viruses/ malwares, it is very easy for attackers
to make use of social networking sites because of the large audiences. These malwares can be
spread to the users on the SNS,s in a very effective manner and also to a unsuspicious audience.
There have been many examples of social networking sites where the attackers have taken
advantage to spread viruses like MySpace Trojan, Orkut worm and also the Secret crush
Facebook widget (Marshal, 2008). With so many users on the social networking sites, the
attackers always think that someone will be a victim. There would be an extra advantage for the
attackers if the user is accessing the PC from their work station. This is the case when the user
thinks that something is appearing from a friend and they tend to lower their defense.
University of Plymouth
Page 14
VIVEK GUPTA
Page 15
VIVEK GUPTA
used, so the users are much more suspicious when they look at such types of messages (Bilge
et.al, 2009).
It is also important to note that when you receive an e-mail with attachments, it is always
undergoes through a series of scanning and Bayesian filters so that all the unsolicited contents
are properly sorted out. So it is a bit of meaningless for the attackers to launch malicious
contents. But on the other hand it is found out that the social networking sites do not undergo any
sort of scanning which is the main advantage for the attackers to send malicious contents here
(Bilge et.al, 2009).
A major worm on Facebook called the Koobface infected many users systems. This type of
attack used to post with some link on the wall of the infected user or to all of the friends stating
that Check out the funny video. The link contained all the funny photos and videos (Yonts,
2011). When the user clicked on the link, they used to get a link opened in you tube which stated
that the plug in or the codec is missing and needs to be installed as shown in the figure. When the
users try to install it, it infects the users PC or the system.
Page 16
VIVEK GUPTA
Page 17
VIVEK GUPTA
such as painting, design etc. against a set of large number of databases. The main risk of this
technology is that it might just open up the location of users home which can lead to many other
attacks like blackmailing, theft and many other which can result in a great harm to the user
(Hogben, 2007).
Both, Face recognition and CBIR go hand in hand and can cause a wider and broader means of
threatening users. There is a link in between them which provides unforeseen inferences which
can be any sort of personal information (Hogben, 2007).
2.2.2.9 Complete Deletion of account is not possible
There are many users on social networking sites who try to upload sensitive photos and post
some comments and then after a particular time wants to delete their account. When they try to
do so, it is quite possible that they may end up deleting their account, but it is somewhat
impossible to delete the secondary information like commenting on somebodys post can never
be deleted (Hogben, 2007). So it is very important for the users to be active on the social
networking sites when uploading something.
There might be a number of risks even after the deletion of account (Hogben, 2007).
Comments which have been made will never be deleted which will result in Digital
Dossier effect.
Also the users will not have enough fundamental rights to access their own personal
information.
2.3 The need for educating social networking users about privacy
Internet has become a major means of connecting to new people for college students. As found,
Internet has grown very rapidly and so does the capability for interaction between users has
grown. Social networking sites are being used by these students on a regular basis which creates
a huge confusion in the minds of the user regarding what is private and what is not which leads
them to a very undesirable situation (Timm & Duven, 2008).
Privacy can be defined as something that the individual find it very important and would like to
keep it secret from the general public (Richard, 2007). Looking at all the views of issues of
University of Plymouth
Page 18
VIVEK GUPTA
privacy, there are mainly two considerations that often comes to mind which are the intent of the
information shared and also the expectation they have that the shred information will remain
private (Hodge, 2006). The user when shares a certain amount of personal information on the
social networking site, it might not be his/her intent to share the information with the rest of the
world but that is what actually happens (Meredith, 2006). In this way the privacy is also
hampered unknowingly which makes the user very sensitive.
The most popular social networking sites, Facebook and MySpace clearly states to its users
about the limitations of its SNS which cannot protect any shared information that has been
posted on its profile. So it is important for the user to know what they are trying to share on the
social networking site because the operators are not responsible for any third parties who reads
your post (Timm & Duven, 2008). It has also been revealed that Facebook will try its level best
to protect the post that has been posted on the site but does not guarantee users to protect it from
the unauthorized users reading it.
A survey revealed that 74% of users are aware of the term My Privacy and the rest 26% of
them are not aware. Out of the 74% of users 62% of users used the Privacy feature and the rest
38% did not use it which is a huge proportion of users. This concludes that these 38% of users
think that revealing their personal information and allowing unauthorized users to see it might
prove something benefit which is a real shame (Jones & Soltren, 2005). It showed that 91% of
users have never read the private policies which show that the users are really not much
bothered. Also the important thing to note is that 47% of users think that the social networking
site does not share your information in the market which totally contradicts because it can share
the information to companies for advertisement and other purposes (Jones & Soltren, 2005).
University of Plymouth
Page 19
VIVEK GUPTA
Chapter 3
Literature Review
University of Plymouth
Page 20
VIVEK GUPTA
3.1 Introduction
In the recent past years, social networking has had a tremendous rise. Users have started
accessing social networking sites to make online friends, making profits for organizations and
getting in touch with older friends etc. Basically these users are some where lacking the
knowledge of security and it is very important to make such users aware of the risks of social
networking sites which can harm them in a great effect. So this section I have tried to research on
some of the work done in the past to ensure that users are technically aware of the security that
needs to be followed while accessing such social networking sites. There are different ways to
aware users such as writing blogs, tutorials, interactive games etc. All such methods of raising
awareness will be explained in this chapter. Also an example of game which is been developed
by a student in the University of Plymouth called Security Pursuit.
Following this will be a background section which will explain about the social networking sites
and also the threats that are related to these social networking sites. In the analysis section, there
will a report on the past research carried out in the field and also how the game helped in
creating awareness among the users. Following this will be a critical analysis that will be done
on the game including what influence the game had on the users. Finally the conclusion will be
summarized stating the main and importance of the project.
3.2 Background
There are many social networking sites where in privacy and trust is the major concerns and the
users are not aware of it. So it is highly necessary for the users to know about the problems in the
social networking sites. The very first social networking site Friendster described hoe users
create their own profile with an intention that they can pass their information to others. As every
other different social networking site, Friendster creates a profile and allows users to send links
to others to connect to them. Supposing you have a friends profile which is causing you
embarrassed, what are the security measure that you can carry out. A user can surely changes her
or her profile but cannot help make changes in their friends profile. There were some crude
pictures that were posted on the profile which caused a huge concern for the teacher when her
University of Plymouth
Page 21
VIVEK GUPTA
students asked her to friend her. This incident raised concerns over the privacy issues and risks in
social networking sites (Dwyer et al, 2007).
Facebook is another popular social networking site which was a great focus on college and
universities. But due to the increasing demand of Facebook, it has now been used in high schools
and other organizations and starting to be a huge concern in social networking world. One of the
surveys reveals that Facebook reveals a lot of private information and are not aware of the
privacy options in the site or users who can view their profile which is again a very big question
mark in the world of social networking sites (Acquisti and Gross, 2006).
There are still millions of people who are joining social networking sites just to have an
interaction with different profile. Since there are many cases that have been updated by the social
media about the social networking site, the reputation of it has been diminished which brings
another privacy question mark to the networking sites (Dwyer et.al, 2007). When users join such
social networking sites where there are millions of people connected, is it very easy to trust all of
the users which is something unrealistic.
Due to the emergence of social networking sites, there have been great advantages as well as
disadvantages in handling these networking sites. Social networking has helped users in the field
of education, knowing people all around the world etc. But the major concern of social
networking sites is the security which is complacency on the part of users. Social Networking is
also done in individuals, but it is mainly followed online. The main dangers associated with the
networking sites are the virus and the thefts and also the individuals claiming to be someone but
they are some other individual (Salles, 2011).
It has been noted that the popularity of social networking sites have been exceptional. There are
number of users who are still joining social networking sites. MySpace was reported as the
highest membership leader among all the social networking sites but due to the emergence of
Facebook in 2004, it has been noted that there are nearly 100000 users everyday joining
Facebook (Cain, 2007). Facebook has been used by college students and nearly 80%-90% of the
US students are registered on Facebook and is the sixth most visited website out of all the social
networking sites. Also most of the users joining Facebook were of the age between 18-25 years
and the average visit per day was approximately 6 times (Cain, 2007).
University of Plymouth
Page 22
VIVEK GUPTA
After considering all the factors of social networking sites, the question arises that how the
operators of SNS create revenue from the customer value. This is the most important factor that
the users should know (Enders et.al, 2008). The table below shows some of the revenue methods
used by social networking sites.
3.3 Analysis
There are many threats to social network sites which are addressed in this report and the main
aim of this report is to provide countermeasures to these risks which would be very beneficial to
the users using these social networking sites. There have been a number of tests and surveys
which have been carried out in order to check out how many users are aware of posting personal
University of Plymouth
Page 23
VIVEK GUPTA
information on the internet. The other reason behind this was to check out whether the users are
updating the information required to make friendship or information such as year, month , DOB,
phone number, e-mail, occupation, education, location where you live etc. There have been many
cases which have led to many problems. A British man had killed his wife just because of a
reason that she had changed her relationship status from married to single on Facebook. The
European commission also warned the users stating that they might be risking their privacy on
Facebook and other social networking websites. The users are unaware of the fact that whatever
information they pass on the social networking sites could harm them in the near future (Nagy
and Pecho, 2009).
MySpace was attacked by a worm called Sammy and this created a danger in social network
sites. This worm used to find loopholes in the networking site and used to spread very fast.
Sammy, the worm did not actually looked into users information but it still did a lot of damage
on the operation of MySpace. Twitter was also attacked in the month of April 2009 by a worm
called Mikeyy. This worm used to modify the users pages by inputting any crap messages. Even
Mikeyy did not affect the users information same as Sammy. The most popular social
networking site Facebook was also attacked in May 2009 by a worm called Koobface. Koobface
used to flitch personal information like password from the users profile and later on it spread in
all social networking sites which became a bit serious and much harm were brought into
consideration. After all this disadvantages attackers were more focused on social networks
because they were able to know the drawbacks as well as finding it easy to launch attacks on the
social networking sites (Acquisti and Gross, 2006). Attackers can easily access to ones profile
and can gain information of corporation and commercial secrets.
A survey conducted by SOPHOS revealed that 62.8 percent of companies are concerned about
the fact that the employees reveal too much information on the social networking site and 66
percent of companies think that if employees continue to use social networking sites then it is
going to be a major disadvantage for the corporation (Luo et al, 2009). Cybercriminals have also
unnoticed the growing popularity on the social networking sites which have become a major
center for malwares and spams.
University of Plymouth
Page 24
VIVEK GUPTA
In order to create awareness among the users through a game, an analysis is being done on the
game called Security Pursuit. This game was developed for raising awareness of social
engineering. It is explained as shown in the figure:
University of Plymouth
Page 25
VIVEK GUPTA
Page 26
VIVEK GUPTA
users use the technology. In other words problem starts when, what, where etc. and the purpose
of technology where it is applied. Everyone knows that there is always a huge amount of debate
on any new technology innovation. In such a way even social networks have its pros and cons
depending on how the users use it. There are lot of privacy issues and concerns on the social
networking sites. If the users themselves learn about the privacy risks, then there will be hardly a
problem that could be identified on social networking sites.
There are some users who are not aware of such issues and they use social networking sites just
for fun sake. For such kind of users it is necessary to create awareness about the social
networking sites. There are many awareness programs that have been carried out and constantly
running in order to meet the security level. Hope this report will help users to understand the
concepts of social networking sites and educate users about the cons of it.
University of Plymouth
Page 27
VIVEK GUPTA
Chapter 4
Security Guidelines and
awareness
University of Plymouth
Page 28
VIVEK GUPTA
Page 29
VIVEK GUPTA
Most of the social networking sites allow users to customize their own privacy setting
which is very important because it allows the user the option of who can view their
profile and who cant. The users should not keep the default privacy settings which have
been provided to them by the social networking site. New settings are always added up,
so it is very important that the user should update it.
Limit work history details on LinkedIn:
It is not recommended that the user must provide their full resume online because it then
becomes very easy for attackers to access your personal information.
Dont trust, just verify:
The user should always be aware that the profile they are viewing is a fake account. If the
user thinks that this profile doesnt sound as same as his friends, it is always better to
verify from your friend whether it is his account.
Control comments:
It is often found out that some users leave their contents under someone elses name
which is very wrong. So it is better to contact the admin and ask them to remove the
impersonated comment.
Avoid accidentally sharing your personal detail:
Users have a tendency to update their location on social networking site which is very
wrong resulting in thefts and other calamities. Updating your location gives a clear
indication to the attacker that where exactly you are.
Search yourself:
It is always a good practice to Google yourself which will give you a result of where you
exactly stand, what information is viewed by others. Based on it, make your privacy
settings changed and hide your private information.
Dont violate your companys social networking policies:
University of Plymouth
Page 30
VIVEK GUPTA
It is always better not to comment on the companys reputation on social networking sites
because it gives a clear indication to the attackers about the companys profile which can
result in data loss and private information of the company.
Learn how sites can use your information:
Most of the social networking sites make money by advertising the users profile by
either selling to the market or to some other companies. So it is always recommended that
you should review the sites privacy policy and make the privacy settings that you can
control.
Create a smaller social network:
Bigger the networking site, larger the extent of the problem. So it is always better to
create a small network which will help users in being away from spam messages and loss
of personal identification.
4.1.2 Cyber security tip: Staying safe on social networking sites (US-CERT, 2011)
Always limit the amount of personal information that should be posted on the social
networking site.
You should never forget that internet is a public resource and once you have posted on
the internet, it cant be taken back.
When you chat with an unknown person on the social networking site, it should be noted
the amount of information that has been shared with him/her. So always be aware of
strangers.
The users should be quite aware of the fact that whatever information that has been
posted or read online is not always correct. So always be skeptical by verifying the
connection and then taking suitable action.
University of Plymouth
Page 31
VIVEK GUPTA
The most important thing is privacy. It is always recommended that the users should be
up to it and make their own privacy settings as in who can view their profile and many
other applications.
Always use strong passwords so that the attackers cannot guess it very easily. If an
attacker has an access to the password, then he/she can easily pretend to be you on the
social networking site.
It is always important that the web browser you are using is always up to date so that the
attacker cannot find the known vulnerability which is the main line of attack. Also the
softwares must be up to date.
Attackers always send spam messages and phishing attacks on social networking sites.
When the user click on the link, the viruses automatically generated into the users
system and can affect your system. So it is always recommended to update your antivirus.
4.1.3 National Cyber security Alliance: Social networking (Stay
Safe online, 2011)
Always learn the privacy settings on social networking site because it exists for a
particular reason.
You should always think twice before you post anything online on social networking site
because if it is once posted, it can never be deleted.
It has been found out that keeping your online reputation always keep your profile in
front of the recruiters.
It is also necessary to differentiate your most trustful friends from your online friends
(friends you add on social networking site) because all of them cannot be treated equally.
Keep your personal information up to your real friends.
University of Plymouth
Page 32
VIVEK GUPTA
If you have been harassed, bullied or threatened by someone on the social networking
site, always block them and report it to the site administrator.
Always make sure that you are comfortable what has been posted by your friend on the
social networking site. If you arent then it is advisable to talk to your friend and let him
know that you are not happy and vice-versa.
The table below shows the summary of all the three security guidelines which covers almost all
the important security Guidelines. It can be easily observed from the table the importance of all
the three security guidelines to help users to be safe on social networking sites.
Criteria
Microsoft
US-CERT
Stay Safe
X
much of information
Information
companys
Dont
violate
profile
information
Always use strong passwords
maintained
Always keep in mind that
once
posted,
cannot
be
deleted
Keep good online reputation
for recruiters
Table 1 : Summary of Security Guidelines
University of Plymouth
Page 33
VIVEK GUPTA
Page 34
VIVEK GUPTA
Another research carried out by the AVG conducted an interview which revealed many
important factors and threats that are hitting the social networking sites very hard. There were
250 students who were interviewed and the following results were found out (AVG, 2010):
55% of the users had faced phishing attacks.
There were 21% of users added people on social networking sites who they didnt
recognize.
52% of the users let their friends access social networking sites on their machine which
is a concern.
64% of them clicked on links shared in the community and 26% shared file within social
networking sites.
Also 47% of them were infected by malwares which was accompanied by 20% theft.
This results clearly shows that even some much of awareness going on around the
websites and other programs, there are many concerns which has to be sorted out by the
government bodies and by the users themselves.
University of Plymouth
Page 35
VIVEK GUPTA
Social networking sites have had a tremendous rise in the past few years. There are
debates on the advantages of social networking sites but on the other hand there have
been many questions that have been raised by the researchers about its issues. As we have
seen that there are n number of sites which have security awareness programs, security
guidelines and tips on how to be safe on social networking sites.
Even though there are many websites publishing information, it is important that this
information reach the users managing SNSs. Here comes the main role of the media on
how they make this awareness information available to the open world. It has been seen
that most of the websites are non-interactive and users do not want to spend their time
reading it (Newbould and Furnell, 2009). So it is important the information published is
very informative, interactive and at the same time very productive.
All the small issues related to social networking sites must be presented in a very good
manner to the outside world and they should always be updated. Mediums such as TV,
Internet and many other applications can be used to make users aware about the issues. A
fun and an interactive game (Newbould and Furnell, 2009) and comic strips can be very
useful to alert people.
The other effective way could be publishing the information in bold letters in the front
page of the newspaper and also in many other magazines. So the media is somewhere
responsible for creating a meaningful awareness among users.
In this part, I have tried to make my own set of awareness raising ideas which can be
really very beneficial to the users and also the government and other bodies who can
implement these ideas to raise awareness among the people. What I have tried to do is to
divide the users based on their age group and based on their age what would they enjoy
doing the most can be used as the medium which can be thought of raising awareness
among the people. School children will enjoy reading comics, watching cartoons and the
University of Plymouth
Page 36
VIVEK GUPTA
more aged people will love reading newspaper, magazines etc. Here is what I have done.
I have divided the age groups into three:
12-17 years are school going children
18-35 years are college students, employed people and
35+ years are mixtures of employed and old age users.
Cartoons: The government can try to develop an episode based cartoon which shows the
risks of social networking sites. But it is important that it should be very interactive and
the users must love watching it.
Blackboards / Notice Boards: There are number of users who lack the knowledge of
understanding some words like phishing, malware etc. (Sophos, 2011). So the school or
the institution can put synonyms of the words and make it simpler for the students. These
words can always be put on the notice boards, black boards and also made on charts and
put it on the walls. It can also be followed by entering a thought of the day at the top of
the black/white board.
Page 37
VIVEK GUPTA
SMS:
The government should take some power so as to send an awareness message to each and
every user daily. What they can also try to do is to also collect awareness programs going
on around and can message users to join those awareness programs for free if they wish
to. This can be a bit tedious but can aware users to a maximum extent.
Government Transport:
The government can use their facilities to a great extent by putting up posters and
drawings on the government transport like buses, trains etc. This can really aware those
users who are not even trying to read any books or magazines and news and can just look
at these posters while they are using the transport like buses and trains.
These ideas can be very helpful in reaching out each and every people and they get
educated via such awareness raising programs.
University of Plymouth
Page 38
VIVEK GUPTA
Chapter 5
Research Methodology &
Design of the game
University of Plymouth
Page 39
VIVEK GUPTA
5.1 Introduction
This chapter includes the research methodology and also the design of the game in which it is
constructed. The research methodology shows how the research is carried out explaining in a
very detailed manner. The design of the game includes the ways in which the game was actually
thought, how it was developed and also the way in which it needs to be played.
5.2 Research Methodology
The most important criteria and the aim were to develop an interactive game which could aware
users about the risks of social networking. It is very important that the message is passed on to
each and every user spending their time on social networking sites. The steps carried out for
research methodology are as follows:
Analyzing the common mistakes that users carry out on social networking sites which
lead them to security threats. Also analyzing what can happen if they commit such
mistakes.
Carrying out a research on previously developed work in the field of social networking
sites and then comparing which is the best method for awareness among the users. Also
justifying why the adopted method is the best.
Research on how the game should look like and create a rough outline on how it will
proceed which is necessary for any development. Flash CS3 is used to design and
develop the game.
After deciding the steps on how the game has to be developed, designing of the game will
take place which will have all the scenarios. To carry out the test and evaluation of the
game, a set of questionnaires will be developed.
These set of questionnaires will be answered by the users before and after playing the
game which can be easily compared and found out the success of the game.
The questionnaires will be provided to the users with a link before and after playing the
game and the responses will be collected.
The users will also be asked to provide a feedback for the game which will really help in
future development of the game.
University of Plymouth
Page 40
VIVEK GUPTA
Basically the research is carried out in three sections which contain the link for the survey. There
are three links which are provided to the users which they have to follow in order to complete the
survey. The section are divided are as follows;
Section 1:
This section is provided with the first link where in the users have to answer a set of
questionnaires in order to check the level of awareness they have. The questionnaires include
some participants details and an overview of security questions on passwords which the user has
to answer. The main aim of including participant details is find out whether the research has been
followed by males and females and also to check out the background to which they belong.
Section 2:
This section is provided with a link which on clicking by the user will appear with a game on the
screen. The users are provided with the rules and also the required time which will be needed to
complete the entire survey. If the user is quite happy, then he/she can click on the Proceed
button to start the game. It is clearly mentioned that users above 18 years of age can only
participate in the game. On clicking the start button, the game will start for the users.
Section 3:
Again this section is being provided with a link which the users have to answer the questions
after the game has been played. This set of questionnaires includes all the questions that are
related to the knowledge which they have gained from the game. They are also asked about the
justification of the game as in whether they have been beneficial playing the game.
The answers gathered from section 1 and section 3 will be compared to evaluate the success of
the game. The comparison will be discussed in the analysis section in the next chapter which will
be justified comparing with different survey results. The results for all the questions were
collected via survey site Survey Gizmo. All the answers from the survey will be explained with
demographics in the next chapter for better understanding and evaluation of the game.
University of Plymouth
Page 41
VIVEK GUPTA
University of Plymouth
Page 42
VIVEK GUPTA
5.4 Reasons for choosing the above scenarios for the game concept
It has been observed that there has been tremendous increase in the use of social networking sites
where the users are trying to create a vast network and especially adding strangers (Acquisti and
Gross, 2005). Privacy being one of the most important part of any social networking sites must
be customized by the users. So it is necessary to educate the users about privacy and also let
them know the different risks of social networking sites if privacy settings are not customized.
Most of the social networking sites provide the users with the privacy settings but it needs to be
changed when first started. The users must be educated about the different ways that they can be
safe on social networking sites and differentiating between public and private information. Also
there is always a risk that even the private information could be leaqued, hence the users must
think before posting any information on the social networking site (Kaspersky, 2011).
University of Plymouth
Page 43
VIVEK GUPTA
Also the scenario for sharing your passwords is important because the users tend to give it to
their friends and also other relatives which cause them trouble. It is important to pass some basic
information to the users just because they take it very lightly and share their passwords of social
networking sites. Cases like people calling over the phone stating themselves as the tech support
try to gain access to the social networking sites by asking their passwords to the users (SANS,
2011). So the users must be quite active to not reveal their passwords to anyone. In short the
scenario is a basic step for the users to let them know the consequences if they share their
password.
All the scenarios are quite different from the threats that have been mentioned in the earlier
chapters. But these are the basic threats and users must be educated about it at earlier stage.
When the user first logs on to the social networking site, the first things he/she needs to do is
customize their privacy settings and this research basically tries to educate the users the risks
associated with the following scenarios.
5.5 Design of the game
This section will give a brief summary on how the game was developed. First of all it was
necessary to understand the objective of the project and based on that the game is developed. To
develop any game, it is necessary to first think on the story line and also the characters and
environment i.e. the background. I first developed rough sketches of the characters and
environments and based on their respective roles were defined. Once I had finished the rough
development, it was time to proceed with the animation in flash. Basically the first scenario
contains two scenes which are as follows:
Scene 1 starts right from the initial point to the play button which contained
approximately 20 layers.
Scene 2 begins from where the Scene 1 stops till the last and contains 50 layers.
In all there are around 955 frames in all. The animation has been prepared using graphic
symbols, movie clips and animations. Also interactivity has been added in flash in the beginning
and for some set of questions which has been implemented using Action Script. Sound has been
imported to the game clips as and when necessary.
University of Plymouth
Page 44
VIVEK GUPTA
University of Plymouth
Page 45
VIVEK GUPTA
University of Plymouth
Page 46
VIVEK GUPTA
When the user starts the game, a scenario is presented in such a way the user playing the
game is entering into his friends house. And there is discussion among them about some
topic related to social networking site.
After the discussion, the users friend asks the user to enter his credentials. This is what
Fig 12: Page where the user has to enter his credentials
University of Plymouth
Page 47
VIVEK GUPTA
After this, the user leaves the place saying to his friend that he will be right back after
drinking some water. The users friend takes advantage of this and just for fun sake
uploads a monkey photo on his profile stating that its me i.e. the user. This is as shown
in the figure.
Fig 13: The friend uploads a funny photo on the user profile
So at the end it is necessary to educate the wrong thing that the user commits related to
his SNS and should be educated at the end which is done as shown in the figure below.
The users are given the moral of the story which will help them to get educated.
Page 48
VIVEK GUPTA
5.7 How the User learns from the game or gets educated by the game
This is the most important part as in how the user will learn or which learning style the user
adopts to get educated. There are different forms of learning styles like auditory, visual,
kinesthetic, cognitive etc. which the user adopts to carry out their process. So it is necessary to
include in the research as in which type of learning style the user is adopting to get educated. The
main and the core learning style that the user has to adopt are as follows:
Cognitive Learning:
Cognitive learning is a learning style where the user learns by different actions like listening,
watching, touching, reading experiencing and then remembering the information which is being
passed on to them. So in this game the scenario clearly asks the user to commit different actions
like experiencing, watching, listening and then remembering the information which is being
passed on to them as a moral of the story (Think Quest, 2011).
Experiential Learning
This type of learning can be explained with a simple example of when everyone starts to learn
something new like riding bicycle, operating a computer, dance etc. we learned all these
activities by taking an action, watching the consequences of the action depending on which we
either continued or learnt some new action (Conner, 2011). To be effective learners it is
necessary to
Perceive information
In this game as well, the user playing the game is presented in such a way that he is trying to
commit a mistake which results in bad consequences. So when the next time the user tried to do
the same thing, he/she will be quite aware of the consequences and this is what is called as
experiential learning i.e. learning from past mistakes. Also it is necessary to know that the game
should be interactive which can be defined as an activity where the user himself is presented with
a scenario and has to work on it to achieve the goal. The interaction should always be served to
the users with a purpose which will always keep the user interested (Schone, 2011).
University of Plymouth
Page 49
VIVEK GUPTA
This game is a mixture of cognitive learning nd experiential learning which tries to educate the
users about the risks of social networking sites.
University of Plymouth
Page 50
VIVEK GUPTA
CHAPTER 6
Results and Analysis
University of Plymouth
Page 51
VIVEK GUPTA
6.1 Introduction
This chapter purely contributes to the outcomes of the game which is used to create awareness
among the users and also to know the amount of awareness they already are. At the end, the
success of the game is to be evaluated which will be done as mentioned in the research
methodology.
Both the survey links and the link for the game were e-mailed to the participants with an
invitation message. The user had to answer to one link of the questions before the game, then
play the game and based on what knowledge and awareness they had obtained from the game,
they had to fill in the questions in the last link. This methodology will clearly evaluate the
success of the game and also the impacts it had on its users. A total of 25-35 participants were
required to evaluate the success of the game. In all 42 participants were send the invitation, out
of which only 34 participated in the game.
The demographics showed in the results below contains responses of all 34 participants who
participated in the survey before the game had to be played and the link to the survey after the
game also contains responses for 34 respondents. All questions were made compulsory, so all the
respondents have answered each and every question.
Also the research required the ethical approval from the committee in order to send the game to
the users and collect the results. After sending the approval form and going through a series of
paper work, this research finally got the ethical approval for the game and the results are
collected as shown.
6.2 Results
The results were collected from 34 users and all the pie charts and bar charts consist of results
from all the 34 users. Also all the questions were made compulsory which states that all the 34
users have attempted each and every question in the survey .The results from the all the section
have been collected and presented section wise. The results are as follows:
6.2.1. Section 1
This section consists of 13 questions that have been presented as follows:
University of Plymouth
Page 52
VIVEK GUPTA
Sex
Page 53
VIVEK GUPTA
This question was asked to the users in order to find out the background to which they belong. It
is always necessary for any research to reach each and every user so that are aware of each and
every risks. As the users invited were mostly friends and colleagues, most of them were students
and also colleagues who were employed full-time or part-time. So the survey clearly shows that
55.9% of the users were students and a small proportion of part-time and full-time employed
users participated in the game.
Are you a member of Social Networking Site?
University of Plymouth
Page 54
VIVEK GUPTA
of
users
were
connected
to
only
one
social
networking
site.
University of Plymouth
Page 55
VIVEK GUPTA
It is quite important to note that in the previous question, 7 users used only 1 social networking
site. In this survey question, it can be concluded that all the seven users only use 1 social
networking site i.e. Facebook. The survey clearly shows that all the users at least use Facebook
and the rest of 20.6% users also used different social networking site. Since the introduction of
Facebook in 2004, there has been always a steep rise in Facebook users which clearly proves
looking at the above results.
On Average, how much time do you spend daily on social networking site?
Page 56
VIVEK GUPTA
the
SNS
due
to
which
they
are
attracted
towards
the
attackers.
University of Plymouth
Page 57
VIVEK GUPTA
The major concern for SNS is adding up strangers on their profile. But looking at the above
figure and most of them are students; they might know the disadvantages of adding up strangers
on the Social Networking site. So the above result found is really not shocking but if the survey
would have attracted users from non IT background, the results might have been a bit different.
How do you choose passwords for all the social networking sites?
It is important to know from the users that how do they manage to choose passwords for the
SNS. This question arises because if the user has the SNS with same passwords, then it becomes
very easy for the attackers to gain access to the different SNS if they have access on one of it. So
the
selection
criteria
need
to
be
important
while
choosing
password.
University of Plymouth
Page 58
VIVEK GUPTA
This question was linked with the previous question and is one of the important questions of the
survey. It is important to remember that the selection criteria for password should be in such a
way that it is not guessed by anyone very easily. As seen in the past result, even here 50% of the
user had quite a good knowledge which shows that they might be from the IT background.
Approximately 44% of the users constituted of a password which is very easy to remember and
very funny which is a concern on the SNS. The attackers can cause more threats and gain access
to the SNS profile if the password is easily guessed. So it is important that each and every user
must have a password which is very hard to guess.
How often do you change your password?
The respondents were asked about the time period they take to change their password. It is
always recommended to change your password on the SNS to be safe. But it is about the users
who need to know this information which is very important.
University of Plymouth
Page 59
VIVEK GUPTA
University of Plymouth
Page 60
VIVEK GUPTA
This question was put in the survey to analyze whether the users are quite aware about the risks
of social networking sites. It was basically to know whether the users are concern about their
privacy on the SNS. But the result yielded facts that was quite shocking because approximately
45% of the users had given away their passwords of SNS to their friends, System admin and
office colleague respectively. So this is a huge concern because the result shows that users are
not quite up to their mark in securing their privacy.
Considering any worst situation would you ever share your SNS password with
anyone?
This was basically to know what the user will do considering any worst situation on the SNS.
The result was not quite surprising because an equal proportionate of users would have either
shared their password or vice-versa. This might have got struck on the situation considering how
worst it can be. So there is no justification for it.
University of Plymouth
Page 61
VIVEK GUPTA
6.2.1 Section 2
After collecting all the results about the knowledge the users had about the SNS and the risks
that are associated with it, it was time for the users to introduce to the game through which they
can seek knowledge based on which answers were to be provided in section 3. This game was
basically having some security features which the users had to follow in order to protect their
privacy.
6.2.3. Section 3
This section consists of the third link for the survey question which was provided after the game
had been played. It consist of 5 questions which was somewhat linked in the section 1 and it also
consists of two scenarios which the user had to answer after the experience in context to the
game.
How will you choose your password for all the social networking sites?
After looking at the scenario, out of all the 34 users, 61.8% users would like to have different
password which is good and also 29.4% users believed in alternating same passwords for all
University of Plymouth
Page 62
VIVEK GUPTA
social networking sites which is encouraging when compared to 8.8% users who want to use the
same password for all the SNS.
Which are the most important criteria when it comes in selecting a new password?
This time the results show cases something different which shows that 72.7% users wanted to
keep their SNS password very hard i.e. the strength of the password should be difficult in order
that no one can easily guess their password. Still approximately 27%users wanted to keep their
SNS password as either very easy or funny which is a concern.
University of Plymouth
Page 63
VIVEK GUPTA
Fig 30: Respondents response on changing their password after the game
University of Plymouth
Page 64
VIVEK GUPTA
Scenarios
Scenario 1: If you are sitting at a friend's place and logging on to the social networking site
on his desktop. If there is tick on a "Remember me" check box and asking you to enter the
personal details. What will you do?
This question was put up in the survey to check out whether the users were benefited after
looking at the scenario. It was important to know the impact it had on the user and what action
would they take if they were put in a similar scenario. The results are as shown.
This result clearly shows that the game had a huge impact on the users which can be justified as
seen in the results. Approximately 68% users revealed that their privacy is important for them
and then will uncheck and then proceed which is the right thing to do. But at the same time there
are also some users who think that their privacy will not be hampered because he is his friend
which is a wrong assumption. Also around 9% users were unsure and neglect the situation and
proceed which again can hamper their privacy.
Scenario 2: Considering a situation where in you are not able to access the internet and
your friend calls you up and says that he/she has posted some arrogant link on your profile
University of Plymouth
Page 65
VIVEK GUPTA
and asks you to have a look at it and delete it. But you cannot, so will you share your social
networking credentials with your friend and ask him to do the needful. Remember the line
of the scenario which was developed to aware.
This scenario based question was asked to the users in the same fashion as the previous one. The
users had to answer this question after looking at the game to check the awareness of the game.
The result as shown in the figure below clearly shows that the game has made some sort of
awareness
among
the
users.
Approximately
71%
of
Page 66
VIVEK GUPTA
University of Plymouth
Page 67
VIVEK GUPTA
University of Plymouth
Page 68
VIVEK GUPTA
University of Plymouth
Page 69
VIVEK GUPTA
Page 70
VIVEK GUPTA
such users, a level of awareness will be created about the importance of privacy which needs to
be maintained in the SNS. Also the organizations will be relieved in maintaining their security
and also no loss of information or disclosure of the organization. So in a positive way, this
research can prove more than handful in creating awareness among the people. Also it is
necessary that each and every Internet user using social networking sites must be aware and
looking at the present situation of Internet, the risks will always be climbing and hence the
researchers can carry out the extended work from where this research ends.
6.5 Academic Impact
This research has undergone the previous work that has been done in the field of social
networking sites. So after analyzing them, this game can be a huge advantage to the new
researchers to continue carrying out research in the same field. This can be served as the base for
new awareness method and can be fruitful to some extent. The game can also be carried out as
survey method by and government body to check the level of awareness before the game has
been played and comparing it with the impact it had after the game was played.
There are number of end users who are not aware about the risks of social networking. For such
users, it is important to know the drawbacks of social networking and this game can play a huge
favor in knowing the risks. Also this research can be carried out in the school among children as
an e-safety program which will help students to learn and gain knowledge of how to make use of
social networking sites to their advantage. Due to the animated characters used in the game,
many more school children will be attracted in playing it.
6.6 Dissemination and Exploitation
This research can play a very important role in the field of social networking awareness. This
chapter clearly contains all the results which have been obtained from the user before and after
playing the game. This research could be very useful in creating awareness for school children
and also by government to provide and understanding of the risks of social networking sites. This
game can really help users in providing awareness among the end users who are not from IT
background which is a huge advantage. The game can give a lot of information about security on
SNS to the users from any background which adds to the advantage of it.
University of Plymouth
Page 71
VIVEK GUPTA
Chapter 7
Conclusion
University of Plymouth
Page 72
VIVEK GUPTA
7.1 Inferences
This research was very beneficial in many ways like knowing users perception in the field of
social networking sites. It was also better in a sense that it comes to know about the awareness
level of the users about passwords. Due to the time constraint to complete the research, the game
could not be built up all the scenarios as mentioned in the design chapter and only the password
scenario was developed. The survey carried out for this scenario revealed many things about the
level of awareness.
The survey carried out before the game clearly showed that there were huge insights and
mistakes that were committed on the social networking sites. The main debate over this is that if
there are many sources available over the Internet, then why the users are not being aware. This
proves that only writing text and books will not attract people to read stuff because it is very
boring and also users are quite reluctant to search for books or articles. The main concern in the
results above was that around 30% of the users had accepted strangers on the social networking
site. This amount of users is quite sufficient for the attackers to launch their attacks. The above
results means that out of 100 users, 30 users would accept strangers which means that the
attackers can easily launch phishing, malware, spam attacks to these 30 users which is more than
enough for the attackers. Also the other concern over the social networking site is that
approximately 80% users share their Home town, e-mail address and photographs on social
networking sites which are again a real shock. The users must be made aware about the risks of
uploading such information on social networking sites because as mentioned earlier in the threat
section, the attackers can easily save their information in some other place and also there are
many tools available to identify the place and profile looking at the photos. So what this means is
there are users who are still not aware on the risks of social networking sites.
The main aim of the project was to educate users of social networking sites through a fun and
interactive game. It was also necessary to check out the level of awareness that the users already
had in the field of social networking sites and also through a game concept educate the users
about their mistakes. The research carried out here constituted overall 34 users which was more
than enough to evaluate the success of the game. Also the survey carried out in the research was
very easily passed by means of e-mail invitation. This survey that has been carried out after the
game was played clearly shows that the game had some positive impact on the users.
University of Plymouth
Page 73
VIVEK GUPTA
Approximately 82% users revealed that they were benefited from the scenario. Also the majority
of respondents revealed that would not share their credentials in the results carried out. At the
end, it is necessary that each and every user must be educated about the risks rather than ignoring
it and this research has somehow succeeded in achieving it.
7.2 Limitations
As every research has some limitations and drawbacks, this research had a quite a few
limitations. Firstly the time given to complete this research with the development was very less
which means that all the scenarios mentioned in the design chapter could not be completed
which is major drawback. Secondly since all the scenarios could not be built up, the present
game does not give the full flow of a game which is a drawback. If all the scenarios were built
up, the story would have been something else. Also the survey that needed to be carried out
could only contain questions related to password and in the end it became very difficult in the
analysis section to gather too much of data. This is why no too much of data could be compared.
The questionnaires that were passed on to the users to carry out the research could not be
concluded that the game was very useful in raising awareness among the people. The biggest
limitation behind this was the quality of questions based on the scenario. As in social networking
sites, the biggest threat is privacy and that scenario could not be built up just because of the time
window available. If that scenario could have been built up, then the quality of the questions
would have easily fetched more data from the users through which the conclusion could have
been more encouraging. Also because of this the research could not divide people into sets of IT
background and non IT background which would have given more appropriate results. Just
because of these limitations, the testing phase and the results could not be 100% effective. It is
always important that the game must be fun loving to attract more users. So there can be a funny
sound which can be added to the game in order to make it fun loving and also the game could be
added with additional features like points based, extra lives, cash reward or can be a clap sound
which will always keep the user attracted and interested. Also the game can be embedded with
different interesting and comic graphics which will attract more users. The biggest limitation in
this research could be the evaluation part. Evaluating success of the game cannot be calculated
by asking questions to the users before and after the game. So to prove this the questions can be
embedded in the game with the scenarios and then ask the users to answer what will they do in
University of Plymouth
Page 74
VIVEK GUPTA
the current scenario. This can be pretty handful and the results would be much more
appreciating. These limitations can be easily overcome in the future work.
University of Plymouth
Page 75
VIVEK GUPTA
References:
Acquisti, A., & Gross, R. (2005). Information Revelation and Privacy in Online
SocialNetworks. Proceedings of the 2005 ACM workshop on Privacy in the electronic society.
Alexandria, Virginia, USA. [Accessed on 25th January 2011 ]
Acquisti, A., and Gross, R. (2006). Imagined Communities: Awareness, Information Sharing
and Privacy on TheFacebook. Proceedings of the 6th Workshop on Privacy Enhancing
Technologies, Cambridge, UK, 2006. [Accessed on 6th August 2011 ]
Ashley, M (2008), Converging on Microsoft: 12 tips for safe social networking. Available:
http://www.networkworld.com/community/tips-for-safe-social-networking?page=0%2C2
[Accessed on 1st August 2011]
Atkinson, S., Furnell, S., & Phippen, A. (2009). Securing the next generation: enhancing esafety awareness among young people. Computer Fraud & Security, Plymouth, UK. Available:
http://www.sciencedirect.com/science?_ob=MImg&_imagekey=B6VNT-4WW268D-C1&_cdi=6187&_user=10104504&_pii=S1361372309700880&_origin=&_coverDate=07%2F31
%2F2009&_sk=979909992&view=c&wchp=dGLbVzWzSkWl&md5=fc12bd3276429d235e0e6ca445303d25&ie=/sdarticle.pdf [Accessed on 7th August
2011 ]
AVG, (2010). SOCIAL ENGINEERING: DECEIVING PEOPLE, NOT MACHINES.
AVAILABLE:
http://www.avg.com.au/news/avg_smb_social_engineering_deceiving_people_not_machines/
[Accessed on 14th August 2011 ]
Beato, F., Kohlweiss, M., Wouters, K. (2010). Enforcing Access Controls in social networking
sites. Available: http://www.cosic.esat.kuleuven.be/publications/article-1240.pdf [Accessed on
14th August 2011]
Bilge, L., Strufe, T., Balzarotte, T., Kirda, E. (2009). All Your Contacts Are Belong to Us:
Automated Identity Theft Attacks on Social Networks. Track: Security and Privacy / Session:
Web Security. [Accessed on 3rd August 2011]
boyd, d., and Ellison, N. (2007). Social Network Sites: Denition, History, and Scholarship.
Journal of Computer Mediated Education, 13(1), pp. 210-230. Available:
http://onlinelibrary.wiley.com/doi/10.1111/j.1083-6101.2007.00393.x/pdf [Accessed on 22nd
July 2011]
Cain, J. (2008). Online Social Networking Issues Within Academia and Pharmacy Education.
American Journal of Pharmaceutical Education, 72(1). [Accessed on 27th January 2011]
University of Plymouth
Page 76
VIVEK GUPTA
M.
(2011).
Learning
from
experience
online
Available:
University of Plymouth
Page 77
VIVEK GUPTA
.(2011).
62
posts
categorized
Safety.
Available:
th
University of Plymouth
Page 78
VIVEK GUPTA
Meredith, P.(2006). Facebook and the Politics of Privacy. Chronicle of Higher Education,
Sept.14, 2006. Available: http://chronicle.com/. [Accessed on 9th August 2011]
Nagy, J.; Pecho, P.(2009).Social Networks Security. 2009 Third International Conference on
Emerging Security Information, Systems and Technologies. [Accessed on 15th June 2011]
Narayanan, A., & Shmatikov, V. (2009). De-Anonymizing Social Networks. 30th IEEE
Symposium on Security and Privacy. University of Texas, Austin. [Accessed on 24th July 2011]
Newbould, M., Furnell, S. (2009). Playing Safe: A Prototype Game For Raising Awareness of
Social Engineering. Australian Information Security Management Conference, Perth, Western
Australia. [Accessed on 14th June 2011]
Richards, D. V. (2007). Posting Personal Information on the Internet: A Case for Changing the
Legal Regime Created by S 230 of the Communications Decency Act. Texas Law Review,
2007, 85, 13211322. [Accessed on 10th August 2011]
Salles, M. (2011). 6 Habits for Highly Effective and safe Social Networking. [ONLINE]
Available:
http://smartenterpriseexchange.com/blogs/TalkingBits/2011/05/20/6-habits-forhighly-effective-and-safe-social-networking [Accessed on 1st February 2011]
SIAF.
(2011).
Social
NetworkingGeneral
Risk
Assessment.
th
http://www.siaf.co.uk/resources/SIAF_snrisks.pdf [Accessed on 28 August 2011]
Avaiable:
Schrott, U. (2011). Survey Reveals Chasm between Users Concerns and Behaviour. ESET
Ireland. Available: http://esetireland.wordpress.com/2011/07/04/monthly-threat-report-june2011/ [Accessed on 14th August 2011]
Sheng, S., Magnien, B., Kumaraguru, P., Acquisti, A., Cranor, L.F., Hong, J., Nunge, E. (2007),
Anti-Phishing Phil : The Design And Evaluation Of A Game That Teaches People Not To Fall
For Phish, cups.cs.cmu.edu/soups/2007/proceedings/p88_sheng.pdf , (Accessed 10th September
2011)
Sophos (2011). Sophos Security Threat Report reveals increase in social networking security
Threats. Available: http://www.sophos.com/en-us/press-office/press-releases/2011/01/threatreport-2011.aspx [Accessed on 2nd August 2011]
Symantec. (2009). Spammers target social networking sites to spread spam. [Online]
Available:
http://www.symantec.com/en/uk/about/news/release/article.jsp?prid=20090608_01
[Accessed on 6th August 2011]
University of Plymouth
Page 79
VIVEK GUPTA
ThinkQuest. (2011). Cognitive Learning Available: http://library.thinkquest.org/26618/en5.5.3=cognitive%20learning.htm [Accessed on 15th September 2011]
Tim, D., & Duven, C. (2008). Privacy and Social networking sites. New Directions for Student
Services, 2008(124). Available: http://onlinelibrary.wiley.com/doi/10.1002/ss.297/pdf [Accessed
on 2nd August 2011]
Tuunainen, V., Pitknen, O., Hovi, M. (2009). Users Awareness of Privacy on Online
SocialNetworking Sites Case Facebook. AIS Electronic Library, BLED 2009 Proceedings.
[Accessed on 6th August 2011]
Walsh, S (2011), Top 5 Reasons why Spammers Love Social Networking. Available:
http://www.allspammedup.com/2011/08/top-5-reasons-why-spammers-love-social-networking/
[Accessed on 4th August 2011]
Ybarra, M, & Mitchell, K. (2008). How Risky Are Social Networking Sites? A Comparison of
Places Online Where Youth Sexual Solicitation and Harassment Occurs. Pediatrics Official
Journal of the American Academy of Pediatrics, 121(1), pp. 350-357. Available:
http://pediatrics.aappublications.org/content/121/2/e350.full.pdf+html [Accessed on 27th July
2011]
Yonts, J. (2011). Malicious Social Networking: Koobface Worm. SANS. Available:
http://www.sans.org/security-resources/malwarefaq/koobface-worm.php [Accessed on 5th
August 2011]
University of Plymouth
Page 80
VIVEK GUPTA
Appendix 1 Section 1
University of Plymouth
Page 81
VIVEK GUPTA
University of Plymouth
Page 82
VIVEK GUPTA
Appendix 2 Section 3
University of Plymouth
Page 83
VIVEK GUPTA
University of Plymouth
Page 84
VIVEK GUPTA
University of Plymouth
Page 85
VIVEK GUPTA
University of Plymouth
Page 86