Social Network Security Manager

Social Network Security Manager

InternetNeverSleeps

Los Angeles, CA

Female, 38

I oversaw all on site safety and security concerns for one of the largest social networks in the world. In the wild west of the internet, I had to develop policies and guidelines on how to deal with even the weirdest issues, work with law enforcement, meet with our government and address all the urgent issues that can pop up. My teams were the 911 of the internet, if you will, responding to the craziest of issues.

SubscribeGet emails when new questions are answered. Ask Me Anything!Show Bio +

Share:

Ask me anything!

Submit Your Question

32 Questions

Share:

Last Answer on December 02, 2013

Best Rated

What social networks, past or present, had the WORST security?

Asked by surf, not turf over 8 years ago

The one I worked at had pretty bad security in the beginning, but I won't disclose the name to protect the innocent LOL Though it depends on the type of spam/security issues. Free dating sites, like match.com, tend to have some pretty bad scammers on there.

Did you cringe when social networks first started allowing developers to launch applications on-site? Is this the kind of thing that just unleashed an avalanche of new security headaches for you?

Asked by ez duz it over 8 years ago

Hey Ed Duz, You would think that would be a huge issue, and we thought it would be, too. But! It didn't - by that time, everyone was extra security conscious about what kind of issues apps could lead to. Almost overly cautious. So because of that, apps ended up being the least of our concerns. It was built in a way that it was very 'gated'. The apps were heavily reviewed for security and content issues before being authorized, and it was very easy to deactivate them in the event there was an issue. Honestly, I can't think of any major app related security or safety concern that came up. I think there was a content issue or two (ie a picture of boobies being distributed by an app) but that was about it. At least or our site! But I have been following all other major sites and haven't seen any issues, either.

If you identify a hacker or spammer and block him, what's to stop him from just creating another account? And another, and another, and another...

Asked by Zucktown over 8 years ago

Hey Zucktown, Good question. Generally spammers are automated systems that are coming in from a certain IP address/block of IP addresses (*cough* China *cough*) or mass posting very similar types of content. Based on various factors, you can either prevent account creation and/or certain types of content being posted. If an individual hacker is targeting a very specific individual, that is a bit tougher. We try to educate users on account security - so be wary of phishing, don't have a password of 'Password' (this happens more than you know) or name your password after your cat (a friend of mine got his account 'hacked' by his ex-girlfriend. Turns out his password was his cat's name. #fail).

Don’t social networks get hundreds if not thousands of attempted security intrusions every week? What was the furthest any hacker actually got?

Asked by ljenkins over 8 years ago

The biggest security issue I see that is still plaguing social network sites (and many other types of sites) are phishing attempts. I've seen very successful phishing schemes that result in thousands of user account login information, which then results in a bot automatically logging into that user's account and sending out spam. Cross site scripting (xss) hacks are also annoying and have, in the past, run rampant (in one instance, about 1 Million profiles were affected in a short period of time). They are more annoying than malicious - I consider phishing worse in terms of what we experienced.

Was your team monitoring the site 24/7? Were there certain days/times where violations were more frequent?

Asked by Gresh over 8 years ago

Good question, Gresh. There were both people and systems that would monitor for certain activities on the site (such as a spam attack) that were 24/7 (staffing for the graveyard shift is tough!). In the early days before I had the team become 24/7, the spammers knew when we went off line and would start their attack in the later evening and on weekends. Standard TOS violations would spike with site traffic, which tended to be 'after work' hours, so you would see the rise when the East coast got out of work/school and continue over to the West coast. Granted, our site was international but the majority of the traffic was domestic.

Do you think Facebook will still be around in 5 years? 10 years?

Asked by tubes over 8 years ago

Yes to both! I've been a very active user of the interw3b since about 1995 and there are pre-cursor 'social network' sites that still have a strong fan base (such as Livejournal) (OK I admit, I still love Livejournal) and have easily lasted over a decade. Will Facebook still have the strong following it does now? Only time will tell, but it's hard to stay on top forever!

Is it illegal for me to upload someone else’s image to my profile? Do copyright holders every send you takedown notices, and do you have to comply?

Asked by anonpigeon over 8 years ago

For the first question, it depends on the image rights. For example, if the image is Public Domain, then you should be OK. If you are ever unsure, probably best not to upload the picture. YES I can tell you right now that any website that allows users to post content MUST comply with takedown notices, in accordance with the Digital Millenium Copyright Act (DMCA). Fortunately for website operators, the DMCA is fairly clear about the process. More fun reading about the DMCA can be had here: http://www.copyright.gov/legislation/dmca.pdf Please note my response here is very generalized and should not be used as legal advice!! :)