Social Network Security Manager

Social Network Security Manager

InternetNeverSleeps

Los Angeles, CA

Female, 38

I oversaw all on site safety and security concerns for one of the largest social networks in the world. In the wild west of the internet, I had to develop policies and guidelines on how to deal with even the weirdest issues, work with law enforcement, meet with our government and address all the urgent issues that can pop up. My teams were the 911 of the internet, if you will, responding to the craziest of issues.

SubscribeGet emails when new questions are answered. Ask Me Anything!Show Bio +

Share:

Ask me anything!

Submit Your Question

32 Questions

Share:

Last Answer on December 02, 2013

Best Rated

Did you proactively search for and report people whose profiles suggested they were breaking the law? Like: if someone posts a picture of themself snorting coke?

Asked by justin over 12 years ago

Not really - using your example, I will explain why. First, we can't really determine (nor should we) if that is real cocaine (or say, pixie stick sugar). Second, the profile might claim the user lives in Miami, but we can't verify that (even if IP logs show a Miami-ish location, they could be using a proxy). Also, even if we reached out to local law enforcement with this information, we would still require a subpoena to release anything that would help law enforcement actually locate this person (such as their IP logs or email address). Law enforcement is already incredibly swamped with all the real-life crime/issues going on to deal with all the online activity going on, so no way are they going to take on this case knowing they have to do all this extra work for a potential, non confirmed, or as you said, suggested, crime. A major exception to this rule is child pornography. As our site proactively reviewed image content being uploaded to the site, we would come across questionable images. It is the law that we immediately report any child pornography to the National Center for Missing & Exploited Children (NCMEC), who has their own law enforcement agents assigned to them (I.C.E.). Even if we are not 100% sure that it is an underage person, it doesn't matter - if it raises a red flag, we don't take chances and report it.

Did you cringe when social networks first started allowing developers to launch applications on-site? Is this the kind of thing that just unleashed an avalanche of new security headaches for you?

Asked by ez duz it over 12 years ago

Hey Ed Duz, You would think that would be a huge issue, and we thought it would be, too. But! It didn't - by that time, everyone was extra security conscious about what kind of issues apps could lead to. Almost overly cautious. So because of that, apps ended up being the least of our concerns. It was built in a way that it was very 'gated'. The apps were heavily reviewed for security and content issues before being authorized, and it was very easy to deactivate them in the event there was an issue. Honestly, I can't think of any major app related security or safety concern that came up. I think there was a content issue or two (ie a picture of boobies being distributed by an app) but that was about it. At least or our site! But I have been following all other major sites and haven't seen any issues, either.

Don’t social networks get hundreds if not thousands of attempted security intrusions every week? What was the furthest any hacker actually got?

Asked by ljenkins over 12 years ago

The biggest security issue I see that is still plaguing social network sites (and many other types of sites) are phishing attempts. I've seen very successful phishing schemes that result in thousands of user account login information, which then results in a bot automatically logging into that user's account and sending out spam. Cross site scripting (xss) hacks are also annoying and have, in the past, run rampant (in one instance, about 1 Million profiles were affected in a short period of time). They are more annoying than malicious - I consider phishing worse in terms of what we experienced.

Do you think that LinkedIn has a bright future because the Facebook generation is 'growing up' and looking for more professional social networking?

Asked by askramsingh1977 over 12 years ago

I personally love LinkedIn and utilize it weekly. I think it does indeed have a bright future and meets a good niche in the social network arena.

When you first started this job, were you braced for all of the nasty stuff you encountered? Or was there a time in the beginning where you thought, "I had no idea people could be THIS messed up?"

Asked by S.D. Jones about 12 years ago

When I started the job, I was only focusing on security issues (vulnerabilities, attackers, etc). I had no idea I'd go down the path of pedophiles, law enforcement issues, insane profiles, nutjob users, and content that you just can't un-see once it's seen. I had already been online for MANY many years (back in newsgroup days) so I already had a pretty strong inkling of the stuff out there. ;)

I know Facebook says it's not possible to see who's viewed your profile. But is the "who's viewed your profile" information stored anywhere, such that a hacker could find and distribute it?

Asked by mealtik over 12 years ago

I wouldn't worry about that. But clever people with their own web server logs could see what IP addresses look at their profile. ;-)

Do you think Facebook is out of line regarding user privacy, or do they have the right to do whatever they want? Not from a strictly legal point of view because we all agreed to their terms of use but how about re: corporate responsibility?

Asked by france_sucks almost 12 years ago

I think FB has definitely made a few things fairly concerning with user privacy and their oddly shifting security settings on their products. Half of me sides with the viewpoint that 'it's their website, they can do what they want, and nothing you post on the internet is truly private or sacred anyawys' and the other half is reviled and would leave FB if I wasn't so heavily integrated with it for my social life (haha).  

 

Ultimately, companies are companies and they are out to make a buck. It's up to the end user to decide how comfortable they are with information about themselves being shared/distributed/etc.