Archive for category Social Networking
Vulnerability Makes All Facebook Accounts Exposed
Posted by Mourad Ben Lakhoua in Social Networking, Vulnerabilities, Vulnerabilities & attacks on August 13, 2010
New Vulnerability has been discovered in facebook that allows an attacker to obtain all users credential on the social network website. By having the email address an attacker can get the name and pictures of victims.
The vulnerability can works regardless of the account privacy settings, this mean that even if your account hidden from all search engines it is possible to have the sensitive information.
The result of gathered information can be used for phishing attacks or any other issue.
According to the researchers if someone has a list of email address that he has no clue about. He can feed them to Facebook one by one (or in a list, using a script like this) and chances are that he’ll get more than 50% hits. Useful for phishing attacks (People will get more convinced when they see their *real* names).
Or an attacker can randomly generate email addresses and create a database with user’s names and pictures, which mean that you have no privacy and your information, can be easily found.
Update :
Facebook, in a statement sent to SCMagazineUS.com on Thursday, said the glitch has been fixed.
“We have technical systems in place to prevent people’s names and profile photos from showing to unrelated users upon login, but a recently introduced bug temporarily prevented these from working as intended,” Facebook said in a statement. “We remedied the situation swiftly.”
make sure you subscribe to my RSS feed!
Donbot Leads a Way To Twitter Spam
Posted by Mourad Ben Lakhoua in News, Social Networking, Web Security on November 21, 2009
One more time major botnets are using social networking websites to spread spam.
Symantec’s MessageLabs warned lately that DonBot are started a new massive spamming message, the Lab detected from 18 November 4% of global Spam traffic.
The spam message includes an offer to work from home with a 100-200 dollars daily salary and to be considered for this opportunity the victim should send an initial payment and wait for the golden ticket.
The message also includes an image with link to redirect victim to twitter page and gives hackers a way to hijack Twitter accounts and spam other users.
This shows that more http links in instant messaging conversations are making a way to “instant malware.”
If you are receiving a message on Twitter try to not click directly on the short link and to check the original URL. By checking on LongURL.org which can helps in expanding the URL and avoid phishing, malware, and viruses by examining short URLs before visiting them and Find out where links really take you.
You can also use on Mozilla firefox Tamper Data plugin that helps to test web application security and track request and responses from the URL Link.
make sure you subscribe to my RSS feed!
What’s wrong with Twitter?
Posted by Mourad Ben Lakhoua in Cybercrime & Hacking, Internet, News, Social Networking, Web Security on August 9, 2009
On the 6th of August Twitter went down for a pretty long period. After a while a brief message was added on the Twitter status says they’re fighting off a DDOS attack right now. Well the most interesting that the distributed denial-of-service attack also affected Facebook, LiveJournal and Google’s Blogger.
The idea of distributed denial-of-service (DDoS) attack on the sites is that computers have been compromised by a viruses or other malware and instructed by the Hacker to visit the specific Web sites all at the same time and repeatedly. The barrage of connection requests overwhelms the target sites, making it so that legitimate Web traffic can’t get through.
So this attack requires tens of thousands of machines in which all forms a botnet and in a few seconds can turn any website dawn, as the case of (Finjan report “Your PC might be traded online– without you knowing about it!”).
To secure yourself from being a part of a botnet network is to install an antivirus with the latest signature and in some time check the netstat command on windows to see if there is any unusual connection with your pc.
make sure you subscribe to my RSS feed!
Kuwait: Cybercrooks target over a billion users
Posted by Mourad Ben Lakhoua in Social Networking on May 8, 2009
The rapidly increasing interaction of consumers with social online networks, mobile phones and other intelligent devices has brought about significant lifestyle benefits that are under a serious threat from cybercriminals according to an international virus analyst. Addressing the audience of Kuwait’s ICT Security Forum, Stefan Tanase, Malware Analyst, EEMEA Research Center, Kaspersky Lab Global Research and Analysis Team, said that in 2009 social networking sites will be used by around 80 per cent of all Internet users, the equivalent of more than one billion people.
“The growing popularity of social networking sites has not gone unnoticed by cybercriminals; last year, such sites became a hotbed of malware and spam and yet another source of illegal earnings on the Internet. The Kaspersky Lab collection contained more than 43,000 malicious files relating to social networking sites in 2008 alone,” said Tanase.
“Malicious code distributed via social networking sites is 10 times more effective than malware spread via email. Social networks have approximately a 10 per cent success rate in terms of infection compared to less than 1 per cent for malware spread via email,” he said. Stolen names and passwords belonging to the users of social networking sites can be used to send links to infected sites, spam or fraudulent messages such as a seemingly innocent request for an urgent money transfer.
Previously on SecTech there were some post concerning the Social networking security from best practices and some ways to mitigate the risk of using it here is an article from Kuwait that shows that sites of social networking in 2009 will be used by around 80 per cent of all Internet users, the equivalent of more than one billion people, and there is only one solution to secure using these sites is the awareness and follwing some best practices.
[Source: Arab Times]
make sure you subscribe to my RSS feed!
Facebook security settings
Posted by Mourad Ben Lakhoua in Social Networking on February 19, 2009
Facebook and other social networking sites can be a great way of keeping in touch with former friends from high school, university and various jobs. But using such sites does come with different risks. Here you can find some best practices that can keep you safe while you still enjoy the benefits of social networking:
* Do not add people you don’t know.
* Be very careful with your public information.
* disable the option that allows software access to your address book.
* Do not add co-workers as friends if you expect privacy at work.
* Don’t tag people on pictures and videos. The practice annoys many people, and it’s an unnecessary way of exposing information.
* Don’t use third-party applications. The apps provided by Facebook are presumably safe, but the rest simply aren’t worth the risk. If you feel you must use them, take precautions.
* Remember that If one of your friends makes a comment on a photo, their friends gain access to your album.
* Remember that the default settings in Facebook are relatively loose. It’s better to add your own settings to make your profile more secure.
So Facebook can be used safely and with little impact on the rest of your life by following these tips.
-
You are currently browsing the archives for the Social Networking category.
SUBSCRIBE
Latest Comments