Tuesday, July 12, 2011
Toshiba database hacked and leaked !
A hacker named V0iD hacked toshiba website and database leaked through a pastebin post. The leak includes the Username-Passwords of Admins too. It is also reported that, the same hacker hacked the database of National Assembly of Pakistan website too.
Wednesday, July 6, 2011
Seven recommendations for a Safer Facebook
1. Full SSL browsing enforced and mandatory for everyone. This is already available in Facebook via the privacy settings. This way, all users can make sure nobody is snooping in on their
conversations, even if they’re browsing Facebook through an untrusted internet connection,
and render attack tools such as Firesheep completely useless.
2. Two-factor authentication for all users with compatible mobile devices.Banks are offering e-tokens for their customers to safely accessing their online banking accounts, but in a world
where social networking sites are more important than ever, users should have the same technology available for protecting their Facebook accounts as well. This was enabled by Google not so long ago with a relatively simple mobile application. This way, an attacker would have to compromise two devices to get access to a Facebook account.
3. A clear line between trusted and untrusted Facebook apps. Malicious Facebook apps are being analyzed and reported by researchers on a daily basis – so it would be terrific if Facebook would manually check and approve all incoming applications to make sure no malicious app gets on to an user’s profile. As this task would probably be impossible, an idea would be to have an
ever increasing list of trusted/approved applications that a regular user can add to his profile. If the user wants to use an application that is not trusted, he should be able to run it in some sort of
“profile sandbox”, so that any malicious activity would not affect other users.
4. Tighten up the “recommended” privacy controls. Currently, the Facebook recommended privacy settings allow “everyone” to access your status, photos, and posts, your bio and favorite
quotations and see your family and relationships, while your “friends of friends” only have access to the photos and videos you’re tagged in, religious and political views plus your birthday.
It is too easy for an attacker to become the friend of a friend of someone and get all the data they need to reset a password for a webmail account. 
5. Permanently deleting your account should permanently delete your account -- but it doesn’t. “Copies of some material (photos, notes, etc.) may remain in our servers for technical
reasons, but this material is disassociated from any personal identifiers and completely inaccessible to other people using Facebook”. This needs to be fixed as it is a major privacy and security risk even for people who have removed their Facebook identity.
6. Commit to keeping children safe by taking parental control to a whole new level. Parents should be able to setup limited access accounts for their children, as subaccounts
under their main Facebook presence. The limited sub-accounts could automatically be turned into full accounts once the child reaches the age of consent.
7. Educate your users. Yes, the page at facebook.com/security is a good.
Saturday, June 25, 2011
Social Networking and Security Risks

WHAT ARE SOCIAL NETWORKING WEBSITES ?
Social networking websites function like an online community of internet users. Depending on the website in question, many of these online community members share common interests in hobbies, religion, or politics. Once you are granted access to a social networking website you can begin to socialize. This socialization may include reading the profile pages of other members and possibly even contacting them.
There are a variety of people in these websites whom we don't know..Online meeting is not enough to understand and study a people if he a right guy to do friendship with..There is always a risk of Blackmailing,Malware Spreading,Identity Theft etc..
Generally peoples who are aware of the risks and dangers of Social Networking can take his way out of these crimes done via Social Networking and the Peoples not aware about this will surely be a prey...
There is a maximum of Social Engineering used by the Hackers in these crimes
=============================================================================
DANGERS/RISKS OF SOCIAL NETWORKING.
Events and Questions
You must be knowing about the famous scam that was on Facebook some days before "View Who Viewed your Profile" . I remember i got more than 20 invites for that event..These events can be used by the hackers as a source through which they can use their social engineering skills on you.You cannot even know they are hackers and using their skills on you ... The new Facebook feature "Questions" will even help them
Now lets take a Example
You are invited to a Event called "About me" or A friend asked you through the Question feature..
They will include some questions because the topic itself tell About Me
1. What was my most embarrassing moment?
2. Which City you were born ?
3. What was the name of my first elementary school?
4. What was my favorite pet’s name?
5- What is your father's name
These question are not harmful to answer in a general conversation with your friends or relatives.But if you look at the questions carefully they are security questions asked in the SOCIAL NETWORKING SITES. Using this sensitive information to the secret questions they can access your account and you will be ruined.
Facebook Applications
Social networking websites function like an online community of internet users. Depending on the website in question, many of these online community members share common interests in hobbies, religion, or politics. Once you are granted access to a social networking website you can begin to socialize. This socialization may include reading the profile pages of other members and possibly even contacting them.
There are a variety of people in these websites whom we don't know..Online meeting is not enough to understand and study a people if he a right guy to do friendship with..There is always a risk of Blackmailing,Malware Spreading,Identity Theft etc..
Generally peoples who are aware of the risks and dangers of Social Networking can take his way out of these crimes done via Social Networking and the Peoples not aware about this will surely be a prey...
There is a maximum of Social Engineering used by the Hackers in these crimes
=============================================================================
DANGERS/RISKS OF SOCIAL NETWORKING.
Facebook
 Events and Questions
You must be knowing about the famous scam that was on Facebook some days before "View Who Viewed your Profile" . I remember i got more than 20 invites for that event..These events can be used by the hackers as a source through which they can use their social engineering skills on you.You cannot even know they are hackers and using their skills on you ... The new Facebook feature "Questions" will even help them
Now lets take a Example
You are invited to a Event called "About me" or A friend asked you through the Question feature..
They will include some questions because the topic itself tell About Me
1. What was my most embarrassing moment?
2. Which City you were born ?
3. What was the name of my first elementary school?
4. What was my favorite pet’s name?
5- What is your father's name
These question are not harmful to answer in a general conversation with your friends or relatives.But if you look at the questions carefully they are security questions asked in the SOCIAL NETWORKING SITES. Using this sensitive information to the secret questions they can access your account and you will be ruined.
Facebook Applications

Applications Facebook offers thousands of applications that its users can install and run. These applications include calendars that allow Friends to be reminded when it’s your birthday, tools to send Friends online greeting cards, quizzes on myriad topics and much more.
These Applications look totally harmless but in some cases it is not they are used by hackers to deliver malicious contents to your computer This holds true not only to Facebook, but also to other social networking sites and to the Internet in general, when downloading from the Web or opening attachments in email messages. Therefore, make certain that your computer has a proper and functional firewall, as well as up-to-date antivirus/anti-malware software, and only install or run these applications if they are from a trusted source or approved by your corporate IT department. We call them JAVA APPLETS or JAVA DRIVE-BY
The employes may even tweet something that may be harmful for their company.The companies should keep a eye on the employes tweets or the tweets may be harmful for their future.
FRAUDS and HOAXES
weather it is Facebook or Twitter the online banking or day-to-day purchases, be aware of emails that claim to be from these sites but are actually hoaxes and may contain malicious content. If have received numerous emails that seems to be from bank, yet are actually sent by a spammer in the hopes of obtaining the online username and password.
The messages may even contain an attached ZIP file that recipients are asked to open to see who invited them. The attachment will contain some Trojans and Malwares which can cause damage to your computer giving your sensitive information to the hacker
URL SHORTENING 
Another form of hoax involves the shortening, of URLs in email messages or on websites such as our favorites: Facebook, Twitter.Often times, the links that we want to post can get very long, making them unwieldy or impossible to type in the small space allotted by the network sites. To get around this, third-party services such as http://tinyurl.com/ or http://bit.ly/ will “encode” the URL into a much shorter version.example - http://www.facebook.com/sauravhacker will turn into http://adf.ly/1PnMZ
Although the benefit of URL shortening is obvious, there is also a security risk associated with it, in that the shortened URL really does not tell you the true destination of the link. You only find out once you get there, which may be too late if that site happens to contains drive-by malware or content which should not be viewed by “sensitive” eyes. Therefore, make certain that you click on shortened URLs only if you trust the sender. Never click on them if they are contained in spam messages or on sites that you have any reason to consider suspicious.
You can use any longurl service also to long the shortened url.
PROTECTION
Use Different Passwords, Change Them Often: Each of your social networking sites as well as all other important websites should have different, complex password assigned to them, and they should be changed regularly. Since people often use the same password on multiple sites, one compromised account could easily lead to compromising other accounts.
Don’t Blindly Give Out Your Credentials: There are a lot of third party web-based services out there that make use of your social networking services. In the past, the only way for this to occur was to give your credentials to these services. This works, so long as these third party services weren’t somehow compromised, or worse, the services were not what they seemed to be.
Keep Your Operating System, Browser Patched: Ensure you have applied all the latest patches from Microsoft, Apple, or whomever supplies your computer’s underlying operating system. Ensure you are using the latest version of your web browser. If you are using Internet Explorer–especially if you are using Internet Explorer version 6, as is standard on Windows XP, try using a third party browser such as Firefox or Google Chrome.
Browser Plugins Can Help: If you are using Firefox, there are plugins that can help expand those “short” URLs so you can see where it is they will take you. like LongURL
Antivirus: Always use a updated version of antivirus / Anti malware / anti rootkit . The updated version will be having it;s virus database updated which will help you recognizing and deleting those.
Click on links you trust from - Always click on links if you got from a trusted guy because the other links may contain trojans in them or even phishers.
If you are aware about the Social Networking Risks you are secured from the hacker.It is not that i only mentioned about Facebook and Twitter means the risks are only on them. These risks exists in all the social networking sites but the hackers target the most popular which now a days is Facebook and Twitter
These Applications look totally harmless but in some cases it is not they are used by hackers to deliver malicious contents to your computer This holds true not only to Facebook, but also to other social networking sites and to the Internet in general, when downloading from the Web or opening attachments in email messages. Therefore, make certain that your computer has a proper and functional firewall, as well as up-to-date antivirus/anti-malware software, and only install or run these applications if they are from a trusted source or approved by your corporate IT department. We call them JAVA APPLETS or JAVA DRIVE-BY
TWITTER 
Twitter is an online application that allows you to post brief comments (tweets) on any topic. Other users on the Twitter network can become a follower of your tweets, such that they receive the updates whenever you send them.  Twitter Twitter is used for professional purpose so the risks here differs from Facebook.Generally Twitter is used by the celebrities,Companies they tweet their updates every time.Some body told me some one tweeted his twitter when the Osama kill mission started.The employes may even tweet something that may be harmful for their company.The companies should keep a eye on the employes tweets or the tweets may be harmful for their future.
FRAUDS and HOAXES
weather it is Facebook or Twitter the online banking or day-to-day purchases, be aware of emails that claim to be from these sites but are actually hoaxes and may contain malicious content. If have received numerous emails that seems to be from bank, yet are actually sent by a spammer in the hopes of obtaining the online username and password.
The messages may even contain an attached ZIP file that recipients are asked to open to see who invited them. The attachment will contain some Trojans and Malwares which can cause damage to your computer giving your sensitive information to the hacker
Another form of hoax involves the shortening, of URLs in email messages or on websites such as our favorites: Facebook, Twitter.Often times, the links that we want to post can get very long, making them unwieldy or impossible to type in the small space allotted by the network sites. To get around this, third-party services such as http://tinyurl.com/ or http://bit.ly/ will “encode” the URL into a much shorter version.example - http://www.facebook.com/sauravhacker will turn into http://adf.ly/1PnMZ
Although the benefit of URL shortening is obvious, there is also a security risk associated with it, in that the shortened URL really does not tell you the true destination of the link. You only find out once you get there, which may be too late if that site happens to contains drive-by malware or content which should not be viewed by “sensitive” eyes. Therefore, make certain that you click on shortened URLs only if you trust the sender. Never click on them if they are contained in spam messages or on sites that you have any reason to consider suspicious.
You can use any longurl service also to long the shortened url.
PROTECTION
Use Different Passwords, Change Them Often: Each of your social networking sites as well as all other important websites should have different, complex password assigned to them, and they should be changed regularly. Since people often use the same password on multiple sites, one compromised account could easily lead to compromising other accounts.
Don’t Blindly Give Out Your Credentials: There are a lot of third party web-based services out there that make use of your social networking services. In the past, the only way for this to occur was to give your credentials to these services. This works, so long as these third party services weren’t somehow compromised, or worse, the services were not what they seemed to be.
Keep Your Operating System, Browser Patched: Ensure you have applied all the latest patches from Microsoft, Apple, or whomever supplies your computer’s underlying operating system. Ensure you are using the latest version of your web browser. If you are using Internet Explorer–especially if you are using Internet Explorer version 6, as is standard on Windows XP, try using a third party browser such as Firefox or Google Chrome.
Browser Plugins Can Help: If you are using Firefox, there are plugins that can help expand those “short” URLs so you can see where it is they will take you. like LongURL
Antivirus: Always use a updated version of antivirus / Anti malware / anti rootkit . The updated version will be having it;s virus database updated which will help you recognizing and deleting those.
Click on links you trust from - Always click on links if you got from a trusted guy because the other links may contain trojans in them or even phishers.
If you are aware about the Social Networking Risks you are secured from the hacker.It is not that i only mentioned about Facebook and Twitter means the risks are only on them. These risks exists in all the social networking sites but the hackers target the most popular which now a days is Facebook and Twitter
Subscribe to:
Comments (Atom)
 
