Archive for the ‘Hacking’ Category

We’ve all seen Facebook posts that say things like, “Finally! Facebook got a dislike button! Click here!” or “See who is viewing your profile OMG I cannot believe it!!!!!!” or something else equally enticing.

Some of us, overwhelmed by desire, have fallen for these posts and learned an important lesson the hard way: Facebook is full of spam.

Many of us fled from MySpace in hopes of a cleaner, spam-free, and polished platform, but it was only a matter of time before hackers figured out how to attack us on Facebook, too.

On Facebook, there are a few different ways your account, privacy, and computer can be compromised. Sometimes hackers will simply phish for your log-in information and hijack your account, spamming your friends in the process. Other times, the app that promised to be a “dislike” button will instead download and install malware on your computer. — Taken from cnet forum —

“Surveys are an increasingly common tactic used to disguise a wide range of security threats lurking on Facebook and other social networking sites,” said Christopher Boyd, senior threat researcher, GFI Software. “Scammers also have improved their ability to immediately hijack high-profile news for their attacks. By exploiting breaking and developing news stories, they are catching users off guard. Users should always be wary of promises of free items or sensational content, and they should never share personal and financial information online unless they are dealing directly with a known, trusted and secure website — not a Facebook or Twitter post claiming to represent a recognized business or organization.”

Top 10 Malware Detections for May

GFI’s top 10 malware list is compiled from collected scan data of tens of thousands of GFI VIPRE® Antivirus customers who are part of GFI’s ThreatNet™ automated threat tracking system. ThreatNet statistics revealed that the vast majority of malware threats found continue to be Trojans, mostly detected in generic form.

Detection Type Percent
Trojan.Win32.Generic!BT Trojan 22.51
Trojan.Win32.Generic.pak!cobra Trojan 3.79
Trojan.Win32.Generic!SB.0 Trojan 3.73
Zugo Ltd (v) Adware (General) 2.75
Trojan-Spy.Win32.Zbot.gen Trojan 1.63
INF.Autorun (v) Trojan 1.38
Pinball Corporation. (v) Adware (General) 1.37
Trojan.JS.Redirector.cd (v) Trojan 1.3
Malware.JS.Generic (JS) Exploit 1.23
FraudTool.Win32.FakeRean Rogue Security Program 1.13

Check out the video below, how to avoid it, and different ways to get rid of it.

On { codebutler } 24th of October 2010, they described how a software called Firesheep  a Firefox extension designed to demonstrate how you can hack almost any body on the same network as you are.

– After installing the extension you’ll see a new sidebar. Connect to any open wifi network and click the “Start Capturing” button. Then wait.

– As soon as anyone on the network visits an insecure website known to Firesheep, their name and photo will be displayed.

– Double-click on someone, and you’re instantly logged in as them. That’s it.

Firesheep is free, open source, and is available now for Mac OS X and Windows. Linux support is on the way.

FaceNiff used the same Technic and did it even within encrypted WiFi networks.

Websites have a responsibility to protect the people who depend on their services. They’ve been ignoring this responsibility for too long, and it’s time for everyone to demand a more secure web. Our hope is that Firesheep and FaceNiff will help the users win.

As for us users we have to Protect ourselves against ARP Spoofing (or sniffing in general).

recent Android application called FaceNiff can hijack unencrypted login credentials from users on the same Wi-Fi network. It also works on networks encrypted with WEP, WPA or WPA2 protection.

But in order to use FaceNiff, your Android smartphone must first be rooted (here’s a list of devices confirmed to work). Right now, FaceNiff works with Amazon, Facebook, Twitter, YouTube and Nasza-Klasa, but more are sure to follow.

Here is some videos to proof it really works: