Archive for the ‘Protection’ Category

We’ve all seen Facebook posts that say things like, “Finally! Facebook got a dislike button! Click here!” or “See who is viewing your profile OMG I cannot believe it!!!!!!” or something else equally enticing.

Some of us, overwhelmed by desire, have fallen for these posts and learned an important lesson the hard way: Facebook is full of spam.

Many of us fled from MySpace in hopes of a cleaner, spam-free, and polished platform, but it was only a matter of time before hackers figured out how to attack us on Facebook, too.

On Facebook, there are a few different ways your account, privacy, and computer can be compromised. Sometimes hackers will simply phish for your log-in information and hijack your account, spamming your friends in the process. Other times, the app that promised to be a “dislike” button will instead download and install malware on your computer. — Taken from cnet forum —

“Surveys are an increasingly common tactic used to disguise a wide range of security threats lurking on Facebook and other social networking sites,” said Christopher Boyd, senior threat researcher, GFI Software. “Scammers also have improved their ability to immediately hijack high-profile news for their attacks. By exploiting breaking and developing news stories, they are catching users off guard. Users should always be wary of promises of free items or sensational content, and they should never share personal and financial information online unless they are dealing directly with a known, trusted and secure website — not a Facebook or Twitter post claiming to represent a recognized business or organization.”

Top 10 Malware Detections for May

GFI’s top 10 malware list is compiled from collected scan data of tens of thousands of GFI VIPRE® Antivirus customers who are part of GFI’s ThreatNet™ automated threat tracking system. ThreatNet statistics revealed that the vast majority of malware threats found continue to be Trojans, mostly detected in generic form.

Detection Type Percent
Trojan.Win32.Generic!BT Trojan 22.51
Trojan.Win32.Generic.pak!cobra Trojan 3.79
Trojan.Win32.Generic!SB.0 Trojan 3.73
Zugo Ltd (v) Adware (General) 2.75
Trojan-Spy.Win32.Zbot.gen Trojan 1.63
INF.Autorun (v) Trojan 1.38
Pinball Corporation. (v) Adware (General) 1.37
Trojan.JS.Redirector.cd (v) Trojan 1.3
Malware.JS.Generic (JS) Exploit 1.23
FraudTool.Win32.FakeRean Rogue Security Program 1.13

Check out the video below, how to avoid it, and different ways to get rid of it.

Advertisements

Another Facebook feature challenging the concept of privacy!

This feature has been available in the United States since December, allows users to upload photos to their accounts and have the site make suggestions for whom among a user’s friends this photo belongs (tags). And as always this new feature is automatically turned on in every ones users’ privacy settings and requires users to manually turn it off, if desired!

A debate among privacy advocates arguing that this new features should not be turned on without the user consent:

“Our concern, as usual, is that Facebook is making changes to its privacy and creating new features without giving people sufficient notice and giving them a choice as to whether they want to participate,” said Chris Conley, of the American Civil Liberties Union of Northern California.

“If this new feature is as useful as Facebook claims, it should be able to stand on its own, without an automatic sign-up that changes users’ privacy settings without their permission.”Representative Edward J. Markey (D-MA) agreed

Facebook CEO Mark Zukerberg has always defended such practices arguing that requiring users to turn on each new feature would diminish their Facebook experience. Yet in a statement released today on their blog, the company admitted they should have been more clear explaining the feature to users to avoid confusion and that they are working on “satisfy concerns” brought forward by lawmakers and privacy advocates.

Instructions for disabling the facial recognition feature:

 

 

I think users should never ever trust any social network site and always think of ways to maintain their privacy, because in my opinion the main purpose of social network sites like Facebook is to break every rule of privacy and broadcast everyone’s secrets all over the internet, Just to like what they did in college. And that is only my opinion.

One of the actions taken to try and protect the users from being hacked:

HTTPS Everywhere is a Firefox extension produced as a collaboration between The Tor Project and the Electronic Frontier Foundation. It encrypts your communications with a number of major websites.

Many sites on the web offer some limited support for encryption over HTTPS, but make it difficult to use. For instance, they may default to unencrypted HTTP, or fill encrypted pages with links that go back to the unencrypted site.

The HTTPS Everywhere extension fixes these problems by rewriting all requests to these sites to HTTPS.

Download the extension and read more here.

HTTPS Everywhere can protect you only when you’re using sites that support HTTPS and for which HTTPS Everywhere includes rules. If sites you use don’t support HTTPS, ask the site operators to add it; only the site operator is able to enable HTTPS. There is more information and instruction on how server operators can do that in the EFF article How to Deploy HTTPS Correctly.

On { codebutler } 24th of October 2010, they described how a software called Firesheep  a Firefox extension designed to demonstrate how you can hack almost any body on the same network as you are.

– After installing the extension you’ll see a new sidebar. Connect to any open wifi network and click the “Start Capturing” button. Then wait.

– As soon as anyone on the network visits an insecure website known to Firesheep, their name and photo will be displayed.

– Double-click on someone, and you’re instantly logged in as them. That’s it.

Firesheep is free, open source, and is available now for Mac OS X and Windows. Linux support is on the way.

FaceNiff used the same Technic and did it even within encrypted WiFi networks.

Websites have a responsibility to protect the people who depend on their services. They’ve been ignoring this responsibility for too long, and it’s time for everyone to demand a more secure web. Our hope is that Firesheep and FaceNiff will help the users win.

As for us users we have to Protect ourselves against ARP Spoofing (or sniffing in general).