Showing posts sorted by relevance for query Facebook. Sort by date Show all posts
Showing posts sorted by relevance for query Facebook. Sort by date Show all posts

Anonymous Declared Operation Facebook on 5th November, 2011

Posted by Avik Sarkar On 8/10/2011 04:05:00 pm

 
It’s time again for us to hear from Anonymous, that rather well-known yet hacker group whose members remain largely, well, anonymous. The announcement made today makes clear that whichever member(s) of the hacktivist group have created said call to action are preparing to take down Facebook, one of the most popular and well-travelled social networks and indeed websites on the internet.
This newest attack is said to be directed at Facebook for at least two specific cases where  Facebook has been accused of wrongdoing:

1. ACLU objects to Facebook’s Privacy Settings
2. Facebook Stealing Numbers and Data from your iPhone
In short Facebook has became a spying machine, and Fb is giving all the private information of their users to the Govt. and violating privacy

According to Anonymous:-

Operation Facebook

DATE: November 5, 2011.

TARGET: https://facebook.com

Press:-

Twitter : https://twitter.com/OP_Facebook
http://piratepad.net/YCPcpwrl09
Irc.Anonops.Li #OpFaceBook

Anonymous Message about #Op-Facebook:-

"...Attention citizens of the world,
We wish to get your attention, hoping you heed the warnings as follows:
Your medium of communication you all so dearly adore will be destroyed. If you are a willing hacktivist or a guy who just wants to protect the freedom of information then join the cause and kill facebook for the sake of your own privacy.
Facebook has been selling information to government agencies and giving clandestine access to information security firms so that they can spy on people from all around the world. Some of these so-called whitehat infosec firms are working for authoritarian governments, such as those of Egypt and Syria.
Everything you do on Facebook stays on Facebook regardless of your “privacy” settings, and deleting your account is impossible, even if you “delete” your account, all your personal info stays on Facebook and can be recovered at any time. Changing the privacy settings to make your Facebook account more “private” is also a delusion. Facebook knows more about you than your family.

http://www.physorg.com/news170614271.html
http://itgrunts.com/2010/10/07/facebook-steals-numbers-and-data-from-your-iphone/

You cannot hide from the reality in which you, the people of the internet, live in. Facebook is the opposite of the Antisec cause. You are not safe from them nor from any government. One day you will look back on this and realise what we have done here is right, you will thank the rulers of the internet, we are not harming you but saving you.
The riots are underway. It is not a battle over the future of privacy and publicity. It is a battle for choice and informed consent. It’s unfolding because people are being raped, tickled, molested, and confused into doing things where they don’t understand the consequences. Facebook keeps saying that it gives users choices, but that is completely false. It gives users the illusion of and hides the details away from them “for their own good” while they then make millions off of you. When a service is “free,” it really means they’re making money off of you and your information.
Think for a while and prepare for a day that will go down in history. November 5 2011, #opfacebook . Engaged.
This is our world now. We exist without nationality, without religious bias. We have the right to not be surveilled, not be stalked, and not be used for profit. We have the right to not live as slaves.

We are anonymous
We are legion
We do not forgive
We do not forget
Expect us..."


Here is the Official Video of Anonymous on #OP-Facebook:- 


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Facebook Launches Security Bug Bounty

Posted by Avik Sarkar On 7/30/2011 05:01:00 pm


Facebook is set to announce today a bug bounty program in which researchers will be paid for reporting security holes on the popular social-networking Web site.
Compensation, which starts at $500 and has no maximum set, will be paid only to researchers who follow Facebook's Responsible Disclosure Policy and agree not to go public with the vulnerability information until Facebook has fixed the problem.
Facebook Chief Security Officer Joe Sullivan told that "Typically, it's no longer than a day" to fix a bug,

Facebook's Whitehat page for security researchers says: 

"If you give us a reasonable time to respond to your report before making any information public and make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service during your research, we will not bring any lawsuit against you or ask law enforcement to investigate you."

The compensation program is a good way to provide an incentive and show appreciation to the research community for helping keep Facebook safe for users, according to the company's security team. Up until now, researchers received recognition on the Facebook Whitehat page, maybe some "swag," and--if they were lucky--a job.
"Some of our best engineers have come to work here after pointing out security bugs on our site," like Ryan McGeehan, manager of Facebook's security response team, said Alex Rice, product security lead at Facebook. (Facebook also recently hired famed iPhone jailbreaker and Sony PlayStation 3 hacker George Hotz, who works on security issues.)
Meanwhile, Facebook is allowing security researchers a way to create test accounts on Facebook to ensure they don't violate terms of use or impact other Facebook users, Rice and McGeehan said.
Facebook is following in the steps of Mozilla, which launched its bug bounty program in 2004, and Google, which offers a bug bounty program with payments ranging from $500 to more than $3,000 for finding Web security holes, as well as a program specifically for Chrome bugs.
Microsoft has offered bounties of $250,000 for information leading to the arrest of virus writers, but does not pay researchers who find bugs in its software. However, other companies do, like TippingPoint's Zero Day Initiative.
Researchers typically are paid more for finding bugs in desktop software, which can take much longer to fix and to update software on computers than bugs in Web-based software, which can be fixed much more quickly.

According To FACEBOOK:- 

Eligibility
To qualify for a bounty, you must:
  • Adhere to our Responsible Disclosure Policy:
    ... give us a reasonable time to respond to your report before making any information public and make a good faith effort to avoid privacy violations, destruction of data and interruption or degradation of our service during your research ...
  • Be the first person to responsibly disclose the bug
  • Report a bug that could compromise the integrity or privacy of Facebook user data, such as:
    • Cross-Site Scripting (XSS)
    • Cross-Site Request Forgery (CSRF/XSRF)
    • Remote Code Injection
  • Reside in a country not under any current U.S. Sanctions (e.g., North Korea, Libya, Cuba, etc.)
Our security team will assess each bug to determine if qualifies.

Rewards
  • A typical bounty is $500 USD
  • We may increase the reward for specific bugs
  • Only 1 bounty per security bug will be awarded
Exclusions
The following bugs aren't eligible for a bounty (and we don't recommend testing for these):
  • Security bugs in third-party applications (e.g., http://apps.facebook.com/[app_name])
  • Security bugs in third-party websites that integrate with Facebook
  • Security bugs in Facebook's corporate infrastructure
  • Denial of Service Vulnerabilities
  • Spam or Social Engineering techniques


                                                                                                                                                                     -News Sourec (FACEBOOK & Cnet)


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Recent Facebook XSS Attacks Show Increasing Sophistication

Posted by Avik Sarkar On 4/25/2011 01:09:00 pm

A few weeks ago, three separate cross-site scripting (XSS) vulnerabilities on Facebook sites were uncovered within a period of about 10 days. At least two of these holes were used to launch viral links or attacks on users – and it’s clear that attacks against Facebook users are becoming increasingly sophisticated.
The first issue came from a page on the mobile version of Facebook’s site. The interface was a prompt for posting stories to a user’s wall, and the parameter for the text of the prompt did not properly escape output. On March 28, a blogger identifying themselves as “Joy CrazyDaVinci”posted code that demonstrated how the vulnerability could be used to spread viral links:
<iframe id=”CrazyDaVinci” style=”display:none;”
src=”http://m.facebook.com/connect/prompt_feed.php?display=wap&user_message_prompt=’<script>window.onload=function(){document.forms[0].message.value=’Just visited http://y.ahoo.it/gajeBA Wow.. cool! nice page dude!!!‘;document.forms[0].submit();}</script>”></iframe>
This bit of HTML would be included in a viral page. The code sets the content of the wall post to a message that includes a link to a viral page, then submits the prompt automatically. Anyone clicking the link would get the same code executed on their account. The viral page could be used for malware distribution or phishing attacks, but in most cases where I saw this trick used, the page simply loaded advertisements or “offer spam”.
By the next day, several links were spreading virally and caught the attention of security researchers. Facebook moved quickly to patch the issue, and Crazy DaVinci issued an apology for the example code, explaining that versions of it had actually been circulating for several days prior and that the demonstration was intended to push Facebook for a fix.
On April 3, another XSS problem came to light, this time with a Facebook “channel” page used for session management. Both another security researcher and I had previously looked at this interface and found it properly escaped, so it’s likely a code update mistakenly changed the page’s behavior. Facebook again patched the problem soon after news of it spread.
I didn’t observe any viral exploitation of the second vulnerability in the wild, but after the first problem came to light, I noted that it was mostly used to submit a form already on the page for posting links. The payload made use of functionality within the vulnerable page, but XSS allows an attacker to do far more. I wondered when we might see a Facebook attack that made greater use of cross-site scripting’s potential.

What a Difference a Space Makes

I didn’t have to wait long. On April 7, I got word via Twitter of a Facebook app that had live XSS, but the app had disappeared before I got to see it in action. At first, I thought this was yet another case of XSS within the context of a Facebook app. But I soon found other version of the app which were still online, and I quickly realized this was actually an XSS problem with the Facebook Platform. Also, the XSS payload being used did much more than submit a form.
The attack used FBML-based Facebook apps, which render in the context of an apps.facebook.com page. Normally, Facebook filters code to prevent any scripts from directly modifying the page’s DOM, but the XSS problem gave attackers a bypass. When a user visited the app page, they would see what appeared to be a fairly benign page with a popular video.
Unlike many Facebook page scams, the promised video actually works – if you click play, the video will load and nothing unusual seems to happen. But as the code screenshot below reveals, that click does much more than load the video.
When the page first loads, the “video” is actually just an image placeholder with a link. Part of the href parameter for that link is shown above. Note the space after the opening quotation mark – that’s where the XSS comes in. Normally, Facebook would block a link to a javascript: URL. Adding the space worked around Facebook’s filters, but the browser would still execute the rest of parameter.
According to Facebook, it turned out that some older code was using PHP’s built-in parse_url function to determine allowable URLs. For example, while parse_url(“javascript:alert(1)”) yields a scheme of “javascript” and a path of “alert(1)”, adding whitespace gives a different result: parse_url(” javascript:alert(1)”) does not return a scheme and has a path of “javascript:alert(1)”. Other PHP developers should take note of the difference if parse_url is being used in security-related code.

A More Advanced Attack

Clicking the link executed an inline script that in turn added a script element to the page. This loaded more code from a remote address and included several parameters in the GET request. The parameters set variables within the remote code that specified what video to load, what URLs to use for viral posts, and so on. Multiple Facebook apps and domains were used for the viral links, but the main script always came from the same host. This helped the attack persist, since blocking one site would not stop it and the central code was loaded dynamically.
The remote code handled actually loading the video, but also included a number of functions which make use of having script access in a facebook.com context. The script would set the user as attending spam events, invite friends to those events, “like” a viral link, and even send IMs to friends using Facebook Chat.
When I came across the attack, one block of code had been commented out, but one bloggerdiscovered a version of the attack a few days prior and saw it in action. This part loaded a fake login form which actually sent the entered username and password to a log interface on the attacker’s server. (Remember, this phishing form would appear in the context of a page with typical Facebook chrome.) Since the attack page would load even if a user was not logged in to Facebook, this could have also been a way to make sure a session was available before launching the other functions.
Fake videos and viral links are nothing new on Facebook, but most of these scams tend to be fairly simple. In fact, it’s not hard to find forums where people offer boilerplate code for launching such schemes – much like the first XSS worm above which simply submitted a form. But the April XSS attack involved multiple domains, multiple user accounts, and multiple methods for spreading and hijacking user accounts. And it still only scratched the surface of what’s possible with an XSS vulnerability. I expect we’ll see more XSS-based attacks and more powerful payloads in the future.

Postscript on Real-Time Research

I came across the April attack late one afternoon as I was preparing to leave work… so I could present on XSS at a local OWASP meeting! Those following me on Twitter saw a somewhat frantic stream of tweets as I tried to find live examples of the attack and sorted through the code while closely watching the clock and wrapping up last-minute presentation details. Earlier this week, I did some searching to review information for this post, and I came across this article from eWEEK: “Facebook Bully Video Actually an XSS Exploit“.
I was a bit surprised by it, as I hadn’t known about it before and saw that it quoted me. I then realized it was quoting my tweets! I then read that I had “confirmed to eWEEK on Twitter” one aspect of the story. At first I was confused, but then remembered that during my flood of tweeting, another user had sent an @ reply asking about the very detail the story talked about. Checking that tweet again, I found out the question had come from the article’s author.
I relate all this not because any of it bothered me, simply because (1) I found it somewhat fascinating that a few quick Twitter updates could become the primary source for a news article and (2) I was humbled to realize that a few quick Twitter updates could become the primary source for a news article! While it’s great that a story can spread so fast, it was certainly gave me a reminder to be careful when discussing topics of interest on a public forum. But I’m glad I can do my part in helping raise awareness of online dangers, particular the implications of XSS.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Facebook Law-Enforcement Tool

Posted by Avik Sarkar On 9/19/2011 05:42:00 pm


U.S. law-enforcement agencies are increasingly obtaining warrants to search Facebook, often gaining detailed access to users' accounts without their knowledge. A Reuters review of the Westlaw legal database shows that since 2008, federal judges have authorized at least two dozen warrants to search individuals' Facebook accounts. Many of the warrants requested a laundry list of personal data such as messages, status updates, links to videos and photographs, calendars of future and past events, "Wall postings" and "rejected Friend requests."
Federal agencies seeking the warrants include the FBI, DEA and ICE, and the investigations range from arson to rape to terrorism. The Facebook search warrants typically demand a user''s "Neoprint" and "Photoprint" -- terms that Facebook has used to describe a detailed package of profile and photo information that is not even available to users themselves. These terms appear in manuals for law enforcement agencies on how to request data from Facebook. The manuals, posted on various public-advocacy websites, appear to have been prepared by Facebook, although a spokesman for the company declined to confirm their authenticity.
The review of Westlaw data indicates that federal agencies were granted at least 11 warrants to search Facebook since the beginning of 2011, nearly double the number for all of 2010. The precise number of warrants served on Facebook is hard to determine, in part because some records are sealed, and warrant applications often involve unusual case names. (One example: "USA v. Facebook USER ID Associated with email address jimmie_white_trash@yahoo.com," a sealed case involving a drug sale.) In a telephone interview, Facebook's Chief Security Officer, Joe Sullivan, declined to say how many warrants had been served on the company. He said Facebook is sensitive to user privacy and that it regularly pushes back against law-enforcement "fishing expeditions."

NOT CHALLENGED:-

None of the warrants discovered in the review have been challenged on the grounds that it violated a person's Fourth Amendment protection against unlawful search and seizure, according to a review of the cases. Some constitutional-law experts said the Facebook searches may not have been challenged because the defendants - not to mention their "friends" or others whose pages might have been viewed as part of an investigation -- never knew about them.
By law, neither Facebook nor the government is obliged to inform a user when an account is subject to a search by law enforcement, though prosecutors are required to disclose material evidence to a defendant. Twitter and several other social-media sites have formally adopted a policy to notify users when law enforcement asks to search their profile. Last January, Twitter also successfully challenged a gag order imposed by a federal judge in Virginia that forbade the company from informing users that the government had demanded their data.
Twitter said in an email message that its policy was "to help users protect their rights." The Facebook spokesperson would not say whether the company had a similar policy to notify users or if it was considering adopting one.

THE CASE OF THE SATANISTS:-
In several recent cases, however, Facebook apparently did not inform account-holders or their lawyers about government snooping. Last year, several weeks after police apprehended four young Satanists who burned down a church in Pomeroy, Ohio, an FBI agent executed a search warrant on Facebook seeking data about two of the suspects. All four ultimately pleaded guilty and received sentences of eight to ten years in state prison (along with a message of forgiveness from a church official who called the sentence "God's time out," and presented them with a Bible). It is unclear if data obtained from the warrant was used in the investigation. Lawyers for the two defendants were unaware of the searches until they were contacted by Reuters.
In another case, the DEA searched the account of Nathan Kuemmerle, a Hollywood psychiatrist who pleaded guilty in Los Angeles federal court after a joint operation last year by the DEA and local police revealed he had run a "pill mill" for celebrity customers.
Westlaw records show that that the DEA executed a warrant to search Kuemmerle's Facebook account weeks after his arrest.
At Kuemmerle's bail hearing, a Redondo Beach police detective pointed to comments Kuemmerle made on Facebook and in the site's popular game "Mafia Wars" to argue that he should be denied bail.
According to Kuemmerle's lawyer, John Littrell, the detective testified on cross-examination that the information was from "an undercover source." Littrell told Reuters that neither he nor his client was ever informed about the warrant, and that he only learned of its existence from Reuters.
The detective said in an e-mail message that he did not recall being asked about how he obtained the Facebook information. The DEA did not reply to requests for comment.

POTENTIAL FOR NEW LEGAL CHALLENGES:-
The Facebook searches potentially open up new legal challenges in an area that at one time seemed relatively settled: How much protection an individual has against government searches of personal information held by third parties. In a 1976 case, United States v. Miller, a divided U.S. Supreme Court ruled that a bank did not have to inform its customer when it turned over his financial records to the Bureau of Alcohol, Tobacco and Firearms.
In doing so, the Supreme Court held that the customer could not invoke Fourth Amendment rights against illegal search and seizure because the records were bank property in which he had no legitimate "expectation of privacy."
Under this reasoning, a person would have no more expectation of privacy in Facebook content than in bank records. A key difference, however, is the scale of information that resides on social networking sites. "It is something new," said Thomas Clancy, a constitutional-law professor at the University of Mississippi. "It''s the amount of information and data being provided as a matter of course by third parties."
Eben Moglen, a cyberlaw professor at Columbia Law School, says the Facebook searches show that courts are ill-equipped to safeguard privacy rights in an age of digital media. In his view, "the solutions aren't legal, they''re technical."
Clancy, the Mississippi professor, said that courts are divided over whether the unprecedented volume of digital records in the possession of third parties should give rise to special rules governing the search of electronic data.
He added that the Supreme Court had an opportunity to clarify the issue in a case called Ontario v. Quon, but that it decided to "punt."
The Quon case concerned a California policeman who claimed his employer violated his Fourth Amendment rights when it read sexually explicit messages that he had sent from a work pager.
The Court found that that the employer's search was not unreasonable, but declined to rule on the degree to which people have a privacy interest in electronic data controlled by others.
Explaining the court's caution, Justice Anthony Kennedy wrote, "The judiciary risks error by elaborating too fully on the Fourth Amendment implications of emerging technology before its role in society has become clear."

To download the Facebook Law Enforcement Guidance click Here


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Facebook Outage in Many European Countries Not Caused By Anonymous But DNS Problem

Posted by Avik Sarkar On 10/14/2012 06:26:00 pm

Facebook Outage in Many European Countries Not Caused By Anonymous But DNS Problem 

World's most popular and largest social network Facebook faced another downtime. This time the outage effected millions of users in European countries including Denmark, France, NorwayGermany and Italy. After June this is the second outage which effected large number of Facebook users. Last time Facebook users faced disturbance while using their favorite social network. Facebook users across the globe experienced log-in difficulties for several hour. But this time, the social networking giant remain down for a decent time. The outage may have caused Facebook’s share price to go down. For a site with 900 million users worldwide, even a minor outage has a huge effect. Like the June issue, here also hacker collective came first and took credit of the outage. According to a twitter account of the hacktivist group named  Anonymous Own3r, took responsibility of the outage, In his tweet he claimed to figure out several vulnerabilities in Facebook, which causes the outage. In a pastebin note, the hacker publishes those so called vulnerabilities. Also in his tweet the hacker claimed to have control in many servers owned by Facebook. 

But Facebook completely denies the hacker attack & said the cause of the outage was nothing but DNS issue, neither hacker attack nor DDoS.  Here we want yo give you reminder that i2011 Anonymous openly declared to take down Facebook. The operation was dubbed #Op-Facebook and Anonymous told that they will hit FB on the 5th of November last year. But in reality it was just a threat and as expected Anonymous failed to execute Operation Facebook. Later in June this year, Anonymous took credit for a couple of hours outage of Facebook, and here again Anonymous affiliated member repeated the same story, which again proves completely baseless, and in short it was nothing but a publicity stunt. 

In case of large social network like Facebook, such kind of DNS issues can be happened. Whatever immediately after this outage Facebook released a statement saying -
"There has not been a hack of Facebook. We have investigated these claims, and they are not valid. The evidence cited was produced by an automated vulnerability scanner that alerts developers of potential vulnerability, and we have found these all to be false alerts.
We expect Anonymous just like we expect any other attack on any other day. Due to our size, we face the same threats as seen everywhere else on the Web, but we have developed partnerships, back-end systems, and protocols to confront the full range of security challenges we face. Facebook has always been committed to protecting our users’ information, and we will continue to innovate and work tirelessly to defend this data.
Earlier (Thursday), we made a change to DNS as part of a traffic-optimization test, and that change resulted in some users being temporarily misrouted. We detected and resolved the issue immediately, but a small number of users located primarily in Western Europe experienced issues accessing the site while the DNS addresses repopulated. We are now back to 100 percent, and we apologize for any inconvenience..."



-Source (All Facebook)




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

(Facebook Downtime) Users Faced Log-in Difficulties, FB Said -Outage Was Not Caused By Anonymous

Posted by Avik Sarkar On 6/04/2012 02:08:00 pm

(Facebook Downtime) Users Faced Log-in Difficulties, FB Said -Outage Was Not Caused By Anonymous
On first of June millions of Facebook users faced disturbance while using their favourite social network. Facebook users across the globe experienced log-in difficulties for several hour. For a site with 900 million users worldwide, even a minor outage has a huge effect, especially amidst criticism of the Facebook IPO. The outage may have caused Facebook’s share price to go down 5.95 percent this morning. The simple event was a tweet sent out by @YourAnonNews after the news broke that Facebook was having problems. The account appeared to claim responsibility for the attacks. Anonymous had made two tweets with regard to Facebook’s latest troubles, whereby one read as follows: “Looks like good old Facebook is having packet problems” to indicate that the shadows surrounding the calamitous IPO is not the only quandary, but a number of them. The second indecent tweet read, “RIP Facebook a new sound of tango down, b—–*."
Later hacker collective Anonymous has released a statement denying responsibility for Thursday’s Facebook slowdown and agreeing withe the Menlo Park company that there was in fact no attack at all. 
What ever the main twist is that Facebook completely denies the rumour that Anon was behind the downtime. In a statement FB said "Last night’s outage was not the result of a DDoS.” There was no attack on Facebook last Thursday. The company suffered from an internal problem that slowed down user’s connections and refused access to many of them. It doesn’t happen often but it happens often enough that it was a possibility. In the press release Facebook spokesman said, “Earlier today, some users briefly experienced issues loading the site. The issues have since been resolved and everyone should now have access to Facebook. We apologize for any inconvenience.” This is a public apology to its esteemed customers.
Being a responsible media its our duty to refresh the memory of our readers. In 2011 Anonymous openly declared to take down Facebook. The operation was dubbed #Op-Facebook and Anonymous told that they will hit FB on the 5th of November last year. But in reality it was just a threat and as expected Anonymous failed to execute Operation Facebook. 
 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Facebook Under Massive Phishing Attack, Accounts Getting Compromised Within 24 Hrs

Posted by Avik Sarkar On 11/24/2011 05:49:00 pm


Facebook again under massive attack. This time phishing emails are threatening to delete users’ Facebook accounts unless the victims pass along their account details within 24 hours. The phishing messages are charging Facebook users with violating policy regulations by annoying or insulting other Facebook users. The messages are then requesting personal and financial information including Facebook login details and part of recipients’ credit card numbers. The emails are entirely bogus. They are not coming from Facebook. Social media venues would not request financial information, nor would they request login details. The scams are, in fact, designed to steal credit card numbers and social media accounts, likely in order to further spread scams and bilk victims.

A typical phishing Scam Looks Like:-


LAST WARNING : Your account is reported to have violated the policies that are considered annoying or insulting Facebook users. Until we system will disable your account within 24 hours if you do not do the reconfirmation.
Please confirm your account below:
[Link] {The Malicious One}
If you ignore this warning, then our security system will block your account automatically.

Thanks.
The Facebook Team

Another Example:-


Subject: Did you log into Facebook from somewhere new?
Dear [Username]


Your Facebook account was recently logged into from a computer, mobile device or other location you've never used before. We have reviewed your account activity, and we get information about possible unauthorized access to your Facebook. We have provided a warning to you via email, but you do not respond to our notification.
"Your account was accessed from a new location : Anonymous Proxy."
If you are not signing into your Facebook account from "Anonymous Proxy", your Facebook account may have been compromised. We recommend immediately verify your account by carefully on the link below to protect your Facebook account. It may take a few minutes of your time to complete your data.
Please be sure to visit the Facebook Service Account for further information regarding these security issues.


***********************************


[link] {to scam page}


***********************************


Note : If within 12 hours, you have not verified your account, then you have ignored our notifications. Therefore, your account is permanently suspended, and will not be reactivated for any reason.


Thanks,

Facebook Security Team









SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Finally Facebook Released Their Application for iPad

Posted by Avik Sarkar On 10/11/2011 10:14:00 pm


One year, six months, and seven days after the iPad first went on sale, Facebook has at last released its app for Apple's tablet. "Many of you have been asking about Facebook for iPad," the company said in an understated blog post Monday. "Today, it's finally here." The long-delayed app has the subject of much Silicon Valley chatter. Some rumors suggested that a rift between Facebook CEO Mark Zuckerberg and Apple's executive team over Apple's Ping social network was to blame for the delay. Others claimed that Facebook preferred a Web-based application that bypassed Apple's strict app store rules.
Former Facebook developer Jeff Verkoeyen, the lead engineer on the the iPad app, wrote on his blog recently that he quit the company after Facebook continually delayed the release of the iPad app. It had been in the works since October 2010 and was essentially completed in May, Verkoeyen said.
"For reasons I won't go into details on the app was repeatedly delayed throughout the summer," Verkoeyen wrote. "Needless to say this was a frustrating experience for me. The experience of working on this app was a large contribution to the reasons why I left Facebook, though that doesn't mean it wasn't a difficult decision."
Verkoeyen, who now works for Google, later updated his blog post to strip out his criticism of Facebook and his comments about the app's delay.
If Verkoeyen's timeline is correct, that means that the Facebook iPad app was stuck in limbo longer than the Apple's notoriously delayed white iPhone 4.
But like the white iPhone, Facebook's iPad app has finally appeared. The application showcases many of the familiar Facebook features, integrating gestures and swipes to help users navigate the social network.
"With the iPad app, you get the full Facebook experience, right at your fingertips," Leon Dubinsky, a Facebook mobile engineer, said in a blog post that he wrote "from the comfort of his couch."
Games, apps, groups and lists appear in a menu on the left-hand side, giving users quick access to their most-frequently used tasks. Messages and notifications appear at the top of each screen, so Facebook users can chat with friends and view updates without jumping back and forth between screens.
The app also allows lets users play full-screen games, watch and record HD videos and stream them to other devices using Apple's Airplay technology.
The app had been noticeably absent from Apple's iTunes app store, considering that Facebook had been among the first to debut an iPhone application in 2007. The social network also said Monday that it made several improvements to the iPhone app and Facebook's mobile site, giving users simplified navigation, faster search and access to more games and apps. 

For more information and to get the application click Here



-News Source (CNN)



 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Facebook & HTC Developing Facebook Phone Codenamed "Buffy"

Posted by Avik Sarkar On 11/25/2011 03:40:00 pm



Facebook is working with HTC to develop a phone that has a much deeper integration with the social network than any previous "Facebook phone." That's according to a report from All Things, which says the phone is probably 12 to 18 months away from hitting store shelves.
Codenamed "Buffy" after the vampire slayer of the same name, the phone will run a modified version of Google's Android, but Facebook is reported to be tweaking the system "heavily."
HTC is known for modifying Android on its phones with its HTC Sense interface, and both Amazon and Barnes & Noble have created tablets with highly customized versions of the Android, so it's possible that Facebook is adopting a similar strategy.
Part of the package would be serving up Facebook apps via HTML5 support. This would allow users to play games like Farmville and Poker directly from the Facebook app. While most developers offer their apps as separate downloads from Facebook, that prevents them from tapping into active Facebook users, while cutting Facebook off from potential revenues. Buffy would presumably bridge the gap.
Both HTC and Facebook told media that they don't comment on rumor and speculation, though the Facebook spokesperson added, "Our mobile strategy is simple: we think every mobile device is better if it is deeply social. We're working across the entire mobile industry; with operators, hardware manufacturers, OS providers, and application developers to bring powerful social experiences to more people around the world."
The collaborative picture Facebook paints is a far cry from the ultra-competitive war among mobile platforms with Google, Apple, Facebook, and others vying for consumers' hearts and minds. Perhaps the most telling aspect of the rumored phone is the codename. With a name like Buffy, the Facebook phone's mission is clear: slay all comers.



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Facebook Said - Please Hack Us & Get Bounty of $500

Posted by Avik Sarkar On 5/13/2012 12:30:00 am

Facebook Said - Please Hack Us & Get Bounty of $500

Earlier through Hackers Cup, Facebook has already shown honour to hackers now social networking giant Facebook is directly encouraging hackers to try hacking its security systems to find weaknesses. Those who succeed will receive a reward of US$500 or more and have their name added to a list of helpful hackers.
The hackers have taken part in Facebook's White Hat program. Anyone who finds a way of breaching the site's networks, and owns up, can earn rewards worth thousands of dollars. As well as money, Facebook promises not to land them in trouble with the police & legal harassment if they have complied with the program's golden rules. Already one British hacker has earned more than $2400 from Facebook, and the most prolific White Hat contributors are now given their own Facebook "bug bounty" credit cards. Facebook's chief security officer, Joe Sullivan, says he would much rather the hackers worked with the company, rather than against it. In time, he hopes the hackers will be able to find legitimate ways of expressing themselves within schools and universities. "There is a real lack of practical academic programs for cyber-security not only in the US but also internationally," he said. "Cyber-security is a skill best learned by doing, and unfortunately many of the current academic programs place little emphasis on real-world practical experience such as that gained in competition or via bug-bounty programs.

According to Facebook - "If you're a security researcher, please review our responsible disclosure policy before reporting any vulnerabilities. If you give us a reasonable time to respond to your report before making any information public and make a good faith effort to avoid privacy violations, destruction of data and interruption or degradation of our service during your research, we will not bring any lawsuit against you or ask law enforcement to investigate you."

Eligibility:-
To qualify for a bounty, you must:
  • Adhere to our Responsible Disclosure Policy:
  • Be the first person to responsibly disclose the bug
  • Report a bug that could compromise the integrity of Facebook user data, or circumvent the privacy protections of Facebook user data, such as:
  • Cross-Site Scripting (XSS)
  • Cross-Site Request Forgery (CSRF/XSRF)
  • Remote Code Injection
  • Broken Authentication (including Facebook OAuth bugs)
  • Circumvention of our Platform permission model
  • A bug that allows the viewing of private user data
  • Reside in a country not under any current U.S. Sanctions (e.g., North Korea, Libya, Cuba, etc.)
Rewards:-
  • A typical bounty is $500 USD
  • We may increase the reward for specific bugs
  • Only 1 bounty per security bug will be awarded
Exclusions:-
The following bugs aren't eligible for a bounty (and we don't recommend testing for these):
  • Security bugs in third-party applications (e.g., http://apps.facebook.com/[app_name])
  • Security bugs in third-party websites that integrate with Facebook
  • Security bugs in Facebook's corporate infrastructure
  • Denial of Service Vulnerabilities
  • Spam or Social Engineering technique


                      For detailed information click Here





SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

VOGH Exclusive: URL Redirection Vulnerability Found In Facebook

Posted by Avik Sarkar On 1/02/2014 11:10:00 pm

VOGH Exclusive: URL Redirection Vulnerability Found In Facebook [The Vulnerability Still Active & Not Been Patched]
Facebook -the world's largest social networking site with registered users of more than one billion, is considered among one of the safest site of the cyber space. To maintain such reputation Facebook Inc has done all the required steps, that one could possibly take. Like other high profile and very popular websites, Facebook also stand as one of the hot target of almost every cyber criminals of the world. To get rid of this and make FB safe and secure, the company have introduced what it called 'Bug Bounty' offer; where you can submit vulnerabilities to FB and get rewarded. We have seen many security researchers and hackers across the globe has done this and get their award. But not every time, and today I will talk about that- few days ago a reader of VOGH, who also goes by the nick name of 'Dr41DeY' has figured out a URL redirection vulnerability in Facebook. One of the link in Facebook App which is apps.facebook.com is posing URL redirection vulnerability. The hacker has demonstrated how any one can use  the vulnerability  in order to manipulate millions of innocent Facebook users. Let see  

Before publishing this, one of our VOGH representative have talked with Facebook Security regarding this security vulnerability, but due to some reason FB might overlooked this issue. Finally after waiting for almost a week, we the Team VOGH decided to bring this in-front of our reader. Let briefly go through with the vulnerable link- 

https://apps.facebook.com/a.php?u=http://www.voiceofgreyhat.com&mac=AQLy7nyXi5NBt31j&__tn__=*B&eid=AQLpbizR7KEf3cyD0VTN7fNtv99fMZABDp2gdWhvL-MQocJIPy3w4hUG7_7hrmSMqDq7QLCI9k_0LbB95NEz_6GUDHGNgTDsGP_rX-VWRHxfg5a--VlnN1K9FdG3NAek8r2JPWENkb2Mu56EckbZCGXcPie27OnHxE-H7MBufQel0Pr-ZjpCWB6QF5xHeWsdKqyHzjK2woBGGrjk9Dlgnzcw3d9ZWPzrwbGpm6MSkpks3mqEphXnTP2Vd9UDQxIs68NnTaO35XIwKq5t3CSdb11iU_34gzjfLgvvDo_BYbgtrGe0Juc5CpRSwd5nImw9oPPvn6Za9rrxO_ivROtOGc2b2S3bYzNLWpbDwt3cFN2rJ3JElyIR0vjB4R859PpE9SrZx6AD3s_liikzPh30YLVb8XvPABk7r9MShk6OrVFPiAWZnEvPx49UzPDSF-nEl188rEPAi0KGJ4u1zb10hhzmHUCjH04SezDByUkyNituMb2lgiQz-Xlpgy_tkVYR-U7plDa38N9VzdAj_Bwefd7B85ykZCAy9ZQOt48Ql8KQeKfivk3sThZIkLwWPiju7R28Sw6bj09vS_Y28kFSqanGe9tYAPfKIe4zOzQt9-Q1CC_EwX3ypOlyQ2yXMiU3lwp7M9EriKHRFDsTgsuzzF-uvlpx3UrWh8M55-NX0ULjr4kxjAR5g_1wU-luUyn_Ot6Ly1_ZbBdahyb5uSmCDNvF5kMuIH8Gxvpql45dNffGzKau9oZGn6r1OmsG47JIGipznCVaZnWjXAakDnEMX6X8ZtI-M-db1olzbBpJdj5sZe-x2VM02S5XsXJWe_QLxFDOupjbz8I82HETHQ9PbzSIMsJboll4E3-f_JQFfdzwEguLa8SC_ImRahWBCwKNJeSlmRv91FqWpQaChe5-UyAoqcblvK4jPuRO3qC7o-qMTQ2jEJqqUW46koulOmgNJpMYXPgRxjNGcwjyTPS59Nr08zq6eCNd1aYLh2E4s5MYXBtVUTF8l0uhQ2wYSoR66xZsI2tK0DD1KiQHyTO1QieBwPtCN3eWgRzUTg3lM3ttkuwYKRPPLDvtUOPWmZhYUzUFcbfPM2kXdpqyGlrGx9-ErKGygYKATx2xzrTzktjgW4q0L5wfO3CSKAOCAoKfi_pfz-zIHSNE8ZAjZDtpbC_chgkvbHWJYYIs7pnE1riWJYORACjkkRr6nZoivC3z_g-8JBahghwy2C34kJYZJ6cBC8LKoB6KCTbj_F1tArQAzcSUij4vrJNUATzsdlO_ol6HwUQb8FjoWa38Bhtx81stxB328sgC9IGu1omPG0QeNJVhcJwh6HyEwtgycBLrlcdedaWbkwvnjv3F3BWuJIi763nBeYuAgNUaEUYHaXu_ZJzXW8fQ72nz_hddGT_GH50&sig=89099

Replace voiceofgreyhat.com with any of your favorite site, and the the said vulnerability will allow you to get redirected to that very website you want to from Facebook. This loophole is still active, and any one can test that with the above url, we thought the impact of this loophole is very serious, as any malicious attacker can misuse the trust-hod of Facebook's url in order to harm regular internet users, while redirecting them to any junk or malfunctional websites.

Disclaimer:- Earlier I told that the issue has already brought into the notice of Facebook Security, but they overlooked the whole issue, so being a responsible cyber media, we VOGH are disclosing this to people. If any one misuse this vulnerability, then Voiceofgreyhat will not at all be responsible for any kind of mishap.

Update:- May be doing more that what we call late repent, but finally the above disclosed vulnerability has been patched by Facebook security team. 


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Anonymous Was Not Behind The Recent Attack on Facebook

Posted by Avik Sarkar On 11/20/2011 05:14:00 pm


Couple of days before the famous and largest social network of the world, facebook was under Porn and Gore Exploit. On that time it was doubted that Hacktivist Anonymous was behind this attack. Later it was found that there was no connection between Anonymous and Facebook. BitDefender security researcher George Petre tweeted that "I don't think that every Facebook scam is related to Fawkes Virus,". Facebook later confirmed that it had been hit with "a coordinated spam attack that exploited a browser vulnerability," but said it had identified those responsible.
In a note posted to Pastebin by "AnonymousWiki," the writer denied the hack, or the "Fawkes Virus" effort, was behind the Facebook outbreak.

Anon Said:-
"As we all know Operation Facebook was fake from the beginning. However some are experiencing an outbreak of pornography on Facebook. This is leading some to speculate that Anonymous is responsible for this, calling this outbreak the "Fawkes Virus". I assure you that Anonymous involvement with this is highly untrue. The fake operation (Operation Facebook) had a goal to "completely destroy Facebook" or take the site down off the web using forms of DDoS. As of now this is not occurring. Facebook is not experiencing any type of downtime nor is it completely destroyed. It is also past the due date of Operation Facebook (November 5th). So unless Operation Facebook changed its date of executing its purpose & changed its purpose entirely, this issue with Facebook does not involve Anonymous."

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

FTC Warns Facebook -Users Personal Information Should Be Kept Private

Posted by Avik Sarkar On 8/14/2012 02:44:00 am

FTC Warns Facebook -Users Personal Information Should Be Kept Private

From the very beginning the social network giant Facebook have gone through with several privacy issues, where FB has been blamed several times. There is a conspiracy that Facebook send their user's personal information to the US Govt and Federal Authorities. So finally Facebook fights back and skips the fine but faces 20 years of monitoring by the FTC for deceiving users about the privacy of their information. 

Facebook and the Federal Trade Commission have reached a resolution following charges that the company deceived its consumers by telling them they could keep their information on Facebook private, while repeatedly allowing it to be publicly shared. The agreement requires Facebook to give its users “clear and prominent notice” and obtain their express consent before sharing personal information beyond the user’s agreed-to privacy settings.
Based on the terms of the settlement, Facebook must also conduct privacy audits from an independent third party every two years and maintain a comprehensive privacy program to protect user information. The commission noted Facebook will be subject to civil penalties of up to $16,000 for each violation of the order and that the company is subject to monitoring to ensure compliance with the order. “We are pleased that the settlement, which was announced last November, has received final approval," a spokesman for Facebook said. 
“The Order broadly prohibits Facebook from misrepresenting in any manner, expressly or by implication, the extent to which it maintains the privacy or security of any information it collects from or about consumers,” according to the FTC’s statement. “For a company whose entire business model rests on collecting, maintaining and sharing people’s information, this prohibition touches on virtually every aspect of Facebook’s operations.”
The Facebook agreement follows a highly publicized settlement between Google and the FTC, which saw the search engine giant slapped with a $22.5 million fine—the largest FTC fine ever—over charges that it bypassed Safari browser privacy settings that blocked cookies. The FTC said it took action after Google violated a previous settlement with the agency over the same issue. While consumer privacy groups lauded the FTC’s decision, the Competitive Enterprise Institute warned the decision sets “a dangerously overbroad precedent” and could adversely affect online startup and Web-based innovation.




-Source (eWeek)




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Related Posts Plugin for WordPress, Blogger...

Site search