VOGH Exclusive: URL Redirection Vulnerability Found In Facebook

VOGH Exclusive: URL Redirection Vulnerability Found In Facebook [The Vulnerability Still Active & Not Been Patched]

Facebook -the world's largest social networking site with registered users of more than one billion, is considered among one of the safest site of the cyber space. To maintain such reputation Facebook Inc has done all the required steps, that one could possibly take. Like other high profile and very popular websites, Facebook also stand as one of the hot target of almost every cyber criminals of the world. To get rid of this and make FB safe and secure, the company have introduced what it called 'Bug Bounty' offer; where you can submit vulnerabilities to FB and get rewarded. We have seen many security researchers and hackers across the globe has done this and get their award. But not every time, and today I will talk about that- few days ago a reader of VOGH, who also goes by the nick name of 'Dr41DeY' has figured out a URL redirection vulnerability in Facebook. One of the link in Facebook App which is apps.facebook.com is posing URL redirection vulnerability. The hacker has demonstrated how any one can use  the vulnerability  in order to manipulate millions of innocent Facebook users. Let see  

Before publishing this, one of our VOGH representative have talked with Facebook Security regarding this security vulnerability, but due to some reason FB might overlooked this issue. Finally after waiting for almost a week, we the Team VOGH decided to bring this in-front of our reader. Let briefly go through with the vulnerable link- 

https://apps.facebook.com/a.php?u=http://www.voiceofgreyhat.com&mac=AQLy7nyXi5NBt31j&__tn__=*B&eid=AQLpbizR7KEf3cyD0VTN7fNtv99fMZABDp2gdWhvL-MQocJIPy3w4hUG7_7hrmSMqDq7QLCI9k_0LbB95NEz_6GUDHGNgTDsGP_rX-VWRHxfg5a--VlnN1K9FdG3NAek8r2JPWENkb2Mu56EckbZCGXcPie27OnHxE-H7MBufQel0Pr-ZjpCWB6QF5xHeWsdKqyHzjK2woBGGrjk9Dlgnzcw3d9ZWPzrwbGpm6MSkpks3mqEphXnTP2Vd9UDQxIs68NnTaO35XIwKq5t3CSdb11iU_34gzjfLgvvDo_BYbgtrGe0Juc5CpRSwd5nImw9oPPvn6Za9rrxO_ivROtOGc2b2S3bYzNLWpbDwt3cFN2rJ3JElyIR0vjB4R859PpE9SrZx6AD3s_liikzPh30YLVb8XvPABk7r9MShk6OrVFPiAWZnEvPx49UzPDSF-nEl188rEPAi0KGJ4u1zb10hhzmHUCjH04SezDByUkyNituMb2lgiQz-Xlpgy_tkVYR-U7plDa38N9VzdAj_Bwefd7B85ykZCAy9ZQOt48Ql8KQeKfivk3sThZIkLwWPiju7R28Sw6bj09vS_Y28kFSqanGe9tYAPfKIe4zOzQt9-Q1CC_EwX3ypOlyQ2yXMiU3lwp7M9EriKHRFDsTgsuzzF-uvlpx3UrWh8M55-NX0ULjr4kxjAR5g_1wU-luUyn_Ot6Ly1_ZbBdahyb5uSmCDNvF5kMuIH8Gxvpql45dNffGzKau9oZGn6r1OmsG47JIGipznCVaZnWjXAakDnEMX6X8ZtI-M-db1olzbBpJdj5sZe-x2VM02S5XsXJWe_QLxFDOupjbz8I82HETHQ9PbzSIMsJboll4E3-f_JQFfdzwEguLa8SC_ImRahWBCwKNJeSlmRv91FqWpQaChe5-UyAoqcblvK4jPuRO3qC7o-qMTQ2jEJqqUW46koulOmgNJpMYXPgRxjNGcwjyTPS59Nr08zq6eCNd1aYLh2E4s5MYXBtVUTF8l0uhQ2wYSoR66xZsI2tK0DD1KiQHyTO1QieBwPtCN3eWgRzUTg3lM3ttkuwYKRPPLDvtUOPWmZhYUzUFcbfPM2kXdpqyGlrGx9-ErKGygYKATx2xzrTzktjgW4q0L5wfO3CSKAOCAoKfi_pfz-zIHSNE8ZAjZDtpbC_chgkvbHWJYYIs7pnE1riWJYORACjkkRr6nZoivC3z_g-8JBahghwy2C34kJYZJ6cBC8LKoB6KCTbj_F1tArQAzcSUij4vrJNUATzsdlO_ol6HwUQb8FjoWa38Bhtx81stxB328sgC9IGu1omPG0QeNJVhcJwh6HyEwtgycBLrlcdedaWbkwvnjv3F3BWuJIi763nBeYuAgNUaEUYHaXu_ZJzXW8fQ72nz_hddGT_GH50&sig=89099

Replace voiceofgreyhat.com with any of your favorite site, and the the said vulnerability will allow you to get redirected to that very website you want to from Facebook. This loophole is still active, and any one can test that with the above url, we thought the impact of this loophole is very serious, as any malicious attacker can misuse the trust-hod of Facebook's url in order to harm regular internet users, while redirecting them to any junk or malfunctional websites.

Disclaimer:- Earlier I told that the issue has already brought into the notice of Facebook Security, but they overlooked the whole issue, so being a responsible cyber media, we VOGH are disclosing this to people. If any one misuse this vulnerability, then Voiceofgreyhat will not at all be responsible for any kind of mishap.

Update:- May be doing more that what we call late repent, but finally the above disclosed vulnerability has been patched by Facebook security team. 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">VOGH Exclusive: URL Redirection Vulnerability Found In Facebook "https://www.voiceofgreyhat.com/2014/01/url-redirection-vulnerability-in-facebook.html?m=0</a>

Facebook Hacker Cup 2013: Petr Mitrichev Won The Competition Followed By Jakub Pachocki & Marcin Smulewicz

Facebook Hacker Cup 2013: Petr Mitrichev Won The Competition Followed By Jakub Pachocki & Marcin Smulewicz

Now a days leading organizations offers bug bounty and other competitions by which hackers from different part of the world will participate and find out security holes, in order to make more secure product and enhance cyber security. While talking about hackers competition then the name of "Hacker Cup" organized by the social networking giant Facebook will surely be an important one. Like last last two years, this year also Facebook called Hacker Cup 2013 in February and after completing several exciting  rounds finally we have the winners of this year's championship. Last year it was Roman Andreev of Russia who won the Hacker Cup with a heavy and prestigious trophy and a check for $5,000. Just like last year, this time also thousand of hackers across the globe participated in the competition and after completing the breathtaking championship three lucky winners been rewarded by Facebook for the outstanding performance. And the winners of Hacker Cup 2013 are Petr Mitrichev,  in second place we have Jakub Pachocki and third place it was Marcin Smulewicz. The social networking giant congratulated all the competitors who taken part in Hacker Cup for a great showing and performance. This year winner Petr Mitrichev solved all the four problems (Archiver, Colored Trees, Minesweeping, Teleports) in a due time and honored with the highly coveted Hacker Cup Trophy and an amount of $10,000. Here are some key moments of this year Hacker Cup:- 

 (Hacker Cup 2103 Finalist)

 (Competition is on)

 (The Prestigious Trophy) 

(Electric Moment)

(Hacker Cup 2103 Award)

(Petr Mitrichev Hacker Cup Winner)

Brief About Facebook Hacker Cup:-

Hacking is core to how we build at Facebook. Whether we’re building a prototype for a major product like Timeline at a Hackathon, creating a smarter search algorithm, or tearing down walls at our new headquarters, we’re always hacking to find better ways to solve problems. Programmers from around the world will be judged on accuracy and speed as they race to solve algorithmic problems to advance through up to five rounds of programming challenges. This is the chance to compete against the world’s best programmers for awesome prizes and the title of World Champion. 

As expected Facebook promises to continue this event every year so keep your eye out for signups to open to be the Hacker Cup 2014. So stay tuned with VOGH, for all the upcoming updates on cyber security. 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Facebook Hacker Cup 2013: Petr Mitrichev Won The Competition Followed By Jakub Pachocki & Marcin Smulewicz"https://www.voiceofgreyhat.com/2013/03/Facebook-Hacker-Cup-2103.html?m=0</a>

A Man From India Jailed For Posting "Communal & Inflammatory" Post on Facebook (#Censorship)

A Man From India Jailed For Posting "Communal & Inflammatory" Post on Facebook (#Censorship) 

Freedom of social media in India has been revoked, as the Indian govt has implemented several policy by which they made the social network completely censored. Though this step has been criticized randomly but the decisions has remain unchanged. And the result is in front of us; when a man from Agra get busted. The incident occurs immediately after he made a posts on social networking site Facebook targeting Prime Minister Manmohan Singh, union Communications Minister Kapil Sibal and Uttar Pradesh's ruling Samajwadi Party (SP) chief Mulayam Singh Yadav. According to police the post which the man from Agra made violated the policy of Indian govt and that's why it is taken as "communal and inflammatory." the man named Sanjay Chowdhary, a resident of the Dayalbagh suburb of Agra, was arrested late Monday and his laptop, sim card and data card impounded.

Police in Agra, about 360 km from here, said the arrest, which some see as an attempt to muzzle freedom of speech and expression on social networking sites, that the arrest was made on "specific information" about certain "communal and inflammatory" posts by Chowdhary. However, officials here admitted that the "case became hypersensitive after some remarks were made on the SP chief".

Senior Superintendent of Police (SSP) Agra, Subhash Chandra Dubey said police had acted "purely on law and order basis" in the matter.

"We are not involved in the political angle of the whole issue, our concern were the inflammatory comments and posts on the Facebook wall of this man and we acted to prevent any communal flare up," Dubey told the media. Some officials, however, said the case was "fast tracked" once cartoons lampooning the three leaders were posted on his Facebook wall.

Soon after his arrest, the inflammatory posts were deleted from his Facebook profile and later his account was deactivated. Chowdhury, a civil engineer and chairman of a public school, was booked under sections 153 A of the Indian Penal Code (IPC) and 66 A of the Information Technology (IT) Act.

"We have arrested him and he is being sent to jail under the due process of law," a police official said.

-Source (Yahoo News)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">A Man From India Jailed For Posting "Communal & Inflammatory" Post on Facebook (#Censorship)"https://www.voiceofgreyhat.com/2013/02/Jailed-For-Posting-Inflammatory-Post-on-Facebook.html?m=0</a>

Facebook Launched 'Photo Sync' Automatic Photo Uploading Feature for Android & iOS

Facebook Launched 'Photo Sync' Automatic Photo Uploading Feature for Android & iOS

The social networking giant Facebook announced that it started rolling out Photo Synchronization, in order to add more mobility and ease of use. According to Facebook Newsroom -the new Photo Sync will make photo sharing easier. With this feature, photos from your phone sync automatically to a private album on the web. When you want to share these photos, just pick and post your favorites. If you turn this feature on, up to 2GB of photos from your phone can be synced automatically to a private album on Facebook, from which you can then pick your favorites to share with your friends. It’s important to note that Facebook isn’t launching new Android and iOS apps today. The feature is already included, but the company is turning it on for more and more users, starting with a big push today. To turn the feature on in the Facebook app (if you have an iPhone, iOS 6 is required), tap Photos and then tap Sync at the bottom of your photos section. Once the uploads start coming in, you can check them out and share them via the app, on the mobile Web, or on your computer (go to your Timeline, click Photos, and click “Synced From Phone” at the top of your photos section). To save on the limited amount of space, you can stop photos from being synced by deleting them. In the app, that’s the “Remove synced photo” option once you pick a photo in the Synced section, and on your computer that’s the Delete option when you’re in the “Synced From Phone” folder. The good news is that deleting a photo from your synced photos won’t delete it from your phone’s gallery.

That’s right, you can turn photo syncing on or off, but you can also choose to sync over Wi-Fi only. Normally, when you’re on a cellular network like 3G or 4G, Facebook will sync photos at a smaller size (around 100K each), so they’re unlikely to use much of your data plan. Over a Wi-Fi connection, Facebook will sync larger versions of your photos. The best part: photos will not sync when your battery is low.

Get the latest Facebook app for Android or iPhone to try it out. Learn more at Facebook.com/mobile or visit the Help Center.

-Source (TNW & FB)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Facebook Launched 'Photo Sync' Automatic Photo Uploading Feature for Android & iOS"https://www.voiceofgreyhat.com/2012/12/Facebook-Launched-Photo-Sync.html?m=0</a>

Facebook Started Enabling HTTPS by Default for North American Users

Facebook Started Enabling HTTPS by Default for North American Users

The social networking giant Facebook has started securing all data traffic to the social networking site using HTTPS by default. The change started rolling out to all North American users last week, while users in the rest of the world should see HTTPS enabled by default soon. This change will make HTTPS the default connection option for all Facebook sessions for those users, a shift that gives them a good baseline level of security and will help prevent some common attacks. Switching to HTTPS by default will mean that all connections and data, including cookies, will be transmitted over SSL in encrypted form and should no longer be able to be easily read and used for fraudulent purposes by attackers. While Facebook has used HTTPS connections to protect users' login credentials for some time, it only started offering an HTTPS option for the entire site in January 2011. The feature was not turned on by default and instead required users to manually enable the HTTPS option in their Facebook account settings.

Facebook users have had the option of turning on HTTPS since early 2011 when the company reacted to attention surrounding the Firesheep attacks. However, the technology was not enabled by default and users have had to in and manually make the change in order to get the better protection of HTTPS. 

Now, users will have to manually turn HTTPS off if they don't want it, a distinction that is a major change, especially for Facebook's massive user base, which has become a major target for attackers

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Facebook Started Enabling HTTPS by Default for North American Users"https://www.voiceofgreyhat.com/2012/11/Facebook-Started-Enabling-HTTPS-by-Default.html?m=0</a>

#OP maZYNGA: Anonymous Targeted Zynga, Leaked Confidential Documents & Games

#OP maZYNGA: Anonymous Targeted Zynga, Leaked Confidential Documents & Games

Infamous hacker collective Anonymous again vows to destroy the most popular social network Facebook and one of its associate along with one of the best place to play online games Zynga. The offensive has been  named Operation MaZynga or dubbed #OP MaZynga. According to a post on AnonNews forum, the hacker group threatened to to take Facebook down on November 5 and release Zynga games to the public on that day for free if Zynga doesn't stop its alleged plans for massive layoffs and offshoring of jobs. Anonymous says that it has obtained secret documents about Zynga's strategy which includes a "massive layoff of a thousand people." The hacker group is ticked off about the jobs. "With a billion dollars cash sitting in a bank we do believe that such actions are an insult to the population and the behaviour of corporations like Zynga must change," it said. Last week, Zynga reported that it has $1.6 billion in cash, equivalents and marketable securities and confirmed that it laid off 150 people. As for rumors of bigger layoffs, these have been circulating for a while.

#OP MaZynga. Press Release From Anonymous:- 

Transcript:-

"Zynga customers and Facebook users , We are anonymous . During the last few days anonymous has been targeting Zynga for the outrageous treatment of their employees and their actions against many developers. 

We have come to believe that this actions of Zynga will result in massive layoff of a thousand people and legal actions against everyone that speaks to the public about this plan.

It will also come to end of the US game market as we know it as all this jobs will be replaced in other more convenient financial countries.

With a billion dollars cash sitting in a bank we do believe that such actions are an insult to the population and the behaviour of corporations like Zynga must change.

Anonymous could not allow this to happen so it's starting to release confidential documents we have leaked on this plan

As we speak we are planning to release also all the games we've taken from their servers for free.

That being said we will stop the idea of the distribution of such games if Zynga will cease immediately the plan.

The leaked strategy of Zynga , transcript:

Following the preliminary announced of this week the final strategy for the next two quarters has been successfully set to delivery by november 23 an additional but of 800 jobs with further raising of new capital from the market to support businesses.

We've identified our global gambling strategy with bwin.party and as we speak discussions are progressing with a partner to cover the US market.

Work is focused and on-going to completely outsource our development teams in our offices in Bangalore , India to hedge our position in the long term.

We've identified key new products from third parties such as Lovers in a Dangerous Spacetime , Shove Prod and Music Invaders in which we are starting business contacts to buy these IP for transaction value of approximately 20 million.

We strongly believe we will conclude these deals this month and compete with this titles against mobile competitors with ease.

Our business continues to evolve and we must evolve with it. We operate in a exciting and challenging industry and I am very pleased that our senior leadership team continue to strengthen and develop with us." 

 ******

Here are the documents it mentions:-

http://www.multiupload.nl/DELBKM7I2I mazyngaop_docs.zip (36.41 MB)

http://www.multiupload.nl/WV48I345JM ANON_MA_ZYNGA.7z (412.59 MB)

Not that above files have already been removed for “copyright infringement”. Here we want yo give you reminder that in 2011 Anonymous openly declared to take down Facebook. The operation was dubbed #Op-Facebook and Anonymous told that they will hit FB on the 5th of November last year. But in reality it was just a threat and as expected Anonymous failed to execute Operation Facebook. This year also members of Anonymous vows to re-engage the same operation on the same day (November 5th) also known as Guy Fawkes Day, named for the English historical figure from which Anonymous derives inspiration. So far neither Facebook, nor Zynga responded this message of the hacker group, so lets wait till November 5th, and stay tuned with VOGH for all the latest update on this & also other stories on cyber security, hacking & infosec industry. 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">#OP maZYNGA: Anonymous Targeted Zynga, Leaked Confidential Documents & Games"https://www.voiceofgreyhat.com/2012/10/OPMaZynga-Anonymous-Targeted-Zynga.html?m=0</a>

Facebook Donates $250,000 to University of Alabama at CIA|JFR to Fight Against Cybercrime

Facebook Donates $250,000 to University of Alabama at CIA|JFR to Fight Against Cybercrime 

All of us, who are associated or directly involved in this cyber domain know very well that its almost impossible to stand against the rising cyber crime & cyber criminals. Then the very first question will arise and that is, what is the solution? The answer will be tie-up collaboration, unity in diversity. That means if we stand together and help each other, then definitely we can control cyber crime, not only that but also we can have a safe and secure cyber space. While talking about co-operation and collaboration then a live instance is here for you. It is your favorite social network, Facebook who stand against cyber criminals and donate $250,000 to help fight cyber crime. According to UAB News - The Center for Information Assurance and Joint Forensics Research at the University of Alabama at Birmingham has received a $250,000 donation from Facebook in recognition of the center’s role in tracking international criminals behind social-media botnet Koobface as well as other spammers. The donation, which comes from money Facebook has recovered from spammers located around the world, will be used to expand the new CIA|JFR headquarters. 

“As a result of numerous collaborations over the years, Facebook recognizes the center as both a partner in fighting Internet abuse, and as a critical player in developing future experts who will become dedicated cybersecurity professionals,” says Joe Sullivan, chief security officer at Facebook. “The center has earned this gift for their successes in fighting cybercrime and because of the need for formal cybersecurity education to better secure everyone’s data across the world.”  

Here we want to remind our readers that 'Koobface' was the most dangerous malware ever made to infiltrate Facebook made by few Russian hacker. The hackers, known as the Koobface gang, sent Facebook users attractive invitations to watch a funny or sexy video. When the unsuspecting users clicked the link, the message appeared saying that their computer’s Flash software needed updating. The “update” was in fact malware that hijacked the user’s clicks and delivered them to advertisers, making the hackers money -to the tune of over $2 million annually. According to Kaspersky Labs the network of infected computers included between 400,000 and 800,000 PC. Earlier in this year the entire Koobface gang was exposed and the C&C server of Koobface has been stopped prenatally by few German Researchers. 

With this story here we, the entire VOGH Team would like to congratulate the team at the University of Alabama at Birmingham on the donation from Facebook. More power to them and similar experts around the world, helping investigate cybercrime and making the online world a safer place! 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Facebook Donates $250,000 to University of Alabama at CIA|JFR to Fight Against Cybercrime"https://www.voiceofgreyhat.com/2012/10/Facebook-awarded-University-of-Alabama-to-Fight-Against-Cybercrime.html?m=0</a>

Facebook Outage in Many European Countries Not Caused By Anonymous But DNS Problem

Facebook Outage in Many European Countries Not Caused By Anonymous But DNS Problem 

World's most popular and largest social network Facebook faced another downtime. This time the outage effected millions of users in European countries including Denmark, France, Norway, Germany and Italy. After June this is the second outage which effected large number of Facebook users. Last time Facebook users faced disturbance while using their favorite social network. Facebook users across the globe experienced log-in difficulties for several hour. But this time, the social networking giant remain down for a decent time. The outage may have caused Facebook’s share price to go down. For a site with 900 million users worldwide, even a minor outage has a huge effect. Like the June issue, here also hacker collective came first and took credit of the outage. According to a twitter account of the hacktivist group named  Anonymous Own3r, took responsibility of the outage, In his tweet he claimed to figure out several vulnerabilities in Facebook, which causes the outage. In a pastebin note, the hacker publishes those so called vulnerabilities. Also in his tweet the hacker claimed to have control in many servers owned by Facebook. 

But Facebook completely denies the hacker attack & said the cause of the outage was nothing but DNS issue, neither hacker attack nor DDoS.  Here we want yo give you reminder that in 2011 Anonymous openly declared to take down Facebook. The operation was dubbed #Op-Facebook and Anonymous told that they will hit FB on the 5th of November last year. But in reality it was just a threat and as expected Anonymous failed to execute Operation Facebook. Later in June this year, Anonymous took credit for a couple of hours outage of Facebook, and here again Anonymous affiliated member repeated the same story, which again proves completely baseless, and in short it was nothing but a publicity stunt. 

In case of large social network like Facebook, such kind of DNS issues can be happened. Whatever immediately after this outage Facebook released a statement saying -

"There has not been a hack of Facebook. We have investigated these claims, and they are not valid. The evidence cited was produced by an automated vulnerability scanner that alerts developers of potential vulnerability, and we have found these all to be false alerts.

We expect Anonymous just like we expect any other attack on any other day. Due to our size, we face the same threats as seen everywhere else on the Web, but we have developed partnerships, back-end systems, and protocols to confront the full range of security challenges we face. Facebook has always been committed to protecting our users’ information, and we will continue to innovate and work tirelessly to defend this data.

Earlier (Thursday), we made a change to DNS as part of a traffic-optimization test, and that change resulted in some users being temporarily misrouted. We detected and resolved the issue immediately, but a small number of users located primarily in Western Europe experienced issues accessing the site while the DNS addresses repopulated. We are now back to 100 percent, and we apologize for any inconvenience..."

-Source (All Facebook)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Facebook Outage in Many European Countries Not Caused By Anonymous But DNS Problem"https://www.voiceofgreyhat.com/2012/10/Facebook-Outage-European-Countries-Not-Caused-By-Anonymous.html?m=0</a>

Fbpwn Version 2.0 Released (Java Based Facebook Social Engineering Framework) Twitter pwn added

Fbpwn Version 2.0 Released (A cross-platform Java based Facebook social engineering framework) Twitter pwn added

Earlier we have discussed about Fbpwn. Now the time has come to update the version as the author - Hussein El Motayam has going to release version 2.0 of Fbpwn -A cross-platform Java based Facebook social engineering framework developed by Team Motayam. The most notable thing of this version is that the author has added 'Twitter pwn' that means you can now also extract Twitter information using Fbpwn Version 2.0. 

Bug Fix in Beta - 2.0

• Fixed all Login issues
• Added a new module: Dictionary builder
• Added a new module: Close friends finder
• Added an option to group dumped information by victim's ID
• Use FBPwn through proxy

Fbpwn 2.0 is Capable of:

• Dump friend list
• Add all victim friends
• Dump all users album pictures
• Dump profile information
• Dump photos
• Check friends request
• Dump victim wall
• Clone the profiles

FBPwn modules are:

AddVictimFriends: Request to add some or all friends of bob to increase the chance of bob accepting any future requests, after he finds that you have common friends.

ProfileCloner: A list of all bob's friends is displayed, you choose one of them (we'll call him andy). FBPwn will change mallory's display picture, and basic info to match andy's. This will generate more chance that bob accepts requests from mallory as he thinks he is accepting from andy. Eventually bob will realize this is not andy's account, but probably it would be too late as all his info are already saved for offline checking by mallory.

CheckFriendRequest: Check if mallory is already friend of bob, then just end execution. If not, the module tries to add bob as as a friend and poll waiting for him to accept. The module will not stop executing until the friend request is accepted.

DumpFriends: Accessable friends of bob is saved for offline viewing. The output of the module depends on other modues, if mallory is not a friend of bob yet, the data might not be accessable and nothing will be dumped.

DumpImages: Accessable images (tagged and albums) are saved for offline viewing including comments under each image and album names. Same limitations of dump friends applies.

DumpInfo: Accessable basic info are saved for offline viewing. Same limitations of dump friends applies.

DumpWall: Dumps wall posts for offline viewing. Same limitations of dump friends applies.

DictionaryBuilder: Builds a dictionary using words from comments under photos and wall posts.

CloseFriendsFinder: Finds the victim's close circle of friends by counting number of comments,likes and tags under photos and wall posts with the ability to change the weights of the ranking criteria.

To Download Fbpwn Version 2.0 Click Here (Disclaimer- Use this tool at your own risk)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Fbpwn Version 2.0 Released (Java Based Facebook Social Engineering Framework) Twitter pwn added"https://www.voiceofgreyhat.com/2012/09/Fbpwn-Version-2.0-Released-Twitter-pwn-added.html?m=0</a>

FTC Warns Facebook -Users Personal Information Should Be Kept Private

FTC Warns Facebook -Users Personal Information Should Be Kept Private

From the very beginning the social network giant Facebook have gone through with several privacy issues, where FB has been blamed several times. There is a conspiracy that Facebook send their user's personal information to the US Govt and Federal Authorities. So finally Facebook fights back and skips the fine but faces 20 years of monitoring by the FTC for deceiving users about the privacy of their information. 

Facebook and the Federal Trade Commission have reached a resolution following charges that the company deceived its consumers by telling them they could keep their information on Facebook private, while repeatedly allowing it to be publicly shared. The agreement requires Facebook to give its users “clear and prominent notice” and obtain their express consent before sharing personal information beyond the user’s agreed-to privacy settings.

Based on the terms of the settlement, Facebook must also conduct privacy audits from an independent third party every two years and maintain a comprehensive privacy program to protect user information. The commission noted Facebook will be subject to civil penalties of up to $16,000 for each violation of the order and that the company is subject to monitoring to ensure compliance with the order. “We are pleased that the settlement, which was announced last November, has received final approval," a spokesman for Facebook said. 

“The Order broadly prohibits Facebook from misrepresenting in any manner, expressly or by implication, the extent to which it maintains the privacy or security of any information it collects from or about consumers,” according to the FTC’s statement. “For a company whose entire business model rests on collecting, maintaining and sharing people’s information, this prohibition touches on virtually every aspect of Facebook’s operations.”

The Facebook agreement follows a highly publicized settlement between Google and the FTC, which saw the search engine giant slapped with a $22.5 million fine—the largest FTC fine ever—over charges that it bypassed Safari browser privacy settings that blocked cookies. The FTC said it took action after Google violated a previous settlement with the agency over the same issue. While consumer privacy groups lauded the FTC’s decision, the Competitive Enterprise Institute warned the decision sets “a dangerously overbroad precedent” and could adversely affect online startup and Web-based innovation.

-Source (eWeek)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">FTC Warns Facebook -Users Personal Information Should Be Kept Private"https://www.voiceofgreyhat.com/2012/08/FTC-Warns-Facebook-Regarding-Privacy-Issue.html?m=0</a>

Hacker Are Invited To Attack Facebook's Corporate Network

Hackers Are Invited To Attack Facebook's Corporate Network

Last year the social networking giant, Facebook introduced its bug bounty program, inviting security researchers to poke around the site, discover vulnerabilities that could compromise the integrity or privacy of Facebook user data, and then responsibly disclose them to the company. The minimal reward amount was of $500. White hats were urged to search for Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF/XSRF) and Remote Code Injection bugs. In Facebook's White Hat program the company strictly announced that they should not be bothered with spam or social engineering techniques, DoS vulnerabilities, bugs in Facebook's corporate infrastructure and vulnerabilities in third-party websites or apps. Now they changed their mind. When the social network's security team randomly receiving tips from a researcher about a vulnerability in the company's own network which would allow attackers to eavesdrop on internal communications, they made an unprecedented choice by broadened the scope of the bug bounty program and inviting researchers to search for other holes in the Corporate Network. There are quite a few bug bounty programs instituted by tech companies such as Google, Paypal but Facebook has become the first firm that gave formal permission to white hats to target its networks. Ryan McGeehan, the manager of Facebook's security-incident response unit, stated that if there’s a million-dollar bug, they will pay it out.

Given that Facebook has a strong incentive to protect the data belonging to its 900 million users, and the fact that data breaches have become a disturbingly common occurrence in the last two years or so, the step seems like a logical one. 

-Source (Net-Security)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Hacker Are Invited To Attack Facebook's Corporate Network"https://www.voiceofgreyhat.com/2012/07/HackersareInvitedToAttackFacebookCorporateNetwork.html?m=0</a>