Showing posts with label Social Network. Show all posts
Showing posts with label Social Network. Show all posts

VOGH Exclusive: URL Redirection Vulnerability Found In Facebook

Posted by Avik Sarkar On 1/02/2014 11:10:00 pm

VOGH Exclusive: URL Redirection Vulnerability Found In Facebook [The Vulnerability Still Active & Not Been Patched]
Facebook -the world's largest social networking site with registered users of more than one billion, is considered among one of the safest site of the cyber space. To maintain such reputation Facebook Inc has done all the required steps, that one could possibly take. Like other high profile and very popular websites, Facebook also stand as one of the hot target of almost every cyber criminals of the world. To get rid of this and make FB safe and secure, the company have introduced what it called 'Bug Bounty' offer; where you can submit vulnerabilities to FB and get rewarded. We have seen many security researchers and hackers across the globe has done this and get their award. But not every time, and today I will talk about that- few days ago a reader of VOGH, who also goes by the nick name of 'Dr41DeY' has figured out a URL redirection vulnerability in Facebook. One of the link in Facebook App which is apps.facebook.com is posing URL redirection vulnerability. The hacker has demonstrated how any one can use  the vulnerability  in order to manipulate millions of innocent Facebook users. Let see  

Before publishing this, one of our VOGH representative have talked with Facebook Security regarding this security vulnerability, but due to some reason FB might overlooked this issue. Finally after waiting for almost a week, we the Team VOGH decided to bring this in-front of our reader. Let briefly go through with the vulnerable link- 

https://apps.facebook.com/a.php?u=http://www.voiceofgreyhat.com&mac=AQLy7nyXi5NBt31j&__tn__=*B&eid=AQLpbizR7KEf3cyD0VTN7fNtv99fMZABDp2gdWhvL-MQocJIPy3w4hUG7_7hrmSMqDq7QLCI9k_0LbB95NEz_6GUDHGNgTDsGP_rX-VWRHxfg5a--VlnN1K9FdG3NAek8r2JPWENkb2Mu56EckbZCGXcPie27OnHxE-H7MBufQel0Pr-ZjpCWB6QF5xHeWsdKqyHzjK2woBGGrjk9Dlgnzcw3d9ZWPzrwbGpm6MSkpks3mqEphXnTP2Vd9UDQxIs68NnTaO35XIwKq5t3CSdb11iU_34gzjfLgvvDo_BYbgtrGe0Juc5CpRSwd5nImw9oPPvn6Za9rrxO_ivROtOGc2b2S3bYzNLWpbDwt3cFN2rJ3JElyIR0vjB4R859PpE9SrZx6AD3s_liikzPh30YLVb8XvPABk7r9MShk6OrVFPiAWZnEvPx49UzPDSF-nEl188rEPAi0KGJ4u1zb10hhzmHUCjH04SezDByUkyNituMb2lgiQz-Xlpgy_tkVYR-U7plDa38N9VzdAj_Bwefd7B85ykZCAy9ZQOt48Ql8KQeKfivk3sThZIkLwWPiju7R28Sw6bj09vS_Y28kFSqanGe9tYAPfKIe4zOzQt9-Q1CC_EwX3ypOlyQ2yXMiU3lwp7M9EriKHRFDsTgsuzzF-uvlpx3UrWh8M55-NX0ULjr4kxjAR5g_1wU-luUyn_Ot6Ly1_ZbBdahyb5uSmCDNvF5kMuIH8Gxvpql45dNffGzKau9oZGn6r1OmsG47JIGipznCVaZnWjXAakDnEMX6X8ZtI-M-db1olzbBpJdj5sZe-x2VM02S5XsXJWe_QLxFDOupjbz8I82HETHQ9PbzSIMsJboll4E3-f_JQFfdzwEguLa8SC_ImRahWBCwKNJeSlmRv91FqWpQaChe5-UyAoqcblvK4jPuRO3qC7o-qMTQ2jEJqqUW46koulOmgNJpMYXPgRxjNGcwjyTPS59Nr08zq6eCNd1aYLh2E4s5MYXBtVUTF8l0uhQ2wYSoR66xZsI2tK0DD1KiQHyTO1QieBwPtCN3eWgRzUTg3lM3ttkuwYKRPPLDvtUOPWmZhYUzUFcbfPM2kXdpqyGlrGx9-ErKGygYKATx2xzrTzktjgW4q0L5wfO3CSKAOCAoKfi_pfz-zIHSNE8ZAjZDtpbC_chgkvbHWJYYIs7pnE1riWJYORACjkkRr6nZoivC3z_g-8JBahghwy2C34kJYZJ6cBC8LKoB6KCTbj_F1tArQAzcSUij4vrJNUATzsdlO_ol6HwUQb8FjoWa38Bhtx81stxB328sgC9IGu1omPG0QeNJVhcJwh6HyEwtgycBLrlcdedaWbkwvnjv3F3BWuJIi763nBeYuAgNUaEUYHaXu_ZJzXW8fQ72nz_hddGT_GH50&sig=89099

Replace voiceofgreyhat.com with any of your favorite site, and the the said vulnerability will allow you to get redirected to that very website you want to from Facebook. This loophole is still active, and any one can test that with the above url, we thought the impact of this loophole is very serious, as any malicious attacker can misuse the trust-hod of Facebook's url in order to harm regular internet users, while redirecting them to any junk or malfunctional websites.

Disclaimer:- Earlier I told that the issue has already brought into the notice of Facebook Security, but they overlooked the whole issue, so being a responsible cyber media, we VOGH are disclosing this to people. If any one misuse this vulnerability, then Voiceofgreyhat will not at all be responsible for any kind of mishap.

Update:- May be doing more that what we call late repent, but finally the above disclosed vulnerability has been patched by Facebook security team. 


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Several Twitter Accounts of CBS News (60Minutes, 48Hours & CBSDenver) Hacked

Posted by Avik Sarkar On 4/23/2013 11:30:00 pm

Several Twitter Accounts of CBS News (60Minutes48Hours & CBSDenver) Hacked By Syrian Electronic Army [#twithackery]

Yet again CBS one of the major commercial broadcasting television network of United States faced cyber attack. First it was hacker collective Anonymous who targeted CBS and managed to hack the TV network of CBS in January last year. The attack was done under the banner of Operation Megaupload. And now CBS have fallen victim of what it called twithackery, where hacker managed to gain temporary access of popular twitter accounts and broadcast fake tweets. This Sunday such twithackery targeted and compromised several twitter account of CBS. Infamous hacker community going by the name of Syrian Electronic Army claimed to have hijacked the twitter accounts of CBS, the list of the hijacked accounts include "60 Minutes" and "48 Hours" which is maintained by CBS news program. Later it has been reported that another twitter account @CBSDenver has also been hacked, during this ongoing cyber attack. CBS acknowledged the whole phenomena and later a CBS spokeswoman confirmed that the accounts had been compromised. "PLEASE NOTE: Our Twitter account was compromised earlier today. We are working with Twitter to resolve." - said the CBS spokesman. Another message from CBS said, "A message that was posted earlier to this account was not written or sent by @60Minutes or its staff."

Here is the list of those fake tweets came from the hijacked accounts of CBS:- 
From @60Minutes account we got the following message -
  • "The US government is hiding the real culprit of the Boston bombing"
  • "The US government is sponsoring a coup in Venezuela and a terrorist war in Syria"
  • "Your duty is to protect your nation from the parasites that have taken your government"
  • "Obama wants to destroy the Syrian and American people. We must stop this beast" 

Other messages claimed: "Syrian Electronic Army Was Here via @SyrianCyberArmy" and suggested the action was in response to the suspension of the @Official_SEA account. Tweets sent out on the @48Hours account reportedly included: "General Dempsey calls for #Obama's arrest under new anti-terror laws #48hours" As soon as the issue get spotted, CBS regain those hijacked accounts and immediately deleted those rouge messages. Later the two accounts @60Minutes and @48Hours has been suspended. 
While talking about twitter hacking, widely known as #twithackery; we would like to remind you the following names, WWE champion John CenaStar Rita OraJustin BieberTeyana Taylor,American pop singer KeshaNBC NewsFox News PoliticsUSAToday, Lady Gaga’s Twitter AccountAnders BreivikMahesh Bhatt, Huffington Postthese are the famous names who have fallen victim to twithackery before CBS. 



-Source (BBC & Reuters)





SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Facebook Hacker Cup 2013: Petr Mitrichev Won The Competition Followed By Jakub Pachocki & Marcin Smulewicz

Posted by Avik Sarkar On 3/31/2013 03:21:00 pm

Facebook Hacker Cup 2013Petr Mitrichev Won The Competition Followed By Jakub Pachocki & Marcin Smulewicz

Now a days leading organizations offers bug bounty and other competitions by which hackers from different part of the world will participate and find out security holes, in order to make more secure product and enhance cyber security. While talking about hackers competition then the name of "Hacker Cup" organized by the social networking giant Facebook will surely be an important one. Like last last two years, this year also Facebook called Hacker Cup 2013 in February and after completing several exciting  rounds finally we have the winners of this year's championship. Last year it was Roman Andreev of Russia who won the Hacker Cup with a heavy and prestigious trophy and a check for $5,000. Just like last year, this time also thousand of hackers across the globe participated in the competition and after completing the breathtaking championship three lucky winners been rewarded by Facebook for the outstanding performance. And the winners of Hacker Cup 2013 are Petr Mitrichev,  in second place we have Jakub Pachocki and third place it was Marcin Smulewicz. The social networking giant congratulated all the competitors who taken part in Hacker Cup for a great showing and performance. This year winner Petr Mitrichev solved all the four problems (Archiver, Colored Trees, Minesweeping, Teleports) in a due time and honored with the highly coveted Hacker Cup Trophy and an amount of $10,000. Here are some key moments of this year Hacker Cup:- 
 (Hacker Cup 2103 Finalist)
 (Competition is on)
 (The Prestigious Trophy) 
(Electric Moment)
(Hacker Cup 2103 Award)

(Petr Mitrichev Hacker Cup Winner)
Brief About Facebook Hacker Cup:-
Hacking is core to how we build at Facebook. Whether we’re building a prototype for a major product like Timeline at a Hackathon, creating a smarter search algorithm, or tearing down walls at our new headquarters, we’re always hacking to find better ways to solve problems. Programmers from around the world will be judged on accuracy and speed as they race to solve algorithmic problems to advance through up to five rounds of programming challenges. This is the chance to compete against the world’s best programmers for awesome prizes and the title of World Champion. 
As expected Facebook promises to continue this event every year so keep your eye out for signups to open to be the Hacker Cup 2014. So stay tuned with VOGH, for all the upcoming updates on cyber security. 







SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

A Man From India Jailed For Posting "Communal & Inflammatory" Post on Facebook (#Censorship)

Posted by Avik Sarkar On 2/06/2013 07:12:00 pm

A Man From India Jailed For Posting "Communal & Inflammatory" Post on Facebook (#Censorship) 
Freedom of social media in India has been revoked, as the Indian govt has implemented several policy by which they made the social network completely censored. Though this step has been criticized randomly but the decisions has remain unchanged. And the result is in front of us; when a man from Agra get busted. The incident occurs immediately after he made a posts on social networking site Facebook targeting Prime Minister Manmohan Singh, union Communications Minister Kapil Sibal and Uttar Pradesh's ruling Samajwadi Party (SP) chief Mulayam Singh Yadav. According to police the post which the man from Agra made violated the policy of Indian govt and that's why it is taken as "communal and inflammatory." the man named Sanjay Chowdhary, a resident of the Dayalbagh suburb of Agra, was arrested late Monday and his laptop, sim card and data card impounded.
Police in Agra, about 360 km from here, said the arrest, which some see as an attempt to muzzle freedom of speech and expression on social networking sites, that the arrest was made on "specific information" about certain "communal and inflammatory" posts by Chowdhary. However, officials here admitted that the "case became hypersensitive after some remarks were made on the SP chief".
Senior Superintendent of Police (SSP) Agra, Subhash Chandra Dubey said police had acted "purely on law and order basis" in the matter.
"We are not involved in the political angle of the whole issue, our concern were the inflammatory comments and posts on the Facebook wall of this man and we acted to prevent any communal flare up," Dubey told the media. Some officials, however, said the case was "fast tracked" once cartoons lampooning the three leaders were posted on his Facebook wall.
Soon after his arrest, the inflammatory posts were deleted from his Facebook profile and later his account was deactivated. Chowdhury, a civil engineer and chairman of a public school, was booked under sections 153 A of the Indian Penal Code (IPC) and 66 A of the Information Technology (IT) Act.
"We have arrested him and he is being sent to jail under the due process of law," a police official said.



-Source (Yahoo News)





SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Twitter Hacked, More Than 250,000 User Data Compromised

Posted by Avik Sarkar On 2/03/2013 01:55:00 am

Twitter Hacked, More Than 250,000 User Data Compromised

The social networking giant and the world famous micro blogging site Twitter again fallen victim of cyber attack. Last year we have seen that the tight security system if twitter have been compromised many times. Yet again in this year the San Francisco based social media giant who have more than 500 million registered users failed to protect them selves from hackers. On last Friday Twitter acknowledged that it had become the latest victim in a number of cyber-attacks against media companies, saying hackers may have gained access to information on 250,000 of its more than 200 million active users. The micro blogging giant said in a blog posting that earlier this week it detected attempts to gain access to its user data. It shut down one attack moments after it was detected. According to reports usernames, email addresses, session tokens and encrypted/salted passwords for 250,000 users might have been accessed in what it described as a “sophisticated attack” 

"This attack was not the work of amateurs, and we do not believe it was an isolated incident,” said Bob Lord, Twitter’s director of information security. “The attackers were extremely sophisticated, and we believe other companies and organisations have also been recently similarly attacked” Bob added. 

Jim Prosser, a Twitter spokesman, would not say how hackers infiltrated Twitter’s systems, but Twitter’s blog post said hackers had broken in through a well-publicized vulnerability in Oracle’s Java software. Last month, after a security researcher exposed a serious vulnerability in the software, though Oracle patched the security hole, but Homeland Security said the fix was not sufficient. The DHS issued a rare alert that warned users to disable Java on their computers. Prosser said Twitter was working with government and federal law enforcement to track down the source of the attacks. For now, he said the company had reset passwords for, and notified, every compromised user. The company encouraged users to practice good password hygiene, which typically means coming up with different passwords for different sites, and using long passwords that cannot be found in the dictionary.
Twitter said it “hashed” passwords — which involves mashing up users’ passwords with a mathematical algorithm — and “salted” those, meaning it appended random digits to the end of each hashed password to make it more difficult, but not impossible, for hackers to crack. Once cracked, passwords can be valuable on auction-like black market sites where a single password can fetch $20.

While talking about Twitter and cyber issues, I would like to remind you that in last year twitter faced several cyber attacks where more than 55,000 twitter account details was leaked, after this issue in the middle of last year the social networking giant faced massive denial of service which interrupted its services. Later a huge number of Twitter users across the globe received  emails warning that their account have been compromised and their passwords had been reset, and it was another security breach which affected twitter. Such big organization are not at all careless about security, so as twitter and it has been proved when they hired renowned white hat hacker Charlie Miller to boost up their security, but after this current massacre, it seems that twitter need to think more and emphasize a lot to make sure that their system is good enough to prevent cyber attacks. For all the hot cyber updates and reviews stay tuned with VOGH.


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Facebook Launched 'Photo Sync' Automatic Photo Uploading Feature for Android & iOS

Posted by Avik Sarkar On 12/02/2012 07:01:00 pm

Facebook Launched 'Photo Sync' Automatic Photo Uploading Feature for Android & iOS

The social networking giant Facebook announced that it started rolling out Photo Synchronization, in order to add more mobility and ease of use. According to Facebook Newsroom -the new Photo Sync will make photo sharing easier. With this feature, photos from your phone sync automatically to a private album on the web. When you want to share these photos, just pick and post your favorites. If you turn this feature on, up to 2GB of photos from your phone can be synced automatically to a private album on Facebook, from which you can then pick your favorites to share with your friends. It’s important to note that Facebook isn’t launching new Android and iOS apps today. The feature is already included, but the company is turning it on for more and more users, starting with a big push today. To turn the feature on in the Facebook app (if you have an iPhone, iOS 6 is required), tap Photos and then tap Sync at the bottom of your photos section. Once the uploads start coming in, you can check them out and share them via the app, on the mobile Web, or on your computer (go to your Timeline, click Photos, and click “Synced From Phone” at the top of your photos section). To save on the limited amount of space, you can stop photos from being synced by deleting them. In the app, that’s the “Remove synced photo” option once you pick a photo in the Synced section, and on your computer that’s the Delete option when you’re in the “Synced From Phone” folder. The good news is that deleting a photo from your synced photos won’t delete it from your phone’s gallery.
That’s right, you can turn photo syncing on or off, but you can also choose to sync over Wi-Fi only. Normally, when you’re on a cellular network like 3G or 4G, Facebook will sync photos at a smaller size (around 100K each), so they’re unlikely to use much of your data plan. Over a Wi-Fi connection, Facebook will sync larger versions of your photos. The best part: photos will not sync when your battery is low.

Get the latest Facebook app for Android or iPhone to try it out. Learn more at Facebook.com/mobile or visit the Help Center.


-Source (TNW & FB)






SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Facebook Started Enabling HTTPS by Default for North American Users

Posted by Avik Sarkar On 11/23/2012 07:08:00 pm

Facebook Started Enabling HTTPS by Default for North American Users

The social networking giant Facebook has started securing all data traffic to the social networking site using HTTPS by default. The change started rolling out to all North American users last week, while users in the rest of the world should see HTTPS enabled by default soon. This change will make HTTPS the default connection option for all Facebook sessions for those users, a shift that gives them a good baseline level of security and will help prevent some common attacks. Switching to HTTPS by default will mean that all connections and data, including cookies, will be transmitted over SSL in encrypted form and should no longer be able to be easily read and used for fraudulent purposes by attackers. While Facebook has used HTTPS connections to protect users' login credentials for some time, it only started offering an HTTPS option for the entire site in January 2011. The feature was not turned on by default and instead required users to manually enable the HTTPS option in their Facebook account settings.
Facebook users have had the option of turning on HTTPS since early 2011 when the company reacted to attention surrounding the Firesheep attacks. However, the technology was not enabled by default and users have had to in and manually make the change in order to get the better protection of HTTPS. 
Now, users will have to manually turn HTTPS off if they don't want it, a distinction that is a major change, especially for Facebook's massive user base, which has become a major target for attackers





SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Security Breach: Twitter Unintentionally Resets More Passwords Than Accounts Hacked

Posted by Avik Sarkar On 11/10/2012 12:57:00 am

Security Breach: Twitter Unintentionally Resets More Passwords Than Accounts Hacked

Yet again the famous micro blogging site Twitter faced security challenge. Tuesday a huge number of Twitter users across the globe received  emails warning that their account may have been compromised and their passwords had been reset as a precautionary measure to prevent unauthorized access. In the e-mail, the microblogging company noted: "Twitter believes that your account may have been compromised by a Web site or service not associated with Twitter. We've reset your password to prevent others from accessing your account."

It remains unclear how many have been affected by the password reset e-mail or what's caused the mass e-mailing of its users. A post by TweetSmarter on Wednesday noted that in some cases when "large numbers of Twitter accounts have been hijacked," the company sends out these e-mails en masse, even sending messages to accounts that may not have been affected by any hack or hijack to err on the side of caution. The emails are apparently legitimate, though they were sent to more than victims of compromised accounts. The mass email coincided with incidents involving several high-profile accounts, including at least one account belonging to the BBC. Other media organisations, such as the TechCrunch blog, reported being warned. 
"We’re committed to keeping Twitter a safe and open community," reads a notice the company issued earlier Thursday. "As part of that commitment, in instances when we believe an account may have been compromised, we reset the password and send an email letting the account owner know this has happened along with information about creating a new password. This is a routine part of our processes to protect our users. "In this case, we unintentionally reset passwords of a larger number of accounts, beyond those that we believed to have been compromised. We apologize for any inconvenience or confusion this may have caused."
Twitter officials have not disclosed how many uncompromised accounts had passwords reset, nor any more on the attack that led to those actions. The social media site currently has 140 million active usersSome victims reported having select tweets deleted, while others started sending out spam.

-Source (CNET)



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

#OP maZYNGA: Anonymous Targeted Zynga, Leaked Confidential Documents & Games

Posted by Avik Sarkar On 10/29/2012 04:36:00 am

#OP maZYNGA: Anonymous Targeted Zynga, Leaked Confidential Documents & Games

Infamous hacker collective Anonymous again vows to destroy the most popular social network Facebook and one of its associate along with one of the best place to play online games Zynga. The offensive has been  named Operation MaZynga or dubbed #OP MaZynga. According to a post on AnonNews forum, the hacker group threatened to to take Facebook down on November 5 and release Zynga games to the public on that day for free if Zynga doesn't stop its alleged plans for massive layoffs and offshoring of jobs. Anonymous says that it has obtained secret documents about Zynga's strategy which includes a "massive layoff of a thousand people." The hacker group is ticked off about the jobs. "With a billion dollars cash sitting in a bank we do believe that such actions are an insult to the population and the behaviour of corporations like Zynga must change," it said. Last week, Zynga reported that it has $1.6 billion in cash, equivalents and marketable securities and confirmed that it laid off 150 people. As for rumors of bigger layoffs, these have been circulating for a while.

#OP MaZynga. Press Release From Anonymous:- 

Transcript:-

"Zynga customers and Facebook users , We are anonymous . During the last few days anonymous has been targeting Zynga for the outrageous treatment of their employees and their actions against many developers. 
We have come to believe that this actions of Zynga will result in massive layoff of a thousand people and legal actions against everyone that speaks to the public about this plan.
It will also come to end of the US game market as we know it as all this jobs will be replaced in other more convenient financial countries.
With a billion dollars cash sitting in a bank we do believe that such actions are an insult to the population and the behaviour of corporations like Zynga must change.
Anonymous could not allow this to happen so it's starting to release confidential documents we have leaked on this plan
As we speak we are planning to release also all the games we've taken from their servers for free.
That being said we will stop the idea of the distribution of such games if Zynga will cease immediately the plan.
The leaked strategy of Zynga , transcript:
Following the preliminary announced of this week the final strategy for the next two quarters has been successfully set to delivery by november 23 an additional but of 800 jobs with further raising of new capital from the market to support businesses.
We've identified our global gambling strategy with bwin.party and as we speak discussions are progressing with a partner to cover the US market.
Work is focused and on-going to completely outsource our development teams in our offices in Bangalore , India to hedge our position in the long term.
We've identified key new products from third parties such as Lovers in a Dangerous Spacetime , Shove Prod and Music Invaders in which we are starting business contacts to buy these IP for transaction value of approximately 20 million.
We strongly believe we will conclude these deals this month and compete with this titles against mobile competitors with ease.
Our business continues to evolve and we must evolve with it. We operate in a exciting and challenging industry and I am very pleased that our senior leadership team continue to strengthen and develop with us." 

 ******

Here are the documents it mentions:-


Not that above files have already been removed for “copyright infringement”. Here we want yo give you reminder that i2011 Anonymous openly declared to take down Facebook. The operation was dubbed #Op-Facebook and Anonymous told that they will hit FB on the 5th of November last year. But in reality it was just a threat and as expected Anonymous failed to execute Operation Facebook. This year also members of Anonymous vows to re-engage the same operation on the same day (November 5th) also known as Guy Fawkes Day, named for the English historical figure from which Anonymous derives inspiration. So far neither Facebook, nor Zynga responded this message of the hacker group, so lets wait till November 5th, and stay tuned with VOGH for all the latest update on this & also other stories on cyber security, hacking & infosec industry. 




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Security Flaws Allowing Hackers to Brute Force Twitter Passwords

Posted by Avik Sarkar On 10/04/2012 01:57:00 am

Security Flaws Allowing Hackers to Brute Force Twitter Passwords 

A security flaw has been discovered in popular micro blogging site 'Twitter' which is allowing an malicious attack to brute force user's passwords.  On Saturday, multimedia producer and Twitter user Daniel Dennis Jones (@blanket) received a notification that his Twitter password had been reset. This alone would have been cause for concern; at the very least, it would mean that someone had tried and failed to access his account. He quickly found out that the problem was much worse than he expected. He was eventually able to log back into the account, but found that his username had been changed to @FuckMyAssHoleLO , and that @blanket was now operated by someone else. His account, in other words, had clearly been hacked. After seeing the above scenario it is very clear that - Twitter's password reset process allows hackers to attempt a more wide-ranging brute force approach to breaking into accounts than other services with more restrictive systems. Both Apple and Amazon quickly closed the loopholes that led to Honan's hack, but Twitter accounts (the ultimate prize Honan's hackers were after) remain surprisingly vulnerable to unsophisticated hacking efforts. That vulnerability was on display this past weekend as a desirable group of "OG" Twitter handles the short, memorable, one-word names that got snapped up when the service launched were brute-force hacked by a group of kids looking to make a little cash and impress their friends.

Daniel Jones is not the only victim of this recently discovered vulnerability, many other people around the globe also fallen victim of this security hole. After a day of research, Jones "got to the bottom of a little ring of kids who crack passwords to gain access to handles" - he found a number of other short, memorable handles like @hah, @captain, and @craves had also been hacked. Judging from the conversations he saw over Twitter, these hackers were not sophisticated social engineers, but just a group of teenagers trying to sell the names they had collected. Eventually, Jones had a long Skype conversation with a 14-year-old hacker who goes by Mason he wasn't the one who stole @blanket from Jones, but he was part of the young crew grabbing and selling these desirable names.
Of course, Twitter's security regimen is probably not all that different from that of many other sites. According to Jeremiah Grossman, CTO and co-founder of Whitehat Security, the attack that victimized Jones was "very, very common....Perhaps Twitter could have a bit stronger and more comprehensive approach to dealing with brute force attacks, but they can really only take it so far before annoying their users." 
We personally think that, after this case twitter should implement two step authentication, like Google to prevent its user getting compromised


-Source (Buzz Feed & CNET)






SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

WWE Champion & Actor John Cena's Twitter Account Hacked

Posted by Avik Sarkar On 9/26/2012 01:35:00 am

WWE Champion & Actor John Cena's Twitter Account Hacked

Now a days hacking of celebrities, singer, Media, high profile personalities' twitter has became a very natural phenomena. Here again another twitter hacking, also known as #twithackery occurs. This time the victim is World Wrestling Entertainment (WWE) champion and renowned actor John Cena. This week more than 2.8 million fans of American professional wrestler John Cena was shocked after seeing irrelevant tweets coming from John Cena's official twitter account. Immediately after it get noticed, the twitter page was restored and those false tweets was deleted. Later a tweet came from John Cena's official twitter page while saying "Sorry guys, guess some attachments got sent out thru my account. Im been a victim of #twithackery" 

Similar things happened earlier when British pop Star Rita Ora, Justin BieberTeyana Taylor,American pop singer KeshaNBC NewsFox News PoliticsUSAToday, Lady Gaga’s Twitter AccountAnders BreivikMahesh Bhatt, Huffington Post Twitter Account became the victim of such twitter hacking. 




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Twitter Hires Renowned Apple Hacker Charlie Miller For Twitter Security Team

Posted by Avik Sarkar On 9/20/2012 03:44:00 pm


Twitter Hires Renowned Apple Hacker Charlie Miller For Twitter Security Team

It is almost impossible task for social networks to keep everything safe against hacks and other vulnerabilities. Hackers will constantly find their way around anything that you put in place. So they often deals with hackers & turn themselves to beef up the security level. Social networking giant Twitter exactly did the same thing. The micro-blogging network has hired the famous/infamous Apple hacker, Charlie Miller, to be a part of its security team. Charlie Miller, a popular figure among hackers, broke the news via his Twitter account, saying, “Monday I start on the security team at Twitter. Looking forward to working with a great team there!” Twitter issued a short statement noting that Miller’s title will be that of Software Engineer, but declined to discuss any further details.
Charlie Miller has a background as a Global Exploitation Analyst in the National Security Agency, and has hacked devices running on iOS, OSX, and Android. He is considered to be a white-hat hacker, which means that he hacks to expose vulnerabilities in a system in order to have those weaknesses fixed. Five year ago, Miller was said to be the first to hack the iPhone using the device’s browser, exposing the handset’s vulnerability to security attacks. Several months after this, he was likewise able to hack a MacBook Air in just two minutes. This feat allowed Miller to win the Pwn2Own hacking competition. Miller also showed a way to hijack iPhones through SMS in 2009. In 2011, he used the MacBook power adapter to implant malware on the laptop. In the same year, his license as an Apple developer got revoked because Apple found that he breached the development agreement. 
In more recent times, Miller had been working on Android devices. In June, he was able to overcome Bouncer, Google’s security program. He has furthermore experience in using Near Field Communications to control Samsung and Nokia handsets with a simple wave of another phone that is within the vicinity. 
While talking about Charlie Miller, we must have to take another name and that is Nicholas Allegra, the world-famous hacker known as "Comex", creater of JailbreakMe.com; who later has been hired by Apple itself . In case of Twitter we must have to say, apart from Miller, Twitter also hired Moxie Marlinspike, a hacker who specializes in SSL and VPN encryption.







SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Fbpwn Version 2.0 Released (Java Based Facebook Social Engineering Framework) Twitter pwn added

Posted by Avik Sarkar On 9/13/2012 11:56:00 pm

Fbpwn Version 2.0 Released (A cross-platform Java based Facebook social engineering framework) Twitter pwn added

Earlier we have discussed about Fbpwn. Now the time has come to update the version as the author - Hussein El Motayam has going to release version 2.0 of Fbpwn -A cross-platform Java based Facebook social engineering framework developed by Team Motayam. The most notable thing of this version is that the author has added 'Twitter pwn' that means you can now also extract Twitter information using Fbpwn Version 2.0. 

Bug Fix in Beta - 2.0
  • Fixed all Login issues
  • Added a new module: Dictionary builder
  • Added a new module: Close friends finder
  • Added an option to group dumped information by victim's ID
  • Use FBPwn through proxy

Fbpwn 2.0 is Capable of:
  • Dump friend list
  • Add all victim friends
  • Dump all users album pictures
  • Dump profile information
  • Dump photos
  • Check friends request
  • Dump victim wall
  • Clone the profiles

FBPwn modules are:

AddVictimFriends: Request to add some or all friends of bob to increase the chance of bob accepting any future requests, after he finds that you have common friends.

ProfileCloner: A list of all bob's friends is displayed, you choose one of them (we'll call him andy). FBPwn will change mallory's display picture, and basic info to match andy's. This will generate more chance that bob accepts requests from mallory as he thinks he is accepting from andy. Eventually bob will realize this is not andy's account, but probably it would be too late as all his info are already saved for offline checking by mallory.

CheckFriendRequest: Check if mallory is already friend of bob, then just end execution. If not, the module tries to add bob as as a friend and poll waiting for him to accept. The module will not stop executing until the friend request is accepted.

DumpFriends: Accessable friends of bob is saved for offline viewing. The output of the module depends on other modues, if mallory is not a friend of bob yet, the data might not be accessable and nothing will be dumped.

DumpImages: Accessable images (tagged and albums) are saved for offline viewing including comments under each image and album names. Same limitations of dump friends applies.

DumpInfo: Accessable basic info are saved for offline viewing. Same limitations of dump friends applies.

DumpWall: Dumps wall posts for offline viewing. Same limitations of dump friends applies.

DictionaryBuilder: Builds a dictionary using words from comments under photos and wall posts.

CloseFriendsFinder: Finds the victim's close circle of friends by counting number of comments,likes and tags under photos and wall posts with the ability to change the weights of the ranking criteria.


To Download Fbpwn Version 2.0 Click Here (Disclaimer- Use this tool at your own risk)




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

British pop Star Rita Ora's Twitter Account Hacked

Posted by Avik Sarkar On 9/03/2012 03:40:00 pm

British pop Star Rita Ora's Twitter Account Hacked

Yet again another celebrity have fallen victim of twitter hacking. After Justin Bieber, Teyana Taylor, American pop singer Kesha; now it was time for British pop star Rita Ora. The hacker have broken into the pop star's account and posted a fake tweet saying "I wanna be with Harry Styles"
Rita Ora has immediatley apologized to fans after a prankster hacked her Twitter account and posted that she has a crush on One Direction singer Harry Styles. The 21-year-old pop singer got to know about the news Saturday when she discovered a tweet on her page. She quickly deleted the message and told her 1.1 million followers she had contacted bosses at the social networking site about temporarily closing her account while resolving the problem. She writes, "My Twitter has been hacked! Trying to get it frozen for a bit!! Sorry guys!!"
Similar things happened earlier when NBC NewsFox News PoliticsUSAToday, Lady Gaga’s Twitter AccountAnders BreivikMahesh Bhatt, Huffington Post Twitter Account became the victim of such twitter hacking. 






SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Twitter Joins The Linux Foundation as A Silver Member

Posted by Avik Sarkar On 8/27/2012 12:22:00 pm

Twitter Joins The Linux Foundation as A Silver Member

Social networking giant Twitter joined The Linux Foundation, the nonprofit organization while dedicated to accelerate the growth of Linux & open-source. In addition to Twitter, the Linux Foundation also announced that Inktank and Servergy have also become members. Twitter joined as a silver member, paying $15,000 for the privilege. The Linux Foundation announced Twitter’s membership today as it gears up for next week’s annual LinuxCon conference in San Diego. “Linux and its ability to be heavily tweaked is fundamental to our technology infrastructure,” said Chris Aniszczyk, manager of open source at Twitter, in a statement. “By joining The Linux Foundation, we can support an organization that is important to us and collaborate with a community that is advancing Linux as fast as we are improving Twitter.”
Twitter is a real-time information service on which people post ideas, comments and news in 140 characters or less. Twitter brings users closer to the topics, events and people they care most about around the world. Based in San Francisco, Twitter is available worldwide in 30 languages, with 140 million active users and 400 million Tweets per day. This volume of data puts high demands on real-time data processing and the pace of innovation at the company. Twitter is supported by tens of thousands of Linux machines, which allow the company to customize for its unique needs. Twitter is joining The Linux Foundation to support the mission of promoting, protecting and advancing Linux, the company said. Twitter’s Chris Aniszczyk will deliver a keynote at LinuxCon on Aug. 30 entitled “The OSS Behind a Tweet.” 
Google, Yahoo is another big Web company that is part of the foundation. One missing name is Facebook, but Zemlin hopes to get Mark Zuckerberg and team on board as well. "We would love to have them as a member," Zemlin said. "They do participate in our events around the Open Compute Project so that’s a good thing. Their business runs on Linux as well."


-Source (eWeek & ars technica)






SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Related Posts Plugin for WordPress, Blogger...

Site search