Facebook Rolls Out Login Approvals and Security Protections Against Clickjacking and Self-XSS

Facebook has released several new security features designed to thwart unauthorized logins, cross-site scripting, and clickjacking that trick users into sharing spam to the news feed. Login approvals require suspicious logins to be confirmed with a code texted to a user’s phone, while self-XSS and clickjacking protection  warns users and requires them to confirm their actions when pasting links into their browser or clicking suspicious Like buttons.
These protections should reduce the prevalence of hijacked accounts and highly visible spam in the news feed that perpetuate the public perception of Facebook as less safe than the rest of the internet.



Facebook’s latest internal security efforts were announced alongside a new partnership with Web of Trust, a a crowd-sourced website reputation rating service that will be used to power alerts to Facebook users when they click malicious outbound links. Facebook has previously concentrated on improving security through user education and login protection features such as remote session logout and one-time passwords.

Login Approvals

Now Facebook is rolling out the two-factor authentication it announced last month. Users can visit Account -> Account Settings -> Settings -> Account Security to enable the feature, which will require them to verify their phone number. Once enabled, any time someone attempts to login to the account through a new or unrecognized device, they’ll have to enter a code sent to their phone via SMS. Users will also be notified the next time the successfully login of any suspicious attempts thwarted by the login approvals feature.



Users could be temporarily locked out of their account if they have Login Approvals in the unlikely event that both their phone and their approved Facebook login device were lost or stolen. Still, the feature offers a strong additional layer of security for those who opt in to it. It can also serve to protect users who may share their password with a loved one for use on their regular login device, but who don’t want those people to access their account from elsewhere.

Clickjacking Protection

Clickjacking refers to when a malicious website conceals an active link beneath an image or other disguise to fool a user into clicking a link they didn’t intend to. In the case of Facebook, malicious sites sometimes conceal Like buttons beneath video players or appealing offers, leading users to inadvertently share the spam site to the news feed, drawing in more users to the scam.
Facebook already has automated systems designed to identify and disable uses of the Like button for clickjack, as well as block or remove outbound links to clickjacking sites. Now Facebook as added additional protection against the tactic by requiring users to confirm they wanted to click a Like button that is suspected to be part of a clickjacking scheme. The Like won’t go through and stories won’t be published to the news feed unless the user confirms.
This feature could cut down on one of the most prominent Facebook security threats as of late, which has spread through links that promise videos of racy or gruesome content.

Self-XSS Protection

Self-cross site scripting is a security threat in which a spam news feed story, wall posts, or Message asks users to copy malicious code into their browser, thereby causing a hacker’s message to be posted to additional friends. These threats are becoming increasingly sophisticated over the years (if you want to get deeper into the topic, be sure to check out security researcher Joey Tyson’s Social Hacking blog).
The new security features detects when users attempt to paste malicious code into their browser, displays an alert explaining why the practice of copying code into a browser is dangerous, and prevents the code from being run.


By mixing education in with technical security features, Facebook can protect users now and teach them to protect themselves in the future.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Facebook Rolls Out Login Approvals and Security Protections Against Clickjacking and Self-XSS"https://www.voiceofgreyhat.com/2011/05/facebook-rolls-out-login-approvals-and.html</a>

Facebook Application For iOS & Android Have Security-Hole Which Allows Identity Theft

Facebook Application For iOS & Android Have Security Hole Which Allows Identity Theft 

Facebook users again under risk.  Recently a new security vulnerability found in Facbook application for iOS & Facebook application for Android. Researcher app developer Gareth Wright, who discovered the issue, said it comes down to Facebook’s native apps for the two platforms not encrypting your login credentials, meaning they can be easily swiped over a USB connection, or more likely, via malicious apps. Facebook has responded that this issue only applies to compromised or jailbroken devices. Means if you are using a jailbroken iOS device or a rooted Android device then your identity can easily be theft. Wright copied the hash and tested a few FQL queries. "Sure enough, I could pull back pretty much any information from my Facebook account. As of the 1st of May 2012 these tokens run out after 60 days but aside from that a simple .Net tool could easily snaffle this info and grab a fair whack of confirmed email addresses and marketing info.
“Not good, but then I had to wonder what the Facebook app stored. Popping into the Facebook application directory I quickly discovered a whole bunch of cached images and the com.Facebook.plist. “What was contained within was shocking. Not an access token but full oAuth key and secret in plain text. Surely though, these are encrypted or salted with the device ID. Worryingly, the expiry in the plist is set to 1 Jan 4001!" 

“Facebook’s iOS and Android applications are only intended for use with the manufacture provided operating system, and access tokens are only vulnerable if they have modified their mobile OS (i.e. jailbroken iOS or modded Android) or have granted a malicious actor access to the physical device,” a Facebook spokesperson said in a statement. “We develop and test our application on an unmodified version of mobile operating systems and rely on the native protections as a foundation for development, deployment and security, all of which is compromised on a jailbroken device. As Apple states, ‘unauthorized modification of iOS could allow hackers to steal personal information … or introduce malware or viruses.’ To protect themselves we recommend all users abstain from modifying their mobile OS to prevent any application instability or security issues.”
As for the USB connection scenario, Facebook says there’s no way to fix this problem. Note that in this case it doesn’t matter if your device is jailbroken or not, because whoever is doing the deed has physical access to your phone or tablet.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Facebook Application For iOS & Android Have Security-Hole Which Allows Identity Theft"https://www.voiceofgreyhat.com/2012/04/facebook-application-for-ios-android.html</a>

Facebook Said 600K+ Accounts Are Being Compromised Per Day

According to the infographic blog post of Facebook they said about 600,000 log-ins per day are compromised. That's given some the false impression that there are that many accounts compromised every day. 

While Facebook does block (approximately) 600,000 log-ins per day, it is not that these Facebook accounts are compromised on Facebook, and certainly not that they're 'hacked' as some have written. There may be compromised accounts that appear on Facebook, but more often than not they are compromised off of Facebook--they use the same password for e-mail as Facebook, they get phished, etc. Compromised in this sense refers to log-ins where we are not absolutely confident that the account's true owner is accessing the account and we either preemptively or retroactively block access. 

The statistic was revealed in an infographic published alongside an official Facebook blog post trumpeting new security features introduced by the firm. The new security features include Trusted friends (called "Guardian angels" in the infographic).

Facebook says that you will be able to nominate three to five "trusted" friends who can help you if you have a problem accessing your account - if, for instance, someone else has changed its password and locked you out of your email account. The idea is that if you need to login to Facebook but can't access your email account, Facebook will send codes to your friends that they can pass on to you.

For more information and to download the Facebook security infographic Click Here

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Facebook Said 600K+ Accounts Are Being Compromised Per Day"https://www.voiceofgreyhat.com/2011/10/facebook-said-600k-accounts-are-being.html</a>

Facebook, spammers are in 'arms race'

Within days of Facebook rolling out new security features designed to block spam, several new social-engineering attacks were spreading that somehow managed to get by the company's antispam defenses.
The spammers have modified their handiwork so it will get past Facebook's scam detection system, company spokesman Fred Wolens told today.
"There are new methods they've picked up after we put out the protections on Thursday," he said. "It's an arms race. We put out new protections and they come up with new campaigns...When we announced the new security features, they were calibrated for all the self-XSS attacks we'd seen at the time."


The company began turning on a feature last week that displays warnings when it detects that users are about to be duped by cross-site scripting (XSS) and clickjacking attacks. In such attacks, people are tricked into clicking something (clickjacking) or pasting some code into their browser Web address bar (XSS).
Yet there were several XSS attacks this weekend and today and warnings were not displayed. In one of them, users were tempted with a post that said "Facebook now has a dislike button! Click 'Enable Dislike Button' to turn on the new feature!" (On a side note, Wolens artfully dodged the question of whether Facebook would ever add a "dislike" button.)
Another attack falsely offered a way to see how many people viewed you on Facebook as an indication of how popular you are and urged people to click the "Scan Profile" link. The links lead to an external site where eventually the user is prompted to cut and paste Javascript code into the browser address bar, said Satnam Narang, a threat analyst at M86. (Facebook does not offer a way to see such statistics on profiles.)
A third attack tempted people with a comment of "WTF!! You look so stupid in this video" or something similar. A Flash file is loaded when the link is clicked and people were encouraged to press the CTRL and V keys and malicious JavaScript would be pasted from the clipboard into the browser address bar, according to this Zscaler blog post.
In all the cases the user action results in the spam messages being re-posted to the victim's Facebook pages and those of their friends. Ultimately, surveys are proffered for the victim to fill out. The spammers get money for each survey completed and the farther the spam spreads the more money that can be made.
Facebook did not disclose exactly what is going on behind the scenes, which could be used to help spammers in their efforts. Narang said he suspected that some of the spam was getting past Facebook's defenses by obfuscating the Javascript. Facebook seems to have made it harder for spammers to create campaigns that automatically execute and spam your friends, so that victims are sent off to external sites and required to cut and paste text into their browsers, he said.

 But "the hole is still there because they are still able to generate these posts," by tricking users into clicking links and following further instructions, he added.
Facebook is learning and improving the situation with each new spam campaign and iteration of its defenses, Wolens said.
"Within a few hours of this video (spam campaign) we were able to put that information back into the system to protect people," he said.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Facebook, spammers are in 'arms race'"https://www.voiceofgreyhat.com/2011/05/facebook-spammers-are-in-arms-race.html</a>

Facebook Denies The Hack-Activity Of Team Swastika

We are aware of that Recently Formed Hacking Crew From Nepal called "TeamSwaStika"  hacked more than 10 thousand facebook account. TeamSwaStika have posted those hacked account on pastebin openly. later it was removed for violation. Also they have reported their hack to VOGH. If you dig some statistic then you will find that it is one of the biggest attacks on Facebook users. Because TeamSwaStika has grabbed more than 10K log-in details of Facebook users. 

But Facebook completely denies this hack activity and said Team Swastika's supposed hack of account logins was no hack at all. Facebook looked into the issue and said the details did not relate to any active accounts. "This does not represent a hack of Facebook or anyone’s Facebook profiles," a Facebook spokesperson said.

"Our security experts have reviewed this data and found it to be a set of e-mail and password combinations that are not associated with any live Facebook accounts." 

Facebook said Trend Micro's use of the term "hacked" was "simply wrong." Ferguson never indicated Facebook itself had been hacked, however, and the social network said the data had been taken in a phishing attack.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Facebook Denies The Hack-Activity Of Team Swastika"https://www.voiceofgreyhat.com/2011/10/facebook-denies-hack-activity-of-team.html</a>

Facebook adds new user security features

Facebook is launching several new security features today designed to protect users from malware and from getting their accounts hijacked.
First, the site will display warnings when users are about to be duped by clickjacking and cross-site scripting attacks in which they think they are following a link to an interesting news story or taking action to see a video and instead end up spamming their friends.
For example, a scam was circulating yesterday in which Facebook users were inadvertently commenting on what looked like a news site with details of the iPhone 5. Clicking on the link leads to a page with a captcha window and if it is clicked the spam is then spread on a user's Facebook page. Another one was spreading today that urged people to verify their accounts by clicking on something. Facebook was quickly removing those posts.
In cross-site scripting (XSS) attacks, people are often asked to cut and paste Javascript or another type of code into their browser Web address bar in order to see a video or get a free product, for instance. But the code ends up doing something else entirely.
Both types of attacks take advantage of a vulnerability in the Web browser, and Facebook says it is working with the major browser companies to fix the underlying issue. Internet Explorer 9 already has some protections against this in place.
But now, Facebook will display a warning to users if it detects that suspicious activity is going on behind the scenes. To block clickjacking, the site will ask users to confirm their "like" before posting a story to their profile and their friends' News Feeds. And to prevent XSS attacks, Facebook will ask users to confirm that they meant to take the action.
Facebook also is offering two-factor authentication called "Login Approvals," which if turned on will require users to enter a code whenever they log into the site from a new or unrecognized device. The code is sent via text message to the user's mobile phone.




Finally, Facebook is partnering with the free Web of Trust safe surfing service to give Facebook users more information about the sites they are linking to from the social network. When a user clicks on a potentially malicious link, a warning box will appear that gives more information about why the site might be dangerous. The user can either ignore the warning or go back to the previous page.
The information from Web of Trust, which has rated more than 31 million sites, is in addition to Facebook's internal black list of sites that it blocks users from sharing.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Facebook adds new user security features"https://www.voiceofgreyhat.com/2011/05/facebook-adds-new-user-security.html</a>

Apple Releases iOS 6 With 200+ New Features & Mountain Lion 10.8.2 With Facebook Integration & Game Center

Apple Releases iOS 6 With 200+ New Features & Mountain Lion 10.8.2 With Facebook Integration & Game Center

As expected, here comes double bang from Apple. Apple has also released  iOS 6 along with OS X Mountain Lion 10.8.2 and made available for public. In case of users of recent iPad, iPhone, and iPod touch models can obtain the update either by connecting their devices to iTunes and clicking the "Check for Update" button or checking for over-the-air updates on their devices. iOS 6 adds over 200 new features, including Apple's own Maps app, Facebook integration, Siri improvements, Apple's new Passbook digital wallet app, and more. iOS 6 is compatible with the third-generation iPad, iPad 2, iPhone 4S, iPhone 4, iPhone 3GS, and fourth-generation iPod touch. It will also ship on the iPhone 5, which launches on Friday, and on the fifth-generation iPod touch launching next month. The operating system arrives as the golden master build 10A403 for existing devices, and Apple has also posted a special 10A405 build for the iPhone 5 and a 10A406 build for the upcoming fifth-generation iPod touch.

With iOS Apple quietly pushed out 10.8.2, the second minor update to Mountain Lion since it was released in July. The update is currently available via the Software Update functionality in the Mac App Store. The update includes a number of enhancements, most notably Facebook integration and Game Center. It also includes support for several features integrating with iOS 6, such as Passbook passes and  iMessage/FaceTime access via phone number. 

This update is recommended for all OS X Mountain Lion users, and includes new features and fixes:

Facebook 

• Single sign on for Facebook

• Adds Facebook as an option when sharing links and photos

• See Facebook friends' contact information and profile pictures in Contacts

• Facebook notifications now appear in Notification Center

Game Center

• Share scores to Facebook, Twitter, Mail, or Messages

• Facebook friends are included in Game Center friend recommendations

• Added Facebook "Like" button for games

• Challenge friends to beat your score or achievement

Other new features

• Adds Power Nap support for MacBook Air (Late 2010)

• iMessages sent to your phone number now appear in Messages on your Mac

• You can now add passes to Passbook (on your iPhone or iPod touch) from Safari and Mail on your Mac

• FaceTime can now receive calls sent to your phone number

• New shared Reminders lists

• New sort options allow you to sort notes by title, the date you edited them, and when you created them

• Dictation now supports additional languages: Mandarin, Cantonese, Spanish, Korean, Canadian English, Canadian French, and Italian

• Dictionary app now includes a French definition dictionary

Sina Weibo profile photos can now be added to Contacts

* Requires iOS 6

General fixes

The OS X Mountain Lion v10.8.2 update also includes general operating system fixes that improve the stability, compatibility and security of your Mac, including the following fixes:

• Adds an option to discard the changes in the original document when choosing Save As 

• Unsent drafts are now opened automatically when launching Mail

• Receive Twitter notifications for mentions and replies from anyone

• URLs are shortened when sending tweets from Notification Center

• Notifications are disabled when AirPlay Mirroring is being used

• Adds SSL support for Google searches from the Smart Search Field in Safari

• Adds a new preference to have Safari launch with previously open webpages

• Resolves an issue that may cause the "Enable Autodiscover" checkbox to always remain checked

• Enables access to the Mac App Store when Parental Controls are enabled Support for @icloud.com email addresses

• Resolves a video issue with some VGA projectors when connected to certain Mac notebooks

• Addresses an issue that may prevent Active Directory accounts from being locked out

• Resolves an issue that may cause the policy banner to re-appear prior to logging in

• Improvements to SMB

• Addresses an issue with NIS users when auto-login is enabled

• Addresses an issue in which the Keychain may not be accessible

• Ability to pre-authenticate a FileVault protected system

• Addresses an issue that may cause Xsan to not automatically start after migrating from Mac OS X Snow Leopard 

Direct downloads of OS X 10.8.2 is also available through Apple's site form the following links-

OS X Mountain Lion Update v10.8.2 

 OS X Mountain Lion Update v10.8.2 (Combo) 

-Source (Apple & MacRumors)                             

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Apple Releases iOS 6 With 200+ New Features & Mountain Lion 10.8.2 With Facebook Integration & Game Center"https://www.voiceofgreyhat.com/2012/09/Apple-Releases-iOS-6-and-Mountain-Lion-10.8.2.html</a>

Facebook Launched 'Photo Sync' Automatic Photo Uploading Feature for Android & iOS

Facebook Launched 'Photo Sync' Automatic Photo Uploading Feature for Android & iOS

The social networking giant Facebook announced that it started rolling out Photo Synchronization, in order to add more mobility and ease of use. According to Facebook Newsroom -the new Photo Sync will make photo sharing easier. With this feature, photos from your phone sync automatically to a private album on the web. When you want to share these photos, just pick and post your favorites. If you turn this feature on, up to 2GB of photos from your phone can be synced automatically to a private album on Facebook, from which you can then pick your favorites to share with your friends. It’s important to note that Facebook isn’t launching new Android and iOS apps today. The feature is already included, but the company is turning it on for more and more users, starting with a big push today. To turn the feature on in the Facebook app (if you have an iPhone, iOS 6 is required), tap Photos and then tap Sync at the bottom of your photos section. Once the uploads start coming in, you can check them out and share them via the app, on the mobile Web, or on your computer (go to your Timeline, click Photos, and click “Synced From Phone” at the top of your photos section). To save on the limited amount of space, you can stop photos from being synced by deleting them. In the app, that’s the “Remove synced photo” option once you pick a photo in the Synced section, and on your computer that’s the Delete option when you’re in the “Synced From Phone” folder. The good news is that deleting a photo from your synced photos won’t delete it from your phone’s gallery.

That’s right, you can turn photo syncing on or off, but you can also choose to sync over Wi-Fi only. Normally, when you’re on a cellular network like 3G or 4G, Facebook will sync photos at a smaller size (around 100K each), so they’re unlikely to use much of your data plan. Over a Wi-Fi connection, Facebook will sync larger versions of your photos. The best part: photos will not sync when your battery is low.

Get the latest Facebook app for Android or iPhone to try it out. Learn more at Facebook.com/mobile or visit the Help Center.

-Source (TNW & FB)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Facebook Launched 'Photo Sync' Automatic Photo Uploading Feature for Android & iOS"https://www.voiceofgreyhat.com/2012/12/Facebook-Launched-Photo-Sync.html</a>

CyberWar - 100,000 Facebook Login Details Stolen By Israeli Hacker

CyberWar - 100,000 Facebook Login Details Stolen By Hannibal (Israeli Hacker)

Again facebook users became the target of hackers. A hacker named Hannibal who claims to act in defense of Israel has released 100,000 credentials of allegedly Arab users of Facebook in an ongoing cyber war between Israeli and Arab hackers. The hacker posted the credentials in four parts on Pastebin on Saturday as well as making the details available on 14 file-sharing sites. Later it was removed for violation. Few days ago we have covered that hackers from Saudi Arabia named Group-XP has hacked more than 400K Israeli credit cards and they have openly posted on a pastebin release names, passwords, addresses, phone numbers and government ID numbers and so on. So this attack is the payback of Group-XP's attack. In a note introducing the data, the hacker claimed to have 30 million email account details, 10 million bank accounts and four million credit card accounts belonging to "Arabs from all over the world." Hannibal vowed to come to Israel's defense if needed: "If they appear again, I again come to save Israel. Trust me. I'll always be around." Since 13 January, Hannibal has released several batches of email and Facebook log-in details. Facebook officials said last week of one of the releases that less than a third of the credentials were valid, and half were not associated with Facebook accounts.

Earlier such attacks taken place when Cru3l Int3ntion (Nepalese Hackers) has hacked more than 6K FB login details, also another group named TeamSwaStika has hijacked more than 10 thousand Facebook accounts. Later FB authority denies that attack. Not only this but also newly discovered Ramnit Worm has stolen the login information for over 45,000 Facebook accounts. Few months ago it was found in the infographic blog post of Facebook where they said that nearly 600,000 facebook log-ins per are being compromised per day.  

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">CyberWar - 100,000 Facebook Login Details Stolen By Israeli Hacker"https://www.voiceofgreyhat.com/2012/01/cyberwar-100000-facebook-login-details.html</a>

Facebook Donates $250,000 to University of Alabama at CIA|JFR to Fight Against Cybercrime

Facebook Donates $250,000 to University of Alabama at CIA|JFR to Fight Against Cybercrime 

All of us, who are associated or directly involved in this cyber domain know very well that its almost impossible to stand against the rising cyber crime & cyber criminals. Then the very first question will arise and that is, what is the solution? The answer will be tie-up collaboration, unity in diversity. That means if we stand together and help each other, then definitely we can control cyber crime, not only that but also we can have a safe and secure cyber space. While talking about co-operation and collaboration then a live instance is here for you. It is your favorite social network, Facebook who stand against cyber criminals and donate $250,000 to help fight cyber crime. According to UAB News - The Center for Information Assurance and Joint Forensics Research at the University of Alabama at Birmingham has received a $250,000 donation from Facebook in recognition of the center’s role in tracking international criminals behind social-media botnet Koobface as well as other spammers. The donation, which comes from money Facebook has recovered from spammers located around the world, will be used to expand the new CIA|JFR headquarters. 

“As a result of numerous collaborations over the years, Facebook recognizes the center as both a partner in fighting Internet abuse, and as a critical player in developing future experts who will become dedicated cybersecurity professionals,” says Joe Sullivan, chief security officer at Facebook. “The center has earned this gift for their successes in fighting cybercrime and because of the need for formal cybersecurity education to better secure everyone’s data across the world.”  

Here we want to remind our readers that 'Koobface' was the most dangerous malware ever made to infiltrate Facebook made by few Russian hacker. The hackers, known as the Koobface gang, sent Facebook users attractive invitations to watch a funny or sexy video. When the unsuspecting users clicked the link, the message appeared saying that their computer’s Flash software needed updating. The “update” was in fact malware that hijacked the user’s clicks and delivered them to advertisers, making the hackers money -to the tune of over $2 million annually. According to Kaspersky Labs the network of infected computers included between 400,000 and 800,000 PC. Earlier in this year the entire Koobface gang was exposed and the C&C server of Koobface has been stopped prenatally by few German Researchers. 

With this story here we, the entire VOGH Team would like to congratulate the team at the University of Alabama at Birmingham on the donation from Facebook. More power to them and similar experts around the world, helping investigate cybercrime and making the online world a safer place! 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Facebook Donates $250,000 to University of Alabama at CIA|JFR to Fight Against Cybercrime"https://www.voiceofgreyhat.com/2012/10/Facebook-awarded-University-of-Alabama-to-Fight-Against-Cybercrime.html</a>

Facebook Get Updated & Created New Security Concerns

Facebook CEO Mark Zuckerberg unveiled a raft of changes at this year’s f8 Developer Conference, many of which have left security experts concerned about a rise in Twitter-style spambots as well as targeted cybercrime attacks on users.
New privacy controls as well as the new Subscribers, News Ticker and Timeline features have boosted usability and sharing on the social networking, but according to BitDefender, the changes could also mean a rise in the number of privacy and security breach incidents.

The company has created a list of the Facebook changes, and the impact they could have on online security:-

1. Smart Lists, will prompt users to share more information publicly, but will also have the adverse effect of supplying ammunition for targeted attacks.
Smart Lists encourage people to complete their profile with details of their career, work projects, where they went to school or which city they live in. Every time someone creates a list with colleagues from a specific job, this is tagged in their profile. Of course, this is generally not confidential information, and the user has the final decision on whether to approve or reject the tag. But having this information public and indexable will make it much easier to create sophisticated, targeted attacks. Attackers will be able to find out exactly who is working for a specific company at any given time, their job and, more importantly, what project(s) they are working on. The additional information available to a hacker may lead to an increase in socially engineered attacks on businesses, where hackers attempt to gain access to a company’s network or confidential information by targeting its employees as the point of entry.

2. The Subscribe feature could increase the number of spambots, just like on Twitter.
The subscribe feature lets Facebook users follow people of interest, much like Twitter. It also allows your updates to be followed by others, even if they are not friends with you on Facebook. But with the introduction of Twitter-like features, BitDefender believes that Facebook users may see an increase in the number of Twitter-like threats and annoyances, too.
These include spambots and fake schemes that try to lure users in with promises of obtaining more subscribers to their profile page.

3. The Timeline feature means everything you’ve ever shared on Facebook is now available and easy to browse.
Timeline is a revolution of usability, but it’s also the open story of your life to date on the social network. If the default settings are not changed, to restrict who can see your wall, the content will, by default, be available for anyone to see. Friends, photos, places you have checked in, relationships and much more.
It’s important for Facebook users to be aware of this privacy setting when using Timeline, and adjust this accordingly.

4. Health is now social… and public.
The Facebook timeline considers health information social. While it will be easy to share health-related updates such as breaking a bone, undergoing surgery or overcoming an illness, this information is also set to public by default. While seemingly innocuous, information about health that is shared publicly may risk being exploited for identity theft or social engineering attacks.

5. Widgets, open the door to interactive scams.
With Timeline, Facebook also introduced widgets that live on users’ profile pages, which takes social interaction to a whole new level. Until now, anyone who had an application installed could only interact with other users within the app. Now, the app is on the user’s wall, so anyone who interacts with the user profile can also interact with the app.
This isn’t a concern for legitimate apps, but the ease with which they can be accessed may lead to fake or scam apps spreading quickly through the social network.

-News Source (F8, Dynamic Business & FB)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Facebook Get Updated & Created New Security Concerns"https://www.voiceofgreyhat.com/2011/10/facebook-get-updated-created-new.html</a>

Skype 5.5 (With Deeper Facebook Integration)

Skype has released the latest update to its online calling software for Windows, offering more options for Facebook users.

Officially out of beta since Wednesday, the latest Skype 5.5 for Windows lets you check which of your Facebook friends are online and available to chat, all without having to leave Skype. Simply clicking on the View menu in the Skype software and then choosing Facebook Friends shows you the list.

By clicking on and then closing the Skype Home screen, you can also update your Facebook status and scroll down to view your entire Facebook wall.

Beyond the Facebook integration, Skype says that its latest version offers improved controls for video and group calls for Windows, better call reliability, and various design changes in the interface.

Once it was installed, you will be able to use Skype 5.5 to view online Facebook friends, access wall, and post status updates just as easily as one could in Facebook.

To Download Skype 5.5 click Here

For More information about Skype 5.5 click Here

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Skype 5.5 (With Deeper Facebook Integration)"https://www.voiceofgreyhat.com/2011/07/skype-55-with-deeper-facebook.html</a>

Google Has 1 Billion Unique Monthly Visitors

Google revealed more than a year ago that it has more than 1 billion searches a day and averages 1 billion searchers a week. Now it can add 1 billion unique visitors per month to that storied stat club. comScore revealed that Google's Websites, including its search engine, YouTube video-sharing site and Gmail, lured more than a billion unique visitors in May. That's up 8.4 percent from a year ago. It is the first time an Internet company has hit that benchmark, according to the researcher. See the report here or this snapshot on Search Engine Land. That would be nice if it weren't for the fact that Google's rivals are growing their online traffic, too. Microsoft, whose Bing search engine came on strong last year, followed with 905 million unique visitors in May, good for growth of 15 percent. Facebook, meanwhile, saw its visitor count balloon to 714 million visitors, perhaps an accurate reflection of its current user base. Facebook's year-to-year growth was a remarkable 30 percent. More impressive (and scary, for Google) is Facebook's user engagement stat: comScore said the social network's users logged 250 billion minutes worldwide in May, up 66 percent from May 2010. 

In a June 15 blog post, comScore said Facebook's average U.S. visitor engagement has grown from 4.6 hours to 6.3 hours per month over the past year. Nielsen confirmed the six-hour stat in its own research.

Microsoft is next at 204 billion minutes, down 13.6 percent, while Google is third with 200 billion minutes, good for growth of 13 percent. Facebook's ability to keep users logged in the walled garden is the reason why Google is logically infusing its Web services with social software. 

This Web phenomenon is also the reason Google has been revving up its mobile and display advertising efforts. The company acquired mobile ad maker AdMob for $750 million last year and agreed to buy display ad player Admeld last week. Google has also accelerated its YouTube efforts, adding thousands of streaming movie titles and using Google TV as a new access point for YouTube and its display ads.

Near-term, Google has little to worry about. EMarketer said Google will take 41 percent of all ad dollars, with Facebook netting 7 percent of U.S. online ad spending this year.

What Google is nervous about is that Facebook is getting more users to stay online with its site longer, which means more users are seeing more display ads on the network.

This generates more ad cash for Facebook and its partners. Moreover, ad partners who would normally go to Google, Microsoft or Yahoo for display ad placement now have Facebook as the optimal choice to spread their message. This is why Google has been boosting social -- adding the +1 button -- and why it's been fortifying its already strong ad arsenal.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Google Has 1 Billion Unique Monthly Visitors"https://www.voiceofgreyhat.com/2011/06/google-has-1-billion-unique-monthly.html</a>

Hacker Are Invited To Attack Facebook's Corporate Network

Hackers Are Invited To Attack Facebook's Corporate Network

Last year the social networking giant, Facebook introduced its bug bounty program, inviting security researchers to poke around the site, discover vulnerabilities that could compromise the integrity or privacy of Facebook user data, and then responsibly disclose them to the company. The minimal reward amount was of $500. White hats were urged to search for Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF/XSRF) and Remote Code Injection bugs. In Facebook's White Hat program the company strictly announced that they should not be bothered with spam or social engineering techniques, DoS vulnerabilities, bugs in Facebook's corporate infrastructure and vulnerabilities in third-party websites or apps. Now they changed their mind. When the social network's security team randomly receiving tips from a researcher about a vulnerability in the company's own network which would allow attackers to eavesdrop on internal communications, they made an unprecedented choice by broadened the scope of the bug bounty program and inviting researchers to search for other holes in the Corporate Network. There are quite a few bug bounty programs instituted by tech companies such as Google, Paypal but Facebook has become the first firm that gave formal permission to white hats to target its networks. Ryan McGeehan, the manager of Facebook's security-incident response unit, stated that if there’s a million-dollar bug, they will pay it out.

Given that Facebook has a strong incentive to protect the data belonging to its 900 million users, and the fact that data breaches have become a disturbingly common occurrence in the last two years or so, the step seems like a logical one. 

-Source (Net-Security)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Hacker Are Invited To Attack Facebook's Corporate Network"https://www.voiceofgreyhat.com/2012/07/HackersareInvitedToAttackFacebookCorporateNetwork.html</a>

Glenn Steven Mangham Sentenced 8 Months Imprisonment For Hacking Into Facebook Server

Glenn Steven Mangham Sentenced 8 Months Imprisonment For Hacking Into Facebook Server

A 26 year aged British student named Glenn Steven Mangham sentenced to eight months of prison for hacking to Facebook server. The attack cost the company $200,000, and resulted in an investigation by the FBI and British law enforcement. Judge Alistair McCreath said his actions had “real consequences and very serious potential consequences” which could have been “utterly disastrous” for Facebook. “He acted with determination, undoubted ingenuity and it was sophisticated, it was calculating,” prosecutor Sandip Patel told a London court. He also said Mangham stole “invaluable” intellectual property and that the attack “represents the most extensive and grave incident of social media hacking to be brought before the British courts.”

Facebook runs a Puzzle server to allow computer programmers to test their skills and Mangham broke int that server, attempted to hack into a Facebook mailman server run that manages email distribution lists, as well as trying to gain access to the Facebook phabricator server, which offers tools for third-party app developers. Earlier in June 2011 he was arrested by the Metropolitan Police's Central e-Crime Unit for breaching the social network’s security systems between April 27 and May 9. After spending 2months he was released on bail. Four conditions were attached to his bail, including that he live and sleep at his home address, not access the Internet, and not have any devices in the house that can access the Web.

VOGH Review:-

The twist of irony here is that Facebook founder Mark Zuckerberg’s inspiration for creating the site came from his hacking into Harvard’s internal servers. If Zuckerberg can get sympathy then why not Steven Mangham ??No user data have been compromised while this attack and nor the system get infiltrated. So our question is where is the justice? While creating facebook Zuckerberg can breach the Harvard’s internal servers and stole sensitive user data but if another guy did something little wrong to whom who is already did guilty is facing law and order and 8 months of imprisonment. What a justice???!!!!!  

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Glenn Steven Mangham Sentenced 8 Months Imprisonment For Hacking Into Facebook Server"https://www.voiceofgreyhat.com/2012/02/glenn-steven-mangham-sentenced-8-months.html</a>

WikiLeaks Launched Wlfriends.org - New Encrypted Social Network

WikiLeaks Launched Wlfriends.org - New Encrypted Social Network

WikiLeaks Twitter feed announced on 20 May 2012 that the WL Friends/Friends of WikiLeaks (FoWL) network is ready to launch an 'encrypted Facebook' as the whistleblowing website claims that Facebook sells users' information to governments. Wikileaks also criticize Facebook recently came out in support of CISPA, a proposed US law that infringes on privacy and freedom of speech. So WL claimed that from now onwards Facebook cannot be trusted any more.

In the press release WL said- "FoWL is currently in its beta stage. This means that people from all over the world are registering to be part of this network to support WikiLeaks. For some time, nothing else will happen - we need the network to be of a certain size before we can start introducing you to candidate friends. Registering now will allow you to be a part of the network before the beta stage network gets full. As soon as we are ready to give you some candidate friends we will let you know."

One WikiLeaks tweet noted that "Facebook sells your information to governments, is lauded by MSM. WikiLeaks gives government information to you for free and we're terrorists". Following this statement, WikiLeaks tweeted a dozen reasons why this new site is better than Facebook.

Reasons:- 

1. WL Friends introduces you to people you want to know, but don't know yet. Facebook connects you to people you already know - no point.
2. Facebook is a mass surveillance tool. You put your friends into it, you betray your friends. Do friends betray friends? WL Friends doesn't know your friends. It introduces you to new friends.
3. Facebook records everything you do, hands it over to the US government and corporations. WL Friends doesn't.
4. WL Friends keeps your data so encrypted, not even the system admins can decrypt it. You and your friends decrypt on login automatically.
5. WL Friends uses military grade cryptography and the best industry standards (OpenPGP + Elliptic Curves).
6. WL Friends even uses homomorphic encryption for certain operations so WL Friends doesn't even know how many friends you have.
7. The more you use WL Friends, the less you use WL Friends. WL Friends is designed to build, not control, a robust network of shared value.
8. WL Friends is designed for more than just WikiLeaks. It is a general solution to build a robust support network under hostile conditions.
9. Friends of Israel, Friends of Palestine, Friends of the Tea Party, Friends of Catholicism are all possible with WL Friends.
10. WL Friends is designed to make infiltration costly. No person can be seen to be more important than any other or individually targeted.
11. WL Friends builds a strong support network instantly for any shared belief by connecting supporters in a way that maximizes communication.
12. As time goes by the WL Friends network for any shared belief is designed to mathematically grow stronger and stronger. 

-Source (WL Central, Wikileaks)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">WikiLeaks Launched Wlfriends.org - New Encrypted Social Network"https://www.voiceofgreyhat.com/2012/05/wikileaks-launched-wlfriendsorg-new.html</a>

Facebook Hacker Cup 2012

Are you a good programmer and security junkies? If yes then its your time to prove your skills. Facebook wants you to prove it at its second annual Hacker Cup challenge. The Facebook Hacker Cup is an annual worldwide programming competition where hackers compete against each other for fame, fortune, glory and a shot at the coveted Hacker Cup.

Open to coders anywhere in the world, Facebook's competition pits participants against each other in five rounds of programming challenges. The first kicks off January 20 with a 72-hour qualification round. Three more online rounds will thin the field down to the final 25 competitors, who will be flown out to Facebook's Menlo Park, Calif., headquarters for a final competition in March.

The winner will receive a $5,000 cash prize. Last year, nearly 12,000 programmers participated in the Hacker's Cup. Petr Mitrichev, a Google employee from Russia, took home the top prize.

According To Facebook:-

Hacking is core to how we build at Facebook. Whether we’re building a prototype for a major product like Timeline at a Hackathon, creating a smarter search algorithm, or tearing down walls at our new headquarters, we’re always hacking to find better ways to solve problems.

 Today we’re announcing open registration for Facebook’s second annual Hacker Cup. Programmers from around the world will be judged on accuracy and speed as they race to solve algorithmic problems to advance through up to five rounds of programming challenges. This is your chance to compete against the world’s best programmers for awesome prizes and the title of World Champion.

What: An annual algorithmic programming contest open to engineers from around the world.

Where: Three online rounds with the finals at Facebook's headquarters in California.

When: Registration opens January 4, 2012 with the three online rounds occurring throughout January 2012. World finals to follow.

Finals: We'll pay to fly and accommodate the top 25 hackers from the third online round out to our campus.

Prizes: Of course! $5,000 USD and title as world champion to the top hacker, $2,000 for second place, $1,000 for third, and $100 for fourth through 25th. Awesome t-shirts for the top 100 hackers coming out of the second online round.

For  More Details Click Here 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Facebook Hacker Cup 2012"https://www.voiceofgreyhat.com/2012/01/facebook-hacker-cup-2012.html</a>

Facebook Hacker Cup 2013: Petr Mitrichev Won The Competition Followed By Jakub Pachocki & Marcin Smulewicz

Facebook Hacker Cup 2013: Petr Mitrichev Won The Competition Followed By Jakub Pachocki & Marcin Smulewicz

Now a days leading organizations offers bug bounty and other competitions by which hackers from different part of the world will participate and find out security holes, in order to make more secure product and enhance cyber security. While talking about hackers competition then the name of "Hacker Cup" organized by the social networking giant Facebook will surely be an important one. Like last last two years, this year also Facebook called Hacker Cup 2013 in February and after completing several exciting  rounds finally we have the winners of this year's championship. Last year it was Roman Andreev of Russia who won the Hacker Cup with a heavy and prestigious trophy and a check for $5,000. Just like last year, this time also thousand of hackers across the globe participated in the competition and after completing the breathtaking championship three lucky winners been rewarded by Facebook for the outstanding performance. And the winners of Hacker Cup 2013 are Petr Mitrichev,  in second place we have Jakub Pachocki and third place it was Marcin Smulewicz. The social networking giant congratulated all the competitors who taken part in Hacker Cup for a great showing and performance. This year winner Petr Mitrichev solved all the four problems (Archiver, Colored Trees, Minesweeping, Teleports) in a due time and honored with the highly coveted Hacker Cup Trophy and an amount of $10,000. Here are some key moments of this year Hacker Cup:- 

 (Hacker Cup 2103 Finalist)

 (Competition is on)

 (The Prestigious Trophy) 

(Electric Moment)

(Hacker Cup 2103 Award)

(Petr Mitrichev Hacker Cup Winner)

Brief About Facebook Hacker Cup:-

Hacking is core to how we build at Facebook. Whether we’re building a prototype for a major product like Timeline at a Hackathon, creating a smarter search algorithm, or tearing down walls at our new headquarters, we’re always hacking to find better ways to solve problems. Programmers from around the world will be judged on accuracy and speed as they race to solve algorithmic problems to advance through up to five rounds of programming challenges. This is the chance to compete against the world’s best programmers for awesome prizes and the title of World Champion. 

As expected Facebook promises to continue this event every year so keep your eye out for signups to open to be the Hacker Cup 2014. So stay tuned with VOGH, for all the upcoming updates on cyber security. 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Facebook Hacker Cup 2013: Petr Mitrichev Won The Competition Followed By Jakub Pachocki & Marcin Smulewicz"https://www.voiceofgreyhat.com/2013/03/Facebook-Hacker-Cup-2103.html</a>

Facebook Malware Turns Your Profile Picture Pink (Spying Keystrokes & Stealing Passwords)

Did you notice that the profile pics of some of your Facebook friends have acquired a pink tinge? Rumours have hit the social networking site that the Facebook app that turns your profile picture pink carries "keylogger malware" that can spy on your keypresses, and steal your passwords - not just from Facebook, but from online banks you may log into as well.

Here is a Demo of the Facebook Warning:-

ABC News 24 just released a statement about a virus on facebook app that adds a pink tinge to your profile picture to `raise money for cancer`. Be aware this fake third-party app installs a virus on the machine you used to access the app. Apparently its a keylogger malware that searches for bank details and passwords etc. Facebook allows keylogger in its apps to aid predictive search algorithms, and therefore the virus hasnt been picked up. Keep a look out for any of your friends who may have fallen victim to this app. Apparently, they should be easily identifiable with a pink tinge to their profile picture. 

However, the warning is balderdash. ABC News has released no such warning, the app is not malicious and we have seen no evidence that it contains a keylogger. The truth is that your Facebook friends are doing something positive - helping raise money and awareness for the fight against breast cancer. Australian bank CUA raises funds every October for Breast Cancer Awareness Month, and this year decided to share an app that would change users' profile pictures pink to show that they were supporting the campaign.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Facebook Malware Turns Your Profile Picture Pink (Spying Keystrokes & Stealing Passwords)"https://www.voiceofgreyhat.com/2011/10/facebook-malware-turns-your-profile.html</a>

Facebook Released Official Security Guide

We all are aware of that Facebook the largest growing social network is under multiple attacks from various corners. If you dig history then you can surely remember that  famous hacker group Anonymous send threat to Facebook that they will hit FB. So avoid such hack attacks and give user more security Facebook released their official security guide. Facebook’s official Security Guide is a short – 14 pages in all – guide, written by former Senior Director of Internet Safety at Symantec Linda McCarthy, security research engineer at Purdue University Keith Watson and teacher and editor Denise Weldon-Siviy.

Some Very Basic Tips:-

• Avoiding the scammers

• Using advanced security settings

• Recovering a hacked Facebook account

• Stopping imposters.

• Document is self explanatory and very easy to understand. A must read guid for everyone who uses facebook or does not.

To Download the Facebook Official Security Guide Click Here

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Facebook Released Official Security Guide"https://www.voiceofgreyhat.com/2011/08/facebook-released-official-security.html</a>