Facebook "Trusted friends" Security Feature Easily Exploitable



Last week Facebook announced that in one day 600,000 accounts possibly get hacked. Another possible solution for Facebook to combat security issues is to find 3 to 5 "Trusted friends". Facebook will be adding two new security features that will allow users to regain control of their account if it gets hijacked.

In Facebook's case, the keys are codes, and the user can choose from three to five "Trusted friends" who are then provided with a code. If you ever get locked out of your account (and you can't access your email to follow the link after resetting your Facebook password), you gather all the codes and use them to gain access to it again. Yet This method is used by hackers to hack most of the Facebook account using little bit of Social Engineering from last 5-6 Months according to me. Let us know, how this works...

How its Exploitable:
This Exploit is 90% Successful on the victims who add friends without knowing them or just for increasing the number of Friends. This method to hack a Facebook Account only works if 3 trusted friends agree to give you the security code ! Another Idea, Why not Create 3 fake accounts and send Friend Request to Victim. Once your 3 Fake Accounts become friends with your victims facebook account, you can select those 3 Accounts to get the Security Code and Reset the password of Victim. Here a Complete Demonstration of Hacking Method on HackersOnlineClub.

Other Serious Facebook Vulnerability in Last Week
Last Week Nathan Power from SecurityPentest has discovered new Facebook Vulnerability, that can easily attach EXE files in messages,cause possible User Credentials to be Compromised . Not even Account Security, Also there are lots of Privacy Issues in Facebook,like Nelson Novaes Neto, a Brazilian (independent) Security and Behavior Research have analyze a privacy issue in Facebook Tickerthat allows any person chasing you without your knowledge or consent .  Facebook should takes these privacy issues & security holes very seriously.

Duqu Trojan found in Indian Server



Last week we update you about Duqu when Symantec said it had found a mysterious computer virus that contained code similar to Stuxnet, a piece of malware believed to have wreaked havoc on Iran's nuclear program.

Two workers at a web-hosting company called Web Werks told Reuters that officials from India's Department of Information Technology last week took several hard drives and other components from a server that security firm Symantec Corp told them was communicating with computers infected with Duqu.

The equipment seized from Web Werks, a privately held company in Mumbai with about 200 employees, might hold valuable data to help investigators determine who built Duqu and how it can be used. But putting the pieces together is a long and difficult process, experts said. "This one is challenging," said Marty Edwards, director of the US Department of Homeland Security's Industrial Control Systems Cyber Emergency Response Team. "It's a very complex piece of software."

The Duqu trojan is composed of several malicious files that work together for a malicious purpose.
Duqu appears to be more narrowly targeted than Stuxnet as researchers estimate the new trojan virus has infected at most dozens of machines so far. By comparison, Stuxnet spread much more quickly, popping up on thousands of computer systems.

Security firms including Dell Inc's SecureWorks, Intel Corp's McAfee, Kaspersky Lab and Symantec say they found Duqu victims in Europe, Iran, Sudan and the United States. They declined to provide their identities.

Duqu so named because it creates files with "DQ" in the prefix -- was designed to steal secrets from the computers it infects, researchers said, such as design documents from makers of highly sophisticated valves, motors, pipes and switches.

Duqu and Stuxnet both use a kernel driver to decrypt and load encrypted DLL (Dynamic Load Library) files. The kernel drivers serve as an "injection" engine to load these DLLs into a specific process. This technique is not unique to either Duqu or Stuxnet and has been observed in other unrelated threats.

"We are a little bit behind in the game," said Don Jackson, a director of the Dell SecureWorks Counter Threat Unit. "Knowing what these guys are doing, they are probably a step ahead."
[Source]

PTA Decides to Ban Explicit Websites




We have learned through reliable sources that PTA has decided to ban explicit websites. This information that we have got is of preliminary nature, however officials at PTA confirmed us of decision taken by the authority.
We are yet to ascertain the mechanism and procedures that PTA will adopt for the ban, but it is anticipated that PTA will maintain a list of blacklisted websites based on user input.
This decision is apparently due to increased social and moral pressure that PTA has gone through in the recent months. This is a vital decision taken by the authority that will be welcomed by the parents. Reaction from youth can be different.
This is a developing story, and we will update it as we get more information.
Update:
We are told by PTA officials that a list of 150,000 websites has been sent to ISPs, Mobile Phone service providers, and international bandwidth providers to get them blocked. The process will take 8 to 10 working days and then these 150,000 will be blocked in Pakistan. PTA is planning to keep updating the list, through user input and self determination.
A Message From HackersMedia:
A Pakistani Hacker called Zombie_KSA from the group called (PakBugs) has Hacked Pakistans Supreme Courts website telling the Gov. this message on there site:
[!] Struck By Zombie_Ksa
The Notorious Zombie_Ksa is Back
You Must have Heard about me on, news, headlines, Gov. charges, blogs, blah blah
YES, Pakistan Supreme Court got STAMPED by Zombie_Ksa.
What i can see, I Guess, Supreme Court of Pakistan is in Wrong, Untalented Hands !!
Well Why Did I Choose Supreme Court of Pakistan for HaCkinG ?
Just tO Convey my Message tO Mr Chief So Called Justice Of Pakistan Iftikhar Mohammad Chaudry...
Mr Chief hello0 :D !! Hope So yO Enjoying your full time Luxurious Life.. :D aint u? O.o 
So I am here tO request you to go 0ut there and help the poor,needy and hungry.
They Dont have money to Eat one time Meal 
They dont Have Clothes to wear 
They dont have Accommodation !!
Sitting 0n y0ur r0yal chair w0nt make any changes to 0ur Pakistan
Baby m here tO Tell this mofo World that We are Pakistan ....Not Pornistan... & Sir i need ur help.. Since u have powefull balls and i request you to take action to ban porn sites in Pakistan. Read it again I request you to BAN Pornographic sites in PAKISTAN... PTA is paid whore... they dont give a damn shit about our complains... They can BAN Porn sites... ANd if they dont WTF they are paid for? Mr CJ m again requesting you to take somoto action against PTA. If you dont then i myself will... I will Roast PTA's Asses like I raped FIA... & If they cant or they wont then InshALLAH I will raise the 1337 gr33n flag high and ll Hack PTA like i hacked bef0re =) ...
------------------------------------------------------------------------------------------------------------------
@Webmaster:Mr.Malik Sohail Ahmad The data is intact, no harm done. The index file is only replaced with this message.Well Dude You Don't Know Nothing !! Here in PAKISTAN who has Degree He Is Monster and you Idiot is Webmaster of Supreme Court of PAKISTAN ? Death to U !! Learn Some Serious Shit Insane !!>
We are L33t Pakistani H4x0rZ,
www.Pakbugs.com
------------------------------------------------------------------------------------------------------------------
we are PAKbugs, We keep it real:
   Greetz: Zombie_Ksa | spo0feR | xOOmxOOm | Cyber-Criminal | bh | Agd_Scorp | aB0 m0h4mM3d | The Moorish | Shadow008 |



Mirror http://legend-h.org/mirror/224223/supremecourt.gov.pk/  (Please WAIT for the mirror to load if you want to see it)

Just after Pakistan's Supreme Courts website was hacked,few days later Zombie_KSA Hacked Pakistan Telecommunication Authority (PTA) website. Zombie_KSA had added this message on there site:
H4x0r3d By Pakbugs
The Notorious Zombie_Ksa is Back
You Must have Heard about me on, news, headlines, Gov. charges, blogs, blah blah
YES, I the Zombie_KSA fulfilled the promise i made on Supreme Court Site on 2011/09/27 yea baby..Read it Again... I the Zombie_KSA kept My words... & Pakistan Telecommunication Authority got STAMPED by Zombie_Ksa.
m Just here tO tell the So Called Chairman Dr. Mohammed Yaseen ... "BTW l0l @ Dr" xD
Mr Chairman hello0 :D !! Sir Y0ur BiG HeAd g0t haCk3d ?
Ask y0urself Why Pakistan Telecommunication Authority is ViCtim of ZombiE_KsA ? 
Well Let me KnOw Have you Read my message On Supreme Court Web ? !!
If y0u Miss3d then here u go... (baby keep reading this until you realize that W0t da Fuck u r Paid F0r
Baby m here tO Tell this mofo World that We are Pakistan ....Not Pornistan... & Sir i need ur help.. Since u have powefull balls and i request you to take action to ban porn sites in Pakistan. Read it again I request you to BAN Pornographic sites in PAKISTAN... PTA is paid whore... they dont give a damn shit about our complains... They can BAN Porn sites... ANd if they dont WTF they are paid for? Mr CJ m again requesting you to take somoto action against PTA. If you dont then i myself will... I will Roast PTA's Asses like I raped FIA... & If they cant or they wont then InshALLAH I will raise the 1337 gr33n flag high and ll Hack PTA like i hacked bef0re =) ...
------------------------------------------------------------------------------------------------------------------
So Mr M.yaseen.. D0 W0t you have t0 Do....D0 Wot u Are Getting Paid f0r... If U can't den Give up!!! We will Not let any mofo to FuCk with this Country Any More...
Do BAN every PORN Site in PAKISTAN in a Week Otherwise you Better know me What i Can Do !!!
------------------------------------------------------------------------------------------------------------------
We are L33t Pakistani H4x0rZ,
www.Pakbugs.com
------------------------------------------------------------------------------------------------------------------
we are PAKbugs, We keep it real:
   Greetz: b-h - nEt^DeVil And Agd_Scorp
 
 
PAKISTAN Zindabad



The news about PTA when it got hacked had been posted on Hackers Media Also.

+112 Greece Website g0t Hacked by djArs Hax0r (DMH Crew)


+112 Greece Website g0t Hacked by djArs Hax0r (DMH Crew)



A Pakistani Hacker called djArs Hax0r from (DMH Crew) has hacked over 112 Greece websites.

List : http://pastebin.com/hVFGWqWC
Mirror: http://legend-h.org/hacker/?s=1&user=djArs

Anonymous Threatened To Erase Toronto Stock Exchange (TSX) On November 7th


Anonymous, the hackivist collective, appear now to be backing down from the grandiose promise to "erase" the Toronto Stock Exchange from the Internet on November 7. The one per cent has been putting their wealth in the Toronto Stock Exchange. This is why we choose to declare war against it, says the literally anonymous Anonymous voice. “On November 7, 2011, TSX shall be erased from the internet". And this is just the beginning. Previously anon threatened to erase NYSE from the Internet though that attack failed. also Anonymous threatens to erase FOX News couple of days ago. 

In a video release Anon Said:-
"WE HAVE PUT A STOP TO THE OPERATION DUE TO ALOT OF CITIZENS OF CANADA THAT ARE A PART OF THE 99% DID NOT AGREE TO THE OPERATION!
WE ARE TRULY SORRY AND WOULD LIKE YOU TO KNOW WE ARE WITH YOU, AND WE STAND BY YOU WITH YOUR OPINIONS; BECAUSE WE ALL HAVE A VOICE.
THANK YOU."



Facebook Said 600K+ Accounts Are Being Compromised Per Day



According to the infographic blog post of Facebook they said about 600,000 log-ins per day are compromised. That's given some the false impression that there are that many accounts compromised every day. 
While Facebook does block (approximately) 600,000 log-ins per day, it is not that these Facebook accounts are compromised on Facebook, and certainly not that they're 'hacked' as some have written. There may be compromised accounts that appear on Facebook, but more often than not they are compromised off of Facebook--they use the same password for e-mail as Facebook, they get phished, etc. Compromised in this sense refers to log-ins where we are not absolutely confident that the account's true owner is accessing the account and we either preemptively or retroactively block access. 

The statistic was revealed in an infographic published alongside an official Facebook blog post trumpeting new security features introduced by the firm. The new security features include Trusted friends (called "Guardian angels" in the infographic).
Facebook says that you will be able to nominate three to five "trusted" friends who can help you if you have a problem accessing your account - if, for instance, someone else has changed its password and locked you out of your email account. The idea is that if you need to login to Facebook but can't access your email account, Facebook will send codes to your friends that they can pass on to you.


For more information and to download the Facebook security infographic Click Here

CID West Bengal Hacked By XtReMiSt (MLA)

Pakistani Hacker XtReMiSt (MLA) Muslim Liberation Army Hacked
Crime Investigation Department CID West Bengal-India (All Three Domains Of CID). The hacker say's.... all Data, Secret Information and Database Under Control.. Hacked To Raise The Awareness About Illegal Occupation Of India in Kashmir... We Will Never Surrender... Think as a Human... Killing Of Innocent Humans because they Want Freedom is it a Justice? You Yourself A Best Judge...
Sites: 
www.cidwestbengal.gov.in 
www.cidwestbengal.com 
www.cidwestbengal.org 
Mirrors:
http://zone-h.org/mirror/id/15718411 
http://zone-h.org/mirror/id/15718412 
http://zone-h.org/mirror/id/15718412

Breaking News Fake PakCyberArmy Gets Hacked Again (PakCyberArmy.PK)

Today Massive Blast Rocks Fake PakCyberArmy
(PakCyberArmy.pk)
Fake PCA hacked by KhantastiC Haxor , Shadow008 and Hex Coder 
This is 5th time fake PCA (PakCyberArmy.PK) gets hacked.

Video:

  

Hacked site : http://www.pakcyberarmy.pk/index.htm
http://www.pakcyberarmy.pk/index.html
http://www.pakcyberarmy.pk/index1.html
http://www.pakcyberarmy.pk/target.html
Mirror: http://www.zone-hack.com/defacements/?id=2402

Nathan Power from SecurityPentest has discovered new Facebook Vulnerability



Nathan Power from SecurityPentest has discovered new Facebook Vulnerability, that can easily attach EXE files in messages,cause possible User Credentials to be Compromised .


When using the Facebook 'Messages' tab, there is a feature to attach a file. Using this feature normally, the site won't allow a user to attach an executable file. A bug was discovered to subvert this security mechanisms. Note, you do NOT have to be friends with the user to send them a message with an attachment.


But Nathan Power Find the way to upload EXE . When uploading a file attachment to Facebook we captured the web browsers POST request being sent to the web server. Inside this POST request reads the line:
Content-Disposition: form-data; name="attachment"; filename="cmd.exe"
It was discovered the variable 'filename' was being parsed to determine if the file type is allowed or not. To subvert the security mechanisms to allow an .exe file type, we modified the POST request by appending a space to our filename variable like so:
filename="cmd.exe "

Anonymous DDOS Oakland police site after violence


Cyber activists associated with Anonymous have targeted the Oakland Police Department (OPD) and other law enforcement agencies that participated in a controversial crackdown against OccupyOakland protestors. A DDOS (distributed denial-of-service) attack against the department's websitewww.oaklandpolice.com is underway, and the website currently is unreachable.

AnonyOps tweet "I'm amazed and proud of #occupyOakland protesters who stood defiant, peaceful in the face of lethal force by Oakland PD."

Police fired a number of tear gas canisters, concussion grenades, rubber bullets and non-lethal rounds at demonstrators on Tuesday night, drawing widespread condemnation for the use of heavy-handed tactics against unarmed civilians.Cyber activists associated with Anonymous have targeted the Oakland Police Department (OPD) and other law enforcement agencies that participated in a controversial crackdown against OccupyOakland protestors. A DDOS (distributed denial-of-service) attack against the department's websitewww.oaklandpolice.com is underway, and the website currently is unreachable.

AnonyOps tweet "I'm amazed and proud of #occupyOakland protesters who stood defiant, peaceful in the face of lethal force by Oakland PD."

Police fired a number of tear gas canisters, concussion grenades, rubber bullets and non-lethal rounds at demonstrators on Tuesday night, drawing widespread condemnation for the use of heavy-handed tactics against unarmed civilians.


US satellites was victim by Chinese Hackers


Computer hackers, possibly from the Chinese military, interfered with two U.S. government satellites four times in 2007 and 2008 through a ground station in Norway, according to a congressional commission. According toBloomberg, the Chinese military is suspected of executing the digital intrusions which targeted satellites used for earth climate and terrain observation.

Indeed, a Landsat-7 earth observation satellite system experienced 12 or more minutes of interference in October 2007 and July 2008, while hackers tapped into a Terra AM-1 earth observation satellite twice, for two minutes in June 2008 and nine minutes in October that year. Interestingly enough, the report doesn't actually accuse the Chinese government of sponsoring or executing the four attacks. 



However, it clearly states that the breaches are "consistent" with Beijing's military doctrine which advocates disabling an enemy's space systems, and particularly "ground-based infrastructure, such as satellite control facilities."
[Source]

TeaMp0isoN releases list of vulnerable police web sites


TeaMp0isoN group of hackers published a list of vulnerable law enforcement authorities websites that can be hacked using MSAccess SQL injection attacks. Member from TeaMp0isoN with codename "_f0rsaken" create a pastebin note with following message for Police and People of World :
I do not like the Police. You beat on innocent and peaceful protestors for no reason other than that you want to protect your friends at the banks and yourselves to make money. It's all about money and the Police aiming to keep their job. Why did I decide on not releasing the databases? I want you to see for yourself how vulnerable these people really are and for you all to get an understanding on why I didn't release.


In this release I present you vulnerable websites that are open to MSAccess SQL injection. Below are official city websites that also the Police of that said area uses for their updates. Of course with all the money they make they couldn't spend a dime to invest into their security to make sure no breaches are bound to happen, they let petty vulnerabilities that still exist on their websites stay there with no fix.


Whatever you are storing fellow below cities, which I've seen from table names it isn't good, you better hope the rest of the Community who is smart doesn't find out what's to see ;-) You should of expected me a long time ago, now the realness is setting free the cage.
The SIX vulnerable sites as listed below
  • http://www.ci.vallejo.ca.us/GovSite/default.asp?serviceID1=79' (City of Vallejo, California Website)
  • http://holmesbeachfl.org/Cities/COHB/default.asp?section=3'(City of Holmes Beach, Florida Website)
  • http://www.cityofkaukauna.com/announcements/announcementdetail.asp?DeptID=1' (City of Kaukauna, Wisconsin Website)
  • http://www.ci.kaukauna.wi.us/departments/depthome.asp?DeptID=12'(City of Kaukauna, Wisconsin Website)
  • http://www.romenewyork.com/organization.asp?orgid=63' (City of Rome, New York Website)
  • http://www.eastgreenwichri.com/matriarch/MultiPiecePage.asp?PageID=84' (Town of East Greenwich, Rhode Island Website)
TeaMp0isoN Invites hackers to Use these vulnerabilities for destroying Police sites.

3 Indian Govt Websites Hacked by KhantastiC Haxor

A Pakistani Hacker called KhantastiC Haxor Hacked 3 Indian  Govt Websites .Hacker putting the following message on defaced sites

"g0t R00t3d ? -[220.156.188.72]- 

Hacked =P ??

[!] By KhantastiC HaXor!!
FREEBSD l0v3r Rap3d y0 *Winks*
# Khan@bsd ~ HellO GayHind PeoPle , Where is Security Now ?!
Are U Hacked ? Yesh ! U have been Hacked !!! not because of your stupidity thats because some Indian Gays hacked our Paki sites !
so just here to warn you, that you have been pwnd by Pakistani hacker This is not a joke or dream, this is fucking reality, kids.
This is now just a warning !!
Deleted Every Database !! Muwah <3 .... Backup in my P0cket =p ohh i means in ma Flash Drive =D ...
 


Hate me - Fear me - Despise me 

rm -rf /planet/world/earth/india
echo "The world is a better place now!"
Hey Admin: sorry, nothing harmed, just logs deleted
 
 
L0v3 tO :- all Muslims
h4ck3r@live.com.pk 
Defaced sites and Mirror http://pastebin.com/Lns502nN

World Call Telecommunication forum hacked by Indian Hacker

Today Indian Hacker Ro0t_d3vil Hacked World Call Telecommunication  forum.Hacker Hacked Website to take revenge from KhantastiC Haxor (who recently hacked Indian Telecommunication site BSNL)

BSNL Hacked by KhantastiC


A Pakistani hacker called KhantastiC HaXor has hacked into Bharat Sanchar Nigam Ltd.- India's No. 1 Telecommunications Company. The hacker had added a message to them saying:


Hax3d By KhantastiC haX0r
-[ Bharat Sanchar Nigam Ltd.- India's No. 1 Telecommunications Company ]-
Hacked =P ??
[!] By KhantastiC HaXor!!
# Khan@bt ~ HellO GayHind PeoPle , Where is Security Now ?!
Are U Hacked ? Yesh ! U have been Hacked !!! not because of your stupidity thats because some Indian Gays hacked our Paki sites !
so just here to warn you, that you have been pwnd by Pakistani hacker This is not a joke or dream, this is fucking reality, kids.
This is now just a warning !!
Deleted Every Database !! Muwah <3 .... Backup in my P0cket =p ohh i means in ma Flash Drive =D ...

Hate me - Fear me - Despise me
rm -rf /planet/world/earth/india
echo "The world is a better place now!"
Hey Admin: sorry, just logs and database deleted


L0v3 tO :- all Muslims
h4ck3r@live.com.pk



Site Hacked :
http://bsnl.co.in/tender1/

Mirror:
http://www.zone-h.com/mirror/id/15699580

Related Posts Plugin for WordPress, Blogger...