Add

loading...

Saturday 1 October 2016

<script src='https://assets.fortumo.com/fmp/fortumopay.js' type='text/javascript'></script>

<a id="fmp-button" href="#" rel="67af93afd53ee0185ce3236359c4b13d"><img src="https://assets.fortumo.com/fmp/fortumopay_150x50_red.png" width="150" height="50" alt="Mobile Payments by Fortumo" border="0" /></a>

Saturday 17 September 2016

Malware Not To Decrease Any Time Soon!


There are now more than 1 billion smartphone users around the world, many of whom are connected to always-live cloud services. While e-mail and social media accounts are synced with their PC counterparts to create a seamless solution for cross-platform communication, we are now beginning to see some of the major security issues that have been created.
Malware, software intended to damage or take control of a computer system, is spreading through these open channels causing infections at alarming rates. In 2012, mobile malware increased by 1200% and 32% of desktop computers were identified as being infected with a trojan, worm or virus. Many of these infections can be avoided by using a freeware software solution such as Spybot, although new types of malware are released daily that can avoid immediate detection. In the following infographic some incredible statistics have been compiled into a guide explaining the process of infection, the information at stake and helpful tips on protecting yourself from a technological and potentially identity-stealing disaster.




15k Twitter Account Hacked, A True Story?


Few days back an article was published on techworm.in, where a hacker named "Mauritania Attacker" leaked claimed to leak thousands of twitter accounts, the data was made available for public to use and was uploaded on zippyshare.com. The data contained the twitterid, twitternick, oauthtoken nand oauth_token_secret.




How Was the data breached?

Well, it seems to me that the database of a third party app was breached which contained the list of Oauth tokens. In laymen terms oauth is used for authorizing the third party applications without the need of giving them the password

The application is granted an access token which it uses to authorize it selves, which means that an attackerhaving hold of the access token would be able to access the twitter accounts without the need of a password. The Oauth tokens can be easily be by tampering the request with a webapplication proxy such as Tamper Data, Burp suite etc. Twitter has recently introduced Two step authentication, however it isn't much handy in this case.

How Twitter Users Can Protect Themselves?  

Well, if the attacker keeps compromising database of the third party applications and getting the hold of the oauth tokens, then their is not much that twitter can do, Since they can protect their database from being breached, however they certainly have no hold of the third party application database.

Twitter users are advised to revoke access to all the third party application and reauthorize them, therefore the access tokens would be expired and the attacker would not be able to use them. Twitter users should only use trusted third party applications and when they are not using any of them, they should revoke the access so that the access token would be expired.

Facebook, has also known issues with their oauth in past, Security reseachers have pointed multiple flaws and all of them relied upon stealing of the oauth tokens, The issue with twitter in this case is a bit different, the access tokens were compromised due to a third party app, whereas in facebook oauth tokens could have been compromised due to a flaw inside it's design.

Twitter has denied the claims made by an attacker that any part of the twitter's database was compromised, which seems true to me. The Mauritania Attacker has posted a status on his facebook that he will reveal exactly how the access tokens were compromised today to techworm.




Facebook Phishing Scams At It's Best



Phishing as discussed before is one of the most widely used method to hack a facebook account, Phishing holds the top position in an article I wrote on 10 Ways How Hackers Can Hack Your Facebook Account In 2011. There are variety of methods to carry out phishing attack, In a simple phishing attacks a hacker creates a fake login page which exactly looks like the real facebook page and then asks the victim to login into that page, Once the victim logins through the fake page the victims "Email Address" and"Password" is stored in to a text file, The hacker then downloads the text file and get's his hands on the victims credentials.


In a recent research by security-web center, A collection of 35 phishing sites have been made public, below mentioned are the 35 different phishing websites found by security-webcenter.



Note: Please Don’t Try to login on listed websites.


http://www.sanagustinturismo.co/Facebook/


http://www.facebook.pcriot.com/login.php


http://deadlyplayerx.binhoster.com/Facebook/securelogin.php
http://facelook.shop.co/login.php


http://sigininto.horizon-host.com/facbook/facebook.php


http://custom-facebook.info/facebook.htm


http://www.profile.co.gp/facebook/photo.phpfbid=12447510&set=a.478812.I41224&type=1&theater.html


http://s6.mywibes.com/facebook.htm
http://www.fjtech.us/


http://myoneid.site90.com/
http://facedook.co.gp/wwwfacebookcomprofilephpid100001548737188.htm


http://faceebook-com.bugs3.com/login/Secured_Re-login/index1.html


http://facebooook.axfree.com/


http://combatarms.free.fr/


http://sweed.web44.net/


http://thekshitij.in/facebook/index1.html


http://addgames.awardspace.biz/


http://www.profile.co.gp/facebook/


http://www.sjscheat.com/Hosting%20blogger/facebook


http://h1.ripway.com/denal/


http://1337r00t.13.ohost.de/r00tw00tkn00wn/


http://faacebok.zapto.org/


http://h4ck3rgadungan.adfoo.info/index1.html


http://www.2498.b.hostable.me/
___________________________________
+ Updated (28.11.2011):
http://www.facebook.reekcreations.com/


http://wvw.facebook.com-photos.php.id.1574348425.jgold.in/


http://fan-pages.vgig.ir/facebook.com.home.php.sk-2361831622.applicationspage/


http://timkoch71.net46.net/1638765386283/facebook/


http://privacy-facebook-it.f11.us/check_privacy.htm


http://www.configsetting.com/facebook/login.htm


http://facebook-beta.kilu.de/facebooklogin.html


http://www.frfacebook.fr/


http://fun4iran.tk/facebook.unfiltered/Index.htm


http://login.eu.nu/facebook/photo.phpfbid=1248427590010&set=a.1292457490730.34590.1809072438&type=1&theater.html