Leaderboard

Bun venit.. eu am 15 ani ,sper sa rezistam.. ps: da am 15 ,muie la dusmani^^

There are many unpatched loopholes or flaws in Facebook website, that allow hackers to inject external links or images to a wall, hijacking any facebook account or bypassing your social privacy. Today we are going to report about another unfixed facebook app vulnerability that allow a hacker to spoof the content of any Facebook app easily. Nir Goldshlager from Break Security today exposed another major flaw that allows hacker to wall post spoofed messages from trusted applications like Saavn, Candy Crush, Spotify, Pinterest, or really any other application on Facebook. In 2012 Facebook's method of publishing called stream.publish and the Stream Publish Dialog looks like the following: Where app_id and attachment (swfsr,imgsrc,href) parameters can be targeted by hackers i.e using app_id value as application ID of any application you want to spoof (Saavn, Spotify, etc.) and an attacker must produce attachment parameters like swfrsc and imgsrc. If the Stream post URL security option is disabled by the developer of that application, hacker can use any remotely uploaded swf file as attachment parameter. "every time a victim visits my wall post, they will see content spoofing from a Facebook application that they generally trust. Clicking the link on the post makes an swf file from the external website execute on his client machine." Nir said. But in 2013, Facebook changed the mechanism of stream.publish posting and introduced new parameters as explained below: 1. Link parameter: With this parameter, we will include our malicious external link (virus exe file, 0days, Phishing site, or any other malicious link. 2. Picture Parameter: This parameter is only usable if we want to spoof the content with an image. The content of the image will only display correctly on our Wall post. It will not display correctly in the newsfeed, making it relevant only to wall post app spoofing. 3.Caption Parameter: This parameter will allow to an attacker choose from which website the content came from, For Example: Facebook.com Zynga.com Ownerappdomain.com 4. Name Parameter: This parameter produces the title we desire. Whenever the victim clicks on that title, he will be taken to our malicious website. Few examples as given below: Diamond Dash: SoundCloud: Skype: Slidshare Spoofing the parameters again allowing one to spoof the content of any Facebook app and flaw is still unpatched. This techniques can be widely used by cyber crooks to social engineer facebook users or to install malwares on their systems. Sursa: Facebook Hacking, technique to Spoof the content of any Facebook App - TheHackerNews

Seful RSA, divizia de securitate a EMC: Nu mai este o rusine sa fii atacat cibernetic, ci sa nu iti dai seama ca ai fost atacat Pe masura ce apar tot multe atacuri cibernetice asupra companiilor ori institutiilor de stat, nu mai este nimic rusinos daca managerii organizatiilor recunosc ca anumite date confidentale au fost furate, in schimb este jenant daca acestia nu isi dau seama ca li s-a intamplat acest lucru, a declarat Art Coviello, directorul general al RSA, divizia de securitate a companiei de stocare de date EMC, in cadrul evenimentului EMC World care a avut loc de curand in orasul american Las Vegas. El a adaugat ca cea mai mai mare problema pentru specialistii in securitate este “suprafata” tot mai mare care poate fi atacata. „Clientii sunt nervosi si confuzi in legatura cu situatia actuala. Dar se intampla astfel pentru ca nu avem o buna intelegere a securitatii. Suprafata atacabila a crescut tot mai mult. De exemplu, daca in 2007, anul in care a fost lansat iPhone, oamenii generau ¼ zettabytes de informatii, anul trecut au fost generati 2,8 zettabytes, iar in 2020, cantitatea de date va fi intre 40 si 60 de zettabytes. Va fi o oportunitate mare de a ataca aceste date”, a explicat Coviello. Pentru a va da seama mai bine ce inseamna 40 de zettabytes (ori 40 de trilioane de gigabytes), ganditi-va ca daca acestea ar fi salvate pe discuri Blue-ray, greutatea lor ar fi aceeasi cu a 424 portavioane Nimitz (aproximativ100 de tone fiecare), conform unui studiu IDC realizat pentru EMC. “Am trecut de la aparitia smartphone-urilor in 2007, la o ubicuitate a acestora in prezent si vom ajunge la „internetul lucrurilor” (internet of things) in 2020. Vor fi peste 200 de miliarde de dispozitive conectate la internet. Daca in 2007 ne confruntam cu atacuri complexe intruzive, acum sunt inovatoare, atacuri care ies din tipar, dar in 2010 vor fi distrugatoare. Managerii de companii trebuie sa inteleaga cine i-ar putea ataca si in ce fel. Actual model de business era unul reactiv, in care companiile reactioneaza dupa ce au fost atacate. Noul model, spre care ar trebui sa ne indreptam cat mai repede, este unul condus de inteligenta, care sa se bazeze pe intelegerea amenintarilor”, a adaugat managerul. In prezent, bugetele pentru securitate IT sunt impartite astfel: 80% pentru preventie,15% pentru monitorizare si 5% pentru a reactiona post atact. „Ar trebui sa fie 34% pentru preventie, 33% pentru monitorizare si 33% pentru reactie. Printre barierele care apar in fata schimbarii sunt inertia pe care managerii o au in a cheltui bugetele, criza personalului specializat cu care se vor confrunta chiar si companiile mari si gradul de maturitate tehnologica a celor din companii”, a afirmat Art Coviello. Sursa : http://www.wall-street.ro/articol/IT-C-Tehnologie/148791/seful-rsa-divizia-de-securitate-a-emc-nu-mai-este-o-rusine-sa-fii-atacat-cibernetic-ci-sa-nu-iti-dai-seama-ca-ai-fost-atacat.html