Search the Community
Showing results for tags 'trick'.
Found 2 results
SURSA SophosLabs researchers recently uncovered a hack being used by unscrupulous web marketers to trick Google's page ranking system into giving them top billing, despite Google's ongoing efforts to thwart this sort of search poisoning. Over on the Sophos Blog, technical expert Dmitry Samosseiko explains how the scammers did it, and how SophosLabs spotted what they were up to. Here on Naked Security, we decided to take a look at why search engine poisoning matters, and what we can do as a community if we see that something is not what it seems. The power of search Put your hand up (literally, if you like) if you have ever done either or both of these: Set out to research a topic or a product thoroughly. Used your favourite search engine. Then gone no further than the first couple of results on the very first page. Job done. Used a search engine to gauge whether a business or website has been around a while and built up trust in that time. Seen it near the top of the first page of results. Job done. If you have, you aren't alone, and that's why doing well in search results is so important for a modern organisation. And that, in turn, is why Search Engine Optimisation (SEO) exists: you make every effort to write your web pages so they are clear and relevant, and you do your best to build up a reputation that makes already-trusted sites want to link to you. When others link to you, that acts as an implicit recommendation, and search engines let you bask in some of the reflected glory of the sites that have linked to you. Poisoning the chalice Of course, getting high up in the search rankings gives great results for cybercrooks too, and they don't play by the rules. Treachery by cybercrooks gives search companies a double whammy: the search engines end up not only giving away artificially high rankings for free, but also conferring trust even on web pages that put users in harm's way. As a result, the search companies have been in a constant battle with the Bad Guys to stamp out tricks that poison search rankings. One search poisoning technique involves being two-faced: looking honest and reputable when a search engine visits in the course of indexing the web, yet serving up malevolent content when a user clicks through. This trick is called cloaking, and it's been going on for years. As you can imagine, the search engines have become adept at detecting when websites feed back content that doesn't look right. For example, they can compare what happens when their own search engine software (known as a spider or a crawler) comes calling, and what shows up when a regular browser visits the site. Servers often tweak the pages they present depending on which browser you're using, so some variation between visits is to be expected. But if a browser sees a story about apples while the crawler is being sold on oranges, then something fishy is probably going on. Additionally, a search engine can analyse the pages that its crawler finds in order to estimate how realistic they look. Google's crawler is known – officially, as you see in the HTTP header example above – as the Googlebot, and it has been taught to be rightly suspicious of web pages that seem to "try too hard" because they've been artificially packed with fraudulent keywords. Scamming the Googlebot But even Google doesn't get it right all the time. Indeed, SophosLabs recently spotted dodgy web marketers using a surprisingly simple trick to persuade the usually-sceptical Googlebot to accept bogus content. The trick inflated the reputation of dubious pages, and sent them dishonestly scooting up the search rankings. Our researchers immediately informed Google so that the problem could be fixed, but the story makes for fascinating reading. Dmitry Samosseiko of SophosLabs has published a highly readable report about what happened; we're not going to spoil the fun by repeating it here, so please head over to our Sophos Blog for the details.
The hugely popular smartphone messaging service WhatsApp, acquired by Facebook for over $20 billion last year, has reportedly been found to be prone to hijacking without unlocking or knowing your device password, making its hundreds of Millions of users vulnerable to, not just hackers, but also non-technical people. This trick lets anyone surrounds you to get effectively control over your WhatsApp account. The attacker needs nothing more than a phone number of the target person and access to the target mobile phone for a few seconds, even if it is locked. Hacking Whatsapp account in such scenario is not hard for your friends and colleagues. This is not actually a loophole or vulnerability in WhatsApp, and rather it is just the way WhatsApp is designed and its account setup mechanism works. NOTE: Moreover, we aren’t encouraging users to hack others WhatsApp account, but the purpose of publishing this article is to warn and remind our readers that you should be extra careful to whom you lend your mobile phone and not to leave it unattended for longer durations with strangers around. The trick enables the offender to get full control over the victim’s WhatsApp account in no time and the most surprising part is that it independently works on all mobile platforms, including Android, Windows and Apple’s iOS. Here’s How to Hijack someone else’s WhatsApp Account? Below are the clear steps to hack the WhatsApp account on any Smartphones: Begin by setting up a WhatsApp account on a new mobile phone using the phone number of your target. During the setup process, WhatsApp will call the target’s phone number and will provide a PIN that needs to be entered for the authentication of the account. If you already have access to the victim’s phone, you can just answer the phone call and grab the code with no efforts. Even if the victim has a lock screen enabled on the phone, you can receive the phone call to get the secret PIN. Using this known and simple trick your colleagues can hijack your WhatsApp Account easily. The worst case is with iPhones: Things get even worse on iPhone if the users have configured their iPhones with Siri authentication for the lock screen, because all the contact details are available to access the Siri’s settings, effectively giving everyone access to their phone number without the need for a PIN. Thus, if you try to steal the account information of WhatsApp, without even having the phone number of the target user, you can just call your number from target’s phone using Siri. Just check the given video demonstration that explains the simple trick of taking control of anyone’s WhatsApp account. Source