Hi Everyone,
Now you can easily check out someone's Instagram DP in original size and zoom it.
Monday, 28 November 2016
Sunday, 13 December 2015
Hey Guys,
It's been a long time I've posted something. (Was busy with Exams :p ). But now I am back with an important issue being raised again & again. Let's See...
One of my follower sent me a message telling the issue he is facing and he was sure that his password is strong and no one has access to his Facebook account.
Then who do you think is the one behind it ?
Let's not give you the answer but instead ask you few questions...
- 1. When some websites ask you to "Login With Facebook" and Then after logging in why don't you have to type in your details like - "Name, email or add picture for display".
- 2. When you play an android game like "Subway Surfers" and then it asks you to connect with Facebook. After logging in, have you ever thought that just by clicking share button on game, how are you able to share your achievement on your account ?
- How is an Autoliker tool giving you likes ? From whose accounts ?
Now let's try to answer
When the user login(s) to the website, it redirects you to the page where it asks for your permissions that you grant to their application
And when you permit the application for the activities it is asking for, it'll be able to operate your account without again asking anything. Even if you are logged out the application will be able to use your account. Here's list of permission and activities that an application can perform from your account without asking you again.
Applications can operate your account with your own permission.
Non-trusted applications that takes your permission can 90% takeover your account and perform all the actions. Auto-Likers(HTC SENSE), Fun apps etc. can force you to like other posts or even send friend requests.
How to save my account ?
- First of all we need to take back the permissions from the application.
- Click here to see all applications.
- Find out the untrusted or unwanted ones.
- Click on the application and choose "Remove app".
Now the account is safe and you can undo all actions by choosing the actions you haven't performed. To see the activities performed, Go to the activity log on your profile page.
Hope You liked The Post, Stay Connected ;)
Saturday, 28 February 2015
Do you know that your Facebook account can be accessed by Facebook engineers and that too without entering your account credentials? Recent details provided by the social network giant show who can access your Facebook account and when.
No doubt, Facebook and other big tech companies including Google, Apple and Yahoo! are making their services out of reach from law enforcement and spies agencies, but at the same time they itself, at least some employees, have access to your personal data.
Earlier this week, director at the record label Anjunabeats, Paavo Siljamäki, brought attention to this issue by posting a very interesting story on his Facebook wall. During his visit to Facebook office in LA, a Facebook engineer logged into his Facebook account after his permission, but the strange part — they did it without asking him for the password.
ACCESS WITHOUT NOTIFICATION
Facebook even didn’t notify Siljamäki that someone else accessed his private Facebook profile, as the company does when your Facebook account is accessed from any new device or from a different Geo-location.
Siljamäki got in contact with Facebook in order to know how many of Facebook's staff have this kind of 'master' access to anyone's Facebook account and when exactly they can access users’ private data, and also, how would anyone know if his/her Facebook account has been accessed.
When the social network giant asked about how the employee got access to user’s Facebook account without entering the account credentials, Facebook issued the following statement :
"We have rigorous administrative, physical, and technical controls in place to restrict employee access to user data. Our controls have been evaluated by independent third parties and confirmed multiple times by the Irish Data Protection Commissioner’s Office as part of their audit of our practices."
The company didn’t explain exactly who can access what, but it assured its users that the accounts access is tiered and limited to specific job function. The access to accounts are granted to most employees in order to reply to a customer request for information or error report.
"Designated employees may only access the amount of information that’s necessary to carry out their job responsibilities, such as responding to bug reports or account support inquiries," Facebook goes on explaining. "We have a zero tolerance approach to abuse, and improper behaviour results in termination."
In short, the social network giant has a customer service tool that can grant Facebook employees access to a user’s account. Facebook runs two separate monitoring systems that generate weekly reports on suspicious behaviour which are then reviewed and analyses by two independent security teams, specifically a selected group of employees.
Friday, 9 January 2015
INTRODUCTION
Website defacement is an attack on a website that changes the visual appearance of the site or a webpage. These are typically the work of system crackers, who break into a web server and replace the hosted website with one of their own. Defacement is generally meant as a kind of electronic graffiti, although recently it has become a means to spread messages by politically motivated "cyber protesters" or hacktivists.
Why Do They Deface?
Websites around the Web are being defaced on a large scale. They aren't being defaced to earn money or some personal profit. In most of the cases, Hacktivists around the Globe target random websites of particular group or country to show their protest against them. What they actually do is replace the Existing page on website with their own Page which often shows the Pseudoname Of the Hacker with a protesting / defacement reason.
Who Is a Defacer?
A defacer is someone who doesn't really care which site they attack; their main aim is simply to find and exploit a vulnerability on a server and then either replace the website content, or upload a file indicating that they were there. No one really knows why defacers do this, as there is no monetary gain. However, a look at some of the exploit archives indicates that different defacements groups are competing against each other. I would say that "real" hackers don't attack random sites, but rather use their knowledge to conduct targeted attacks.
How Is it done?
As I have mentioned, the defacers aren't selective in their targets; in most cases they just use automated tools to find vulnerable servers, and automatically exploit them. The exploit automatically uploads a backdoor to the compromised server which will provide, for example, shell access to the compromised server. The defacer can launch further attacks via the backdoor, such as trying to escalate privileges using local kernel exploits, or reporting the compromised server to a defacement archive. These backdoors are also sold on the black market, enabling buyers to, for example, turn a compromised server into a node in a DDoS network, or use it as spam relay host.
They have scanners that will find vulnerable servers to exploit and then will upload backdoors and some of the scanners also report the defacements to Sites like zone-h.org...
The tools defacers use to find new vulnerable servers mainly check for two types of vulnerabilities: Remote or Local File Include vulnerabilities. Here's a partial list of such free tools, all of which are publically available:
- LFI intruder
- VopCrew IJO Scanner v1.2
- Single LFI vulnerable scanner
- SCT SQL SCANNER
- Priv8 RFI SCANNER v3.0
- PITBULL RFI-LFI SCANNER
- Osirys SQL RFI LFI SCANNER
- FeeLCoMz RFI Scanner Bot v5.0 By FaTaLisTiCz_Fx
How To Prevent Defacement?
The reason behind defacement is not just weak security, but also the ignorance. Many Admins doesn't know the importance of keeping a system up to date and secured.Another major issue is that administrators automatically assume that Linux/Unix is more secure than Windows, and simply don't do any local hardening, or configuration.Proper configuration can more or less eliminate certain types of exploits. For instance, many of the exploits mentioned in this article are "File Include" type vulnerabilities, which enable an attacker to include any arbitrary file he wants; in some cases these files can be from external websites. Simply specifying which directory a specific web application or website is allowed to include files from will effectively protect against this type of exploitation.
For Educational Purpose Only | I don't support unethical activities :)
Friday, 28 November 2014
SHOPPING ADDICTS BE CAREFUL !!!
Christmas is near. Holidays are near. Great Deals are near. It's the best time for shoppers and the retailers. But unfortunately it's a great time for Cyber Criminals too.
With Black Friday (28th November 2014) and Cyber Monday (1st December 2014) coming up, you need to be more careful while shopping. These are the two very busy shopping days where shoppers spend a lot of their time online.
Every eye will be on retailers to ensure that consumers' online shopping experiences are straightforward and, most importantly, Secure. So, at the major part, retailers need to pay attention to extra security measures in order to prevent themselves from massive data breaches, like Target data breach that occurred last year during the Black Friday sales in which over 40 million Credit & Debit cards were stolen.
To prevent yourselves from getting in a trap like that, you must know about the top scams.
1. COPYCAT & FAKE WEBSITES
In order to get an account holder's financial information, Hackers will try all the ways possible. They might set up a fake site that will just look like a genuine site. They will have fake security seals and will show up high ratings, but in reality they are getting your attention towards them and forcing you to enter your details. So to prevent these type of scams, go for the the famous sites or which are run by some famous company. Most importantly check that the website is running over HTTPS.
2. PHISHING WEBSITES
This scam is a very famous one. It's like you get an E-mail from somebody with a URL asking you to open and register an account. The advertisement will be very attractive. You open the page. The page just looks like a real site but unfortunately it's not real. The design is same but the source code or the functions defined are different. Once you provide your details, It won't login, Instead It will send your details to the hacker. So to protect these type of attacks, always check the URL of the site you are visiting. And for double check, check the name of the site on GOOGLE search.
3. Gifts Scam
This works in most cases as they attract many people by providing exciting deals. Customers will be given many free coupons and gift vouchers for visiting a page and registering to their site. So, most of the shoppers will get attracted and will want to get the best deals to get free gift or save money. But this free gift will cost very costly. It will take you to a Phishing site or will force you to download some dangerous unwanted Trojans to record your activities...
So at last, I just want to conclude that It's time to shop people. Go on. But be smart, be safe. You must expect them anywhere, anytime. :)
Subscribe to:
Posts (Atom)
