[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: [Full-disclosure] Facebook "Trusted friends" Security Feature
From: Mohit Kumar <thehackernews () gmail ! com>
Date: 2011-10-31 11:25:47
Message-ID: CADa+gL4A6ir3uYyMa_+eTNUBk59a1zukPXERgh5GgSLCqdqvWQ () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Last week Facebook announced that in one day 600,000 accounts possibly get
hacked. Another possible solution for Facebook to combat security issues is
to find 3 to 5 "*Trusted friends*". Facebook will be adding two new
security features that will allow users to regain control of their account
if it gets hijacked.
In Facebook's case, the keys are codes, and the user can choose from three
to five "*Trusted friends*" who are then provided with a code. If you ever
get locked out of your account (and you can't access your email to follow
the link after resetting your Facebook password), you gather all the codes
and use them to gain access to it again. Yet This method is used by hackers
to hack most of the Facebook account using little bit of Social Engineering
from last 5-6 Months according to me. Let us know, how this works...
*How its Exploitable:*
*This Exploit is 90% Successful on the victims who add friends without
knowing them or just for increasing the number of Friends. *This method to
hack a Facebook Account only works if 3 trusted friends agree to give you
the security code ! Another Idea, Why not Create 3 fake accounts and send
Friend Request to Victim. Once your 3 Fake Accounts become friends with
your victims facebook account, you can select those 3 Accounts to get the
Security Code and Reset the password of Victim. Here a
Complete Demonstration of Hacking Method on
HackersOnlineClub<http://www.hackersonlineclub.com/hack-facebook-account>
.
*Other Serious Facebook Vulnerability in Last Week*
Last Week *Nathan Power* from SecurityPentest has discovered new Facebook
Vulnerability<http://thehackernews.com/2011/10/facebook-exe-attachment-vulnerability.html>,
that can easily attach EXE files in messages,cause possible User
Credentials to be Compromised . Not even Account Security, Also there are
lots of Privacy Issues in Facebook,like *Nelson Novaes Neto*, a Brazilian
(independent) Security and Behavior Research have analyze a privacy issue
in Facebook Ticker<http://thehackernews.com/2011/10/how-facebook-ticker-exposing-your.html>that
allows any person chasing you without your knowledge or consent . *Facebook
should takes these privacy issues & security holes very seriously.*
*
*
Read More at : The Hacker News ~
http://thehackernews.com/2011/10/facebook-trusted-friends-security.html
--
*Regards,*
*Owner,*
*The Hacker News <http://www.thehackernews.com/>*
*Truth is the most Powerful weapon against Injustice.*
[Attachment #5 (text/html)]
<div><span class="Apple-style-span" style="color: rgb(85, 85, 85); font-family: Arial, Tahoma, \
'Century gothic', sans-serif; font-size: 13px; line-height: 24px; background-color: \
rgb(255, 255, 255); ">Last week Facebook announced that in one day 600,000 accounts possibly \
get hacked. Another possible solution for Facebook to combat security issues is to find 3 to 5 \
"</span><b style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: \
0px; padding-top: 0px; padding-right: 0px; padding-bottom: 0px; padding-left: 0px; color: \
rgb(85, 85, 85); font-family: Arial, Tahoma, 'Century gothic', sans-serif; font-size: \
13px; line-height: 24px; text-align: left; background-color: rgb(255, 255, 255); ">Trusted \
friends</b><span class="Apple-style-span" style="color: rgb(85, 85, 85); font-family: Arial, \
Tahoma, 'Century gothic', sans-serif; font-size: 13px; line-height: 24px; text-align: \
left; background-color: rgb(255, 255, 255); ">". Facebook will be adding two new security \
features that will allow users to regain control of their account if it gets \
hijacked.</span><br style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: \
0px; padding-top: 0px; padding-right: 0px; padding-bottom: 0px; padding-left: 0px; color: \
rgb(85, 85, 85); font-family: Arial, Tahoma, 'Century gothic', sans-serif; font-size: \
13px; line-height: 24px; text-align: left; background-color: rgb(255, 255, 255); "> <br \
style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; padding-top: \
0px; padding-right: 0px; padding-bottom: 0px; padding-left: 0px; color: rgb(85, 85, 85); \
font-family: Arial, Tahoma, 'Century gothic', sans-serif; font-size: 13px; line-height: \
24px; text-align: left; background-color: rgb(255, 255, 255); "> <span class="Apple-style-span" \
style="color: rgb(85, 85, 85); font-family: Arial, Tahoma, 'Century gothic', \
sans-serif; font-size: 13px; line-height: 24px; text-align: left; background-color: rgb(255, \
255, 255); ">In Facebook's case, the keys are codes, and the user can choose from three to \
five "</span><b style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; \
margin-left: 0px; padding-top: 0px; padding-right: 0px; padding-bottom: 0px; padding-left: 0px; \
color: rgb(85, 85, 85); font-family: Arial, Tahoma, 'Century gothic', sans-serif; \
font-size: 13px; line-height: 24px; text-align: left; background-color: rgb(255, 255, 255); \
">Trusted friends</b><span class="Apple-style-span" style="color: rgb(85, 85, 85); font-family: \
Arial, Tahoma, 'Century gothic', sans-serif; font-size: 13px; line-height: 24px; \
text-align: left; background-color: rgb(255, 255, 255); ">" who are then provided with a \
code. If you ever get locked out of your account (and you can't access your email to follow \
the link after resetting your Facebook password), you gather all the codes and use them to gain \
access to it again. Yet This method is used by hackers to hack most of the Facebook account \
using little bit of Social Engineering from last 5-6 Months according to me. Let us know, how \
this works...</span><br style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; \
margin-left: 0px; padding-top: 0px; padding-right: 0px; padding-bottom: 0px; padding-left: 0px; \
color: rgb(85, 85, 85); font-family: Arial, Tahoma, 'Century gothic', sans-serif; \
font-size: 13px; line-height: 24px; text-align: left; background-color: rgb(255, 255, 255); "> \
<br style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; \
padding-top: 0px; padding-right: 0px; padding-bottom: 0px; padding-left: 0px; color: rgb(85, \
85, 85); font-family: Arial, Tahoma, 'Century gothic', sans-serif; font-size: 13px; \
line-height: 24px; text-align: left; background-color: rgb(255, 255, 255); "> <b \
style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; padding-top: \
0px; padding-right: 0px; padding-bottom: 0px; padding-left: 0px; color: rgb(85, 85, 85); \
font-family: Arial, Tahoma, 'Century gothic', sans-serif; font-size: 13px; line-height: \
24px; text-align: left; background-color: rgb(255, 255, 255); "><span class="Apple-style-span" \
style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; padding-top: \
0px; padding-right: 0px; padding-bottom: 0px; padding-left: 0px; font-size: large; ">How its \
Exploitable:</span></b><br style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; \
margin-left: 0px; padding-top: 0px; padding-right: 0px; padding-bottom: 0px; padding-left: 0px; \
color: rgb(85, 85, 85); font-family: Arial, Tahoma, 'Century gothic', sans-serif; \
font-size: 13px; line-height: 24px; text-align: left; background-color: rgb(255, 255, 255); "> \
<b style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; \
padding-top: 0px; padding-right: 0px; padding-bottom: 0px; padding-left: 0px; color: rgb(85, \
85, 85); font-family: Arial, Tahoma, 'Century gothic', sans-serif; font-size: 13px; \
line-height: 24px; text-align: left; background-color: rgb(255, 255, 255); ">This Exploit is \
90% Successful on the victims who add friends without knowing them or just for increasing the \
number of Friends. </b><span class="Apple-style-span" style="color: rgb(85, 85, 85); \
font-family: Arial, Tahoma, 'Century gothic', sans-serif; font-size: 13px; line-height: \
24px; text-align: left; background-color: rgb(255, 255, 255); ">This method to hack a Facebook \
Account only works if 3 trusted friends agree to give you the security code ! Another Idea, Why \
not Create 3 fake accounts and send Friend Request to Victim. Once your 3 Fake Accounts become \
friends with your victims facebook account, you can select those 3 Accounts to get the Security \
Code and Reset the password of Victim. Here a Complete Demonstration of Hacking Method on \
</span><a href="http://www.hackersonlineclub.com/hack-facebook-account" rel="nofollow" \
style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; padding-top: \
0px; padding-right: 0px; padding-bottom: 0px; padding-left: 0px; color: rgb(3, 78, 157); \
text-decoration: none; outline-style: none; outline-width: initial; outline-color: initial; \
cursor: pointer; font-family: Arial, Tahoma, 'Century gothic', sans-serif; font-size: \
13px; line-height: 24px; text-align: left; background-color: rgb(255, 255, 255); \
">HackersOnlineClub</a><span class="Apple-style-span" style="color: rgb(85, 85, 85); \
font-family: Arial, Tahoma, 'Century gothic', sans-serif; font-size: 13px; line-height: \
24px; text-align: left; background-color: rgb(255, 255, 255); ">.</span><br style="margin-top: \
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; padding-top: 0px; padding-right: \
0px; padding-bottom: 0px; padding-left: 0px; color: rgb(85, 85, 85); font-family: Arial, \
Tahoma, 'Century gothic', sans-serif; font-size: 13px; line-height: 24px; text-align: \
left; background-color: rgb(255, 255, 255); "> <br style="margin-top: 0px; margin-right: 0px; \
margin-bottom: 0px; margin-left: 0px; padding-top: 0px; padding-right: 0px; padding-bottom: \
0px; padding-left: 0px; color: rgb(85, 85, 85); font-family: Arial, Tahoma, 'Century \
gothic', sans-serif; font-size: 13px; line-height: 24px; text-align: left; \
background-color: rgb(255, 255, 255); "> <b style="margin-top: 0px; margin-right: 0px; \
margin-bottom: 0px; margin-left: 0px; padding-top: 0px; padding-right: 0px; padding-bottom: \
0px; padding-left: 0px; color: rgb(85, 85, 85); font-family: Arial, Tahoma, 'Century \
gothic', sans-serif; font-size: 13px; line-height: 24px; text-align: left; \
background-color: rgb(255, 255, 255); "><span class="Apple-style-span" style="margin-top: 0px; \
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; padding-top: 0px; padding-right: 0px; \
padding-bottom: 0px; padding-left: 0px; font-size: large; ">Other Serious Facebook \
Vulnerability in Last Week</span></b><br style="margin-top: 0px; margin-right: 0px; \
margin-bottom: 0px; margin-left: 0px; padding-top: 0px; padding-right: 0px; padding-bottom: \
0px; padding-left: 0px; color: rgb(85, 85, 85); font-family: Arial, Tahoma, 'Century \
gothic', sans-serif; font-size: 13px; line-height: 24px; text-align: left; \
background-color: rgb(255, 255, 255); "> <span class="Apple-style-span" style="color: rgb(85, \
85, 85); font-family: Arial, Tahoma, 'Century gothic', sans-serif; font-size: 13px; \
line-height: 24px; text-align: left; background-color: rgb(255, 255, 255); ">Last Week \
</span><b style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; \
padding-top: 0px; padding-right: 0px; padding-bottom: 0px; padding-left: 0px; color: rgb(85, \
85, 85); font-family: Arial, Tahoma, 'Century gothic', sans-serif; font-size: 13px; \
line-height: 24px; text-align: left; background-color: rgb(255, 255, 255); ">Nathan \
Power</b><span class="Apple-style-span" style="color: rgb(85, 85, 85); font-family: Arial, \
Tahoma, 'Century gothic', sans-serif; font-size: 13px; line-height: 24px; text-align: \
left; background-color: rgb(255, 255, 255); "> from SecurityPentest has discovered new \
</span><a href="http://thehackernews.com/2011/10/facebook-exe-attachment-vulnerability.html" \
style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; padding-top: \
0px; padding-right: 0px; padding-bottom: 0px; padding-left: 0px; color: rgb(3, 78, 157); \
text-decoration: none; outline-style: none; outline-width: initial; outline-color: initial; \
cursor: pointer; font-family: Arial, Tahoma, 'Century gothic', sans-serif; font-size: \
13px; line-height: 24px; text-align: left; background-color: rgb(255, 255, 255); ">Facebook \
Vulnerability</a><span class="Apple-style-span" style="color: rgb(85, 85, 85); font-family: \
Arial, Tahoma, 'Century gothic', sans-serif; font-size: 13px; line-height: 24px; \
text-align: left; background-color: rgb(255, 255, 255); ">, that can easily attach EXE files in \
messages,cause possible User Credentials to be Compromised . Not even Account Security, Also \
there are lots of Privacy Issues in Facebook,like </span><b style="margin-top: 0px; \
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; padding-top: 0px; padding-right: 0px; \
padding-bottom: 0px; padding-left: 0px; color: rgb(85, 85, 85); font-family: Arial, Tahoma, \
'Century gothic', sans-serif; font-size: 13px; line-height: 24px; text-align: left; \
background-color: rgb(255, 255, 255); ">Nelson Novaes Neto</b><span class="Apple-style-span" \
style="color: rgb(85, 85, 85); font-family: Arial, Tahoma, 'Century gothic', \
sans-serif; font-size: 13px; line-height: 24px; text-align: left; background-color: rgb(255, \
255, 255); ">, a Brazilian (independent) Security and Behavior Research have analyze a \
</span><a href="http://thehackernews.com/2011/10/how-facebook-ticker-exposing-your.html" \
style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; padding-top: \
0px; padding-right: 0px; padding-bottom: 0px; padding-left: 0px; color: rgb(3, 78, 157); \
text-decoration: none; outline-style: none; outline-width: initial; outline-color: initial; \
cursor: pointer; font-family: Arial, Tahoma, 'Century gothic', sans-serif; font-size: \
13px; line-height: 24px; text-align: left; background-color: rgb(255, 255, 255); ">privacy \
issue in Facebook Ticker</a><span class="Apple-style-span" style="color: rgb(85, 85, 85); \
font-family: Arial, Tahoma, 'Century gothic', sans-serif; font-size: 13px; line-height: \
24px; text-align: left; background-color: rgb(255, 255, 255); ">that allows any person chasing \
you without your knowledge or consent . </span><b style="margin-top: 0px; margin-right: 0px; \
margin-bottom: 0px; margin-left: 0px; padding-top: 0px; padding-right: 0px; padding-bottom: \
0px; padding-left: 0px; color: rgb(85, 85, 85); font-family: Arial, Tahoma, 'Century \
gothic', sans-serif; font-size: 13px; line-height: 24px; text-align: left; \
background-color: rgb(255, 255, 255); "><span class="Apple-style-span" style="margin-top: 0px; \
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; padding-top: 0px; padding-right: 0px; \
padding-bottom: 0px; padding-left: 0px; color: rgb(153, 0, 0); ">Facebook should takes these \
privacy issues & security holes very seriously.</span></b></div> <div><b style="margin-top: \
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; padding-top: 0px; padding-right: \
0px; padding-bottom: 0px; padding-left: 0px; color: rgb(85, 85, 85); font-family: Arial, \
Tahoma, 'Century gothic', sans-serif; font-size: 13px; line-height: 24px; text-align: \
left; background-color: rgb(255, 255, 255); "><span class="Apple-style-span" style="margin-top: \
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; padding-top: 0px; padding-right: \
0px; padding-bottom: 0px; padding-left: 0px; color: rgb(153, 0, 0); "><br> \
</span></b></div>Read More at : The Hacker News ~ <a \
href="http://thehackernews.com/2011/10/facebook-trusted-friends-security.html">http://thehackernews.com/2011/10/facebook-trusted-friends-security.html</a><br \
clear="all"> <div><br></div>-- <br><b>Regards,</b><div><b>Owner,</b></div><div><b><a \
href="http://www.thehackernews.com/" target="_blank">The Hacker News</a></b></div><div><span \
style="background-color:rgb(255, 255, 0)"><b><font color="#CC0000">Truth is the most Powerful \
weapon against Injustice.</font></b></span></div> <br>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic