Tuesday, 4 June 2013

Hacking Facebook Accounts Through Facebook Applications [Report]

Facebook or myspace is one of the most well-known public media websites due to which it is the number 1 focus on of online hackers, Facebook or myspace has applied lots of protection on the hosting server side as a reason of which online hackers strike customers instead of fighting the hosting server, In easier terms, online hackers don't strike Facebook or myspace itself but instead strike Facebook or myspace customers, this is where strikes such as phishing, keylogging comes in to play.

In the past, we have published several content relevant to Facebook or myspace coughing and protection, however, in this publish we will not talk about any of the past techniques we have previously mentioned. In this publish,
we will tell you how to crack a Facebook or myspace security password with Facebook or myspace programs.

According to CNET:

Hackers have turned their attention to Facebook's hundreds of independent applications. The results are not terribly surprising, but do not tell a good tale: app developers don't seem to know a thing about basic security, and are putting private user information at risk. As a result, malicious hackers are able to access and change what should be private user data managed by the application providers.

A very simple example is coughing Facebook or myspace details through fixed FBML. The cyberpunk creates an program or a web page that the customer can find 'believable'. The customer mouse clicks the site and checks the URL and the year the Facebook or myspace application/page was created. Facebook or myspace permits program designers to get access to considerable amounts of sensitive data, all without clear customer approval and this way the cyberpunk gets all the information he needs about the customer.

According to the summary of 2600 article:

In all three of those applications, User A can very easily modify User B's data by intercepting a form and modifying the uid (Facebook user ID) before transmission. In addition, with some applications, User A can gain access to stored application data (e.g. history, etc.) for any User B, whether they are friends or not. Such applications blindly trust form data that can easily be tampered with, which is very clearly a bad idea. 
The Moods application allows unauthorized users to view the mood histories of non-friends, and with Firebug, anyone with the app can intercept their own mood change form before submitting it, change the uid in the form, and change someone else's mood.
Super Wall has a similar vulnerability that allows someone to intercept the form in a similar way and spoof messages from ANYONE to ANYONE (even a non-friend) just by changing the to and from uid's.

The Steps To Hacking Aren't Too Difficult:
1. The user clicks the link and the session (cookies) can now be accessed by the hacker. Using just that, the hacker can log into anyone's account without a username and password.

2. The user sifts through the URL and once found, they enter their username and password.

3. After hitting the button, the user checks the password and a page pops up stating a 'Thank you' message and a password rank page will popup.

4. When the user checks their email spam, there must be an email and it will ask the user to try their password again.

According to Microsoft's Larry Osterman:
     It requires a unique attitude to think like a bad guy. Not everyone can change into that attitude. For example, I can't think of frequent I had to tell designers on my group "It doesn't issue that you've examined the value on the consumer, you still need to examine it on the hosting server because the consumer that's speaking with your hosting server might not be your value.

To Create Sure That Your Consideration Doesn't Get Hacked:

1. Don't simply just click a weblink from a individual you do not know.
2. Facebook or myspace is not going to ask if your security password is powerful or not.
3. Never believe in any Facebook or myspace Programs.

No comments:

Post a Comment

Related Posts Plugin for WordPress, Blogger...