Facebook News & Updates

  • Thread starter Thread starter kramkumar
  • Start date Start date
  • Replies Replies: Replies 448
  • Views Views: Views 103,091
Unpatched IE bug exposes sensitive Facebook creds

A security researcher has devised an attack that remotely steals digital credentials used to access user accounts on Facebook and other websites by exploiting a flaw in Microsoft's Internet Explorer browser.

Independent researcher Rosario Valotta demonstrated his “cookiejacking” proof of concept last week at the Hack in the Box security conference in Amsterdam. It exploits a flaw that's present in all current versions of IE to steal session cookies that Facebook and other websites issue once a user has entered a valid password and corresponding user name. The cookie acts as a digital credential that allows the user to access a specific account.

The proof of concept code specifically targets cookies issued by Facebook, Twitter and Google Mail, but Valotta said the technique can be used on virtually any website and affects all versions of Windows.

“You can steal any cookie,” he told The Register. “There is a huge customer base affected (any IE, any Win version).”

The attack exploits a vulnerability in the IE security zones feature that allows users to segregate trustworthy websites from those they don't know or don't ever want to access. By embedding a special iframe tag in a malicious website, an attacker can circumvent this cross zone interaction and cause the browser to expose cookies stored on the victim's computer.

The exploit requires the attacker to accomplish a variety of difficult tasks, including knowing where on a hard drive cookies are stored (it can be slightly different for various versions of Windows) and knowing the victim's Windows username.

Valotta's exploit incorporates techniques developed by researchers including one by Jorge Medina that manipulates file-sharing functionality built into IE to transmit the Windows username in plain text. It also borrows an advanced form of clickjacking, known as drag & drop content extraction, which was demonstrated last year by Paul Stone.

A video of Valotta's attack in action is below.
 
Last edited by a moderator:
Facebook to Launch Music Service with Spotify

spotify-cover,L-3-287175-1.png

It seems Facebook’s next big thing could be music streaming, as the rumor mill reports it’s preparing to announce an integrated Facebook music service in collaboration with Spotify.

Spotify, a DRM-based music streaming service based in Sweden, launched three years ago in October in 2008 and quickly built up a loyal userbase across Europe. Only available in a select few countries (Sweden, Spain, Norway, Finland, France, the Netherlands and the United Kingdom), the service allows users to stream an unlimited amount of ad-supported music for the first six months, and 10 hours per month after that. A premium option is available for those who want to ditch the ads and these paying customers can use the service from mobile devices, listen to unlimited amounts of music and avail of higher bitrate streams plus offline access to music. This costs €9.99 per month (just shy of $15).

Originally scheduled for a U.S. launch last year, Spotify is said to be in talks with record labels to bring the service stateside. However, according to Forbes sources, those talks are still ‘ongoing’ and when a deal is reached, Spotify will be launching as ‘Spotify for Facebook’ as opposed to a standalone service. Spotify will appear as an icon on the left of the Facebook news feed, where users are used to seeing the messages and events icons. Clicking that little icon will install Spotify on your desktop and allow users to play songs through Facebook. The service will also apparently include a feature that will allow you to listen to music simultaneously with your friends over Facebook.

If Forbes’ sources are to be believed, Spotify and Facebook could launch the service as soon as two weeks time (though a U.S. launch will have to wait until details with record companies are ironed out). Would you use Spotify for Facebook? Let us know in the comments below!
 
Facebook set to reach 1 bn users by 2012

Nearly 700 million people are using the social network site Facebook worldwide now, and the number is likely to reach one billion by 2012.

According to statistics site Social Bakers, the fastest growth is coming out of Brazil, with Facebook picking up another 1.9 million users in May, The Daily Mail reports.

Other fast growing social networking countries include Indonesia, Philippines, Mexico and Argentina.

Last July, when Facebook reached the 500 million users mark, its founder Mark Zuckerberg said there was 'no chance' the company wouldn't reach one billion.

"It is almost a guarantee that it will happen. It will be interesting to see how it plays out," Zuckerberg said that time.

In the first quarter of this year, the site beat usual numbers jumping from 585 million users to more than 665million. There were nearly 80 million new users in three months.

The US still holds the number one country spot with over 149million users, almost half its population. Some 19 million of them come from California alone.
 
Facebook attracts 700m users globally...

NEW YORK: The number of Facebook users reached around 700 million worldwide in the month of May, with the developing countries contributing the most, according to the data of statistics site Social Bakers.

"Facebook is still on the rise...number of its total users is closing in to 700 million users," Social Bakers said.

Five countries, Brazil, Indonesia, the Philippines, Mexico and Argentina, each contributed more than 1 million new users to social networking site Facebook in May.

At the sixth position is India with the addition of 918,140 new users last month taking the total users to 25.77 million in the country.

Best performer Brazil attracted 1.95 million new Facebook users in May taking the total membership to 19.09 million.

Brazil is followed by Indonesia with 1.59 million new users, the Philippines (1.33 million), Mexico (1.11 million) and Argentina (1.06 million).

According to reports, Facebook users are likely to reach one billion by 2012. Last July, when Facebook made 500 million users its founder Zuckerberg stated that there is no chance for the social networking site that it cannot reach 1 billion.

During the first quarter of 2011, the social networking site moved ahead surging from 585 million users to more than 665 million. There were nearly 80 million new users in three months.

-Times
 
RE: Facebook attracts 700m users globally...

gre8888888888888888888888
face book!!!!!!!!!!!!!!!:clapsmiley::clapsmiley::clapsmiley:
 
Indian hacker group kicked-out by Facebook

1494cqh.jpg

The Indian arm of a hacker group 'Anonymous' - called Anonymous Operation India - has been removed from Facebook and Twitter. Both the 'Operation India' Facebook page and '@operationindia' Twitter handle are no more accessible.

'Anonymous' is a 'hacktivist' group that has been linked to the recent attack on Sony as well as against the governments of Iran, Spain, New Zealand and Colombia. Their operations started in India recently and came into the limelight when they claimed to have hacked the National Informatics Centre website and the Indian Army website last week .

The NIC site on the URL http://informatics.nic.in/oldnewsonline/abc.html was defaced with graffiti that said: "We exist without nationality. We exist with humanity. NIC took 3 mins."

In a similar hack, the Indian Army's website was reportedly taken down for about an hour. According to www.hackernews.com, the hackers also released password/ login information and forensic logs of indianarmy.nic.in. The Denial of Service (DoS) attack reportedly did not harm the site and there was no data loss. The site also quotes a message from them that states, "We took Down Indian Army Official Site and NIC knows more what we did."

In a message posted on their IRC (Internet Relay Chat) group, Anonymous claimed responsibility for both hacks saying, "The NIC hack, was merely a taste of what may come...The time has come now, when we'll wage a war of independence - from corruption and we promise to fight till the end."

After the attacks the group has placed its demands that include taking strong and decisive measures to root-out corruption and stem the rot plaguing Indian politics, the expeditious passing of the Lokpal Bill and prescription of severe punishment for corrupt officials. Find below the complete message from the hacking group.
 
Facebook tests real-time update feature

15xr1vp.jpg


Facebook on Friday said it is dabbling with a Twitter-like feature that alerts members in real time to what their friends are up to on the social network.

The feature, reportedly called "Happening Now," is being tried by a "fraction of a percent" of Facebook's more than 600 million members, according to the world's leading online social network.

"We are currently testing a feature within News Feed that gives people the ability to see what their friends are commenting on and 'liking,' as these actions are being taken on Facebook," the California company said in an email reply to an AFP inquiry.

"In the coming weeks, as we learn more from this test, we'll keep making improvements and may expand it to more people."

The feature was seen by some as a potential challenge to global microblogging service Twitter, which lets people share what they are thinking, doing, or seeing instantly in messages of 140 or fewer characters.

The new Facebook feature for now apparently alerts people to what friends are doing at the social network.
 
Back
Top Bottom