Recent facebook attacks and how to protect yourself

Tweet

These days  there has been a significant increase of explicit material of violent and porn nature being posted on users walls or through messages. Though facebook is constantly under such attacks and have been handling those threats aptly the last week was a good one for the spammers and scammers.

Most of the users have gone through such posts : Check out the spider under this girl's skin! You won't believe what this dad found on his daughter's computer! . I bet you can't watch this video for more than 15 seconds! And the list goes on.

Most of these attacks uses a  technique called click jacking. The fake links looks like regular Facebook posts, often posted from friends we would normally trust to only post good links. On clicking these links a JavaScript command is executed, that causes a user's computer to perform a program that spreads the link even farther .The posts are designed to be interesting and to flare up the curiosity within us.

But this might not end only with spreading.T hey often come armed with malware, which is dropped on the user's computer when clicked. Malware can perform malicious functions on our computers like stealing our passwords and personal information or even more.

Protecting yourself

Though Facebook declared that it has quarantined the malicious accounts and pages behind the attack, but it also offered some simple tips to help users safeguard themselves in the future. Facebook says:

·         Don’t ever copy and paste code into your browser’s address bar unless you’re confident the source is legit.

·         Make sure your browser is up to date.

·         Report anything weird that you see on Facebook using the “report” links throughout the social network.

·         Don’t click any links that look too good to believe or claims weird things.

If you suspect that malware has already gotten a hold of your Facebook account, or if you're seeing unwanted spam, there are three simple steps to attempt to make your account secure again.

Change your password. This can be done by visiting your account settings. Be sure to use a strong password with a mix of numbers, symbols, capital and lowercase letters and no dictionary words if possible.

• While you're in your settings, remove any unwanted Facebook apps. This could be the culprit, or the malware could have installed an app without your knowledge.
• Run a virus and malware scan on your entire system with updated antivirus.

A little caution on the users part will keep such attacks at bay since most of the attacks have used  user affinity to interesting stuffs . Stay informed about the latest spams and attacks and donot share anything just because it looks quite obvious.Stay informed stay  secure.

11:58 by Sourav · 0

Top It security Tools For web developers to Make their websites and web applications secure

Tweet

Most attacks on a web-site or web application can be prevented by exercising some caution by the web developer during and after application development. Study reveals that 70% of web sites have vulnerabilities that can lead to theft of valuable data or defacement. Some of  the threats an web application might have are  1)Cross site scripting 2)Sql Injection 3)Command injection  4) Cookie Poisoning  5)Directory traversal or forceful browsing  6)Authentication Hijacking  7)Zero Day attack  8)Platform Exploit 9) Log tampering  ,etc. But most of these attacks can be prevented by some countermeasures. Now in this post I will be discussing how to detect the common web vulnerabilities of your website after you have developed it using some easy to use tools. Knowing these vulnerabilities will make you able know to more about their remedies.

1)Acunentix Web Vulnerability Scanner

Acunetix web vulnerability scanner is a tool designed to discover security holes in your web applications.It looks for multiple vulnerabilities including SQL injection, cross site scripting, and weak passwords.The application can be used to perform scanning for web and application vulnerabilities and to perform penetration testing against the identified issues. Mitigation suggestions are then provided for each weakness and can be used to increase the security of the web server or application being tested. It is easy to use and a free edition is also available.

Download link  http://www.acunetix.com/

 

2) AppScan 

AppScan provides security testing throughout the application development lifecycle, easing unit testing and security assurance early in the development phase. Appscan scans for many common vulnerabilities, such as cross site scripting, HTTP response splitting, parameter tampering, hidden field manipulation, backdoors/debug options, buffer overflows and more. AppScan was merged into IBM's Rational division after IBM purchased its original developer (Watchfire) in 2007

Download link http://www.ibm.com/developerworks/downloads/r/appscan/

  

3) DirBuster 

DirBuster searches for hidden pages and directories on a web server. Sometimes developersl leaves a page accessible, but unlinked; DirBuster is meant to find these potential vulnerabilities.This is a Java application developed by OWASP.

Downlink https://www.owasp.org/index.php/Category:OWASP_DirBuster_Project#tab=Download

4) CookieDigger

CookieDigger helps identify weak cookie generation and insecure implementations of session management by web applications. The tool works by collecting and analyzing cookies issued by a web application for multiple users. The tool reports on the predictability and entropy of the cookie and whether critical information, such as user name and password, are included in the cookie values.     

Download link http://www.mcafee.com/apps/free-tools/termsofuse.aspx?url=/us/downloads/free-tools/cookiedigger.aspx

5) dotDefender

dotDefender is a web application security solution (a Web Application Firewall, or WAF) that offers strong, proactive security for your websites and web applications. It blocks attacks that are manifested with HTTP request logic such as sql injectin,proxy takeover,header tampering etc and other known attacks.

By- Sourav

02:42 by Chetan · 1

C program for converting a 4 digit decimal number to words.

Tweet

From today we will start posting various programs and codes.These are developed by the authors and is free to use.But please do keep the credit intact.

11:18 by Amor jyoti · 1

How to Identify a fake facebook profile

Tweet

  Imagine something nice happens in your life.You are no more that lonely guy or girl.And it all starts from some social networking site say facebook.Out of nowhere some  God sent angel comes to your life and your life turns upside down.But life as we know it is not always that easy.Finally you came to know that the person was a fictional character and that person  never existed but its too late and you have shared some of your  darkest secrets or some information which that person  can use for his benefits or blackmail you.Or the person had sent you a trozan or key-logger in an email attachment   and without your knowing that  trozan got installed in  your system and now he  has got  all your passwords your credit card transaction details or may be he is getting your web-cam access. All these things might seem impossible to some but it happens and has ruined many peoples lives or have caused temporary troubles.People got robbed , got raped, lost their jobs.These are some of the scenarios that might happen to any random person who is too careless in choosing their online friend . Someone might invade your privacy.Social networking   has become an essential part of our lives and its good too.But to be safe in this cyber world we got to be more vigilant.

There are crooks, liars and scammers all around.In this post I will show you how to detect a fake facebook account and some tips for a safe journey in the information superhighway.

Identifying a fake facebook account

Analyse the  profile pictures and albums and info

Go through the persons photos.The first thing you need to analyze is the  profile photo.If the profile seem like that of some immensely attractive lady or man,you need to be alert.Next if the profile picture is that of some cartoon,film star ,celebraty it might not be a real one.Now go through the person’s another profile pictures in his or her albums and if you can find different photos or simply a few photos it’s a postive sign of a fake profile.Check if there are photos related to the persons life like family pics,office pics,with friends,or other such photos If you can’t find any such pictures then its most probably a fake profile.If the person's albums are filled with random pictures like flowers cars etc,It might be fake.  Look for tagged photos of the person.A real person will usually be tagged by his friends.It might also provide a clue.Usually some fakers donot neatly fills the info space,but many does.

Use GOOGLE  to check if a profile picture is fake!

Now here is a game changer.Google has introduced a cool new feature.Go to google image search.Drag any image and drop it in the search box and you will get results if that image exist anywhere or is linked in any website.Since most of these fackers uses pictures downloaded from various sites it is most probable that you will get your answer . Download the images of that person and drag it and drop it into the search box.The results might shock you.Even if the person has not enabled you to view photos since you have not accepted the friend request you can use screen shot tool  to  capture the Profile picture and search it in google.You can use a screen shot tool named greenshot,its easy to use.You can download greenshot from http://getgreenshot.org/.

Check  Out the wall

A  fake facebook profile owner will not have a uniform rate of posts on his wall .The person  will have lesser posts since he will have to maintain his original account too.Look carefully what content he posts.If it’s a fake profile you will find less posts related to personal life or work or other real life activities.There will be lesser interaction on his wall with friends, will comment less on others walls.There  might also  be  a lots of widgets that fills his walls with automated posts.They does this to make the page look more used.

Cyber Stalk that person

This might sound weird but it proves fruitful many a times in idetifying a fake profile. Try google and other search engines to search for that persons .You can try linkedin too.Try this if you know the person's e-mail id.There is a website called lullar www.lullar.com . It has various search options, I like the e-mail search option.Enter the e-mail id and you will get if the person is in any other social networking sites or have other online accounts with that e-mail id.

Some important points

An entire Album of some other person can be stolen.So You cannot always take it for granted that since there are many photos of the same person it is a genuine account.The person might already be friend with some your friends in facebook.These guys might be smarter than you assume. So use your common sense and don't go nuts even if it is too convincing.Do not click any links of apps posted by friends that claim to do more than expected.Always stay updated about the various viral images,spam status messages and hoax updates that keep spreading . Since for any cyber frauds the most vulnerable thing is the human element so choose your friends carefully and  share your updates and information cautiously.

Stay safe,Play Safe

12:07 by Sourav · 2

Facebook Ipad App Launched

Tweet

Finally after month of anticipation the Facebook Ipad App was launched. The following features  are available as of now 

1) Chat onboard
2) Full Screen Games
3) News Feed Notifications
4) Easy navigation
5) Bigger Better Photos and many more

15:57 by Chetan · 0

TOP ANDROID APPS IN THE MARKET NOW

Tweet

The google market is filled with a plethora of Apps . I have handpicked some of the most successful free Apps.Give them a try.

Lookout Mobile Security 

When it comes to mobile security Lookout is the no. 1 in the android market . The security widget scans blocks and removes malwares. You can schedule your scans and the database is very consistent which regularly updates automatically.You can make your phone ring, even if it is in a silent mode,and also you can locate via GPS from any browser if your phone is lost someday. You can also backup the data and restore them later. You can access all your backed up data from PC. The best use of this android app is its lightweight, Phone locator and backup options.

Astrid

Astrid also known as Android’s Simple Task Recording Dashboard.Astrid is a much loved and one of the most downloaded todo list/task manager with fully packed amazing features.Astrid makes it simple to organize your life within the phone. It integrates cleanly into the Android interface, and offers humanizing reminds (“Come on, let’s get this done.”) to help motivate you along on deadlines.It has been recognised as the no. 1 productivity application by Android Network Awards.

06:59 by Sourav · 1

INSTALLING APACHE SERVER AND PHP IN UBUNTU

Tweet

Hello friends I will be explaining how to install Apache server and Php in Ubuntu in simple way. We will be using the LAMP stack for the installation using the command line. You need not be worried it’s not as it seems and your development server should be working within minutes.

We will look into it in a step by step manner and also provide certain screen shots to help. The first requirement is a working version of Ubuntu Linux (and I assume u already have Ubuntu installed).Now we will go through the procedure.

1)      Open Terminal

2)      Type sudo apt-get install apache2 mysql-server php5 phpmyadmin

13:48 by Chetan · 2