Recent facebook attacks and how to protect yourself

These days  there has been a significant increase of explicit material of violent and porn nature being posted on users walls or through messages. Though facebook is constantly under such attacks and have been handling those threats aptly the last week was a good one for the spammers and scammers.

Most of the users have gone through such posts : Check out the spider under this girl's skin! You won't believe what this dad found on his daughter's computer! . I bet you can't watch this video for more than 15 seconds! And the list goes on.

Most of these attacks uses a  technique called click jacking. The fake links looks like regular Facebook posts, often posted from friends we would normally trust to only post good links. On clicking these links a JavaScript command is executed, that causes a user's computer to perform a program that spreads the link even farther .The posts are designed to be interesting and to flare up the curiosity within us.

But this might not end only with spreading.T hey often come armed with malware, which is dropped on the user's computer when clicked. Malware can perform malicious functions on our computers like stealing our passwords and personal information or even more.

Protecting yourself

Though Facebook declared that it has quarantined the malicious accounts and pages behind the attack, but it also offered some simple tips to help users safeguard themselves in the future. Facebook says:

·         Don’t ever copy and paste code into your browser’s address bar unless you’re confident the source is legit.

·         Make sure your browser is up to date.

·         Report anything weird that you see on Facebook using the “report” links throughout the social network.

·         Don’t click any links that look too good to believe or claims weird things.

If you suspect that malware has already gotten a hold of your Facebook account, or if you're seeing unwanted spam, there are three simple steps to attempt to make your account secure again.

Change your password. This can be done by visiting your account settings. Be sure to use a strong password with a mix of numbers, symbols, capital and lowercase letters and no dictionary words if possible.

• While you're in your settings, remove any unwanted Facebook apps. This could be the culprit, or the malware could have installed an app without your knowledge.
• Run a virus and malware scan on your entire system with updated antivirus.

A little caution on the users part will keep such attacks at bay since most of the attacks have used  user affinity to interesting stuffs . Stay informed about the latest spams and attacks and donot share anything just because it looks quite obvious.Stay informed stay  secure.

11:58 by Sourav · 0

Top It security Tools For web developers to Make their websites and web applications secure

Most attacks on a web-site or web application can be prevented by exercising some caution by the web developer during and after application development. Study reveals that 70% of web sites have vulnerabilities that can lead to theft of valuable data or defacement. Some of  the threats an web application might have are  1)Cross site scripting 2)Sql Injection 3)Command injection  4) Cookie Poisoning  5)Directory traversal or forceful browsing  6)Authentication Hijacking  7)Zero Day attack  8)Platform Exploit 9) Log tampering  ,etc. But most of these attacks can be prevented by some countermeasures. Now in this post I will be discussing how to detect the common web vulnerabilities of your website after you have developed it using some easy to use tools. Knowing these vulnerabilities will make you able know to more about their remedies.

1)Acunentix Web Vulnerability Scanner

Acunetix web vulnerability scanner is a tool designed to discover security holes in your web applications.It looks for multiple vulnerabilities including SQL injection, cross site scripting, and weak passwords.The application can be used to perform scanning for web and application vulnerabilities and to perform penetration testing against the identified issues. Mitigation suggestions are then provided for each weakness and can be used to increase the security of the web server or application being tested. It is easy to use and a free edition is also available.

Download link  http://www.acunetix.com/

 

2) AppScan 

AppScan provides security testing throughout the application development lifecycle, easing unit testing and security assurance early in the development phase. Appscan scans for many common vulnerabilities, such as cross site scripting, HTTP response splitting, parameter tampering, hidden field manipulation, backdoors/debug options, buffer overflows and more. AppScan was merged into IBM's Rational division after IBM purchased its original developer (Watchfire) in 2007

Download link http://www.ibm.com/developerworks/downloads/r/appscan/

  

3) DirBuster 

DirBuster searches for hidden pages and directories on a web server. Sometimes developersl leaves a page accessible, but unlinked; DirBuster is meant to find these potential vulnerabilities.This is a Java application developed by OWASP.

Downlink https://www.owasp.org/index.php/Category:OWASP_DirBuster_Project#tab=Download

4) CookieDigger

CookieDigger helps identify weak cookie generation and insecure implementations of session management by web applications. The tool works by collecting and analyzing cookies issued by a web application for multiple users. The tool reports on the predictability and entropy of the cookie and whether critical information, such as user name and password, are included in the cookie values.     

Download link http://www.mcafee.com/apps/free-tools/termsofuse.aspx?url=/us/downloads/free-tools/cookiedigger.aspx

5) dotDefender

dotDefender is a web application security solution (a Web Application Firewall, or WAF) that offers strong, proactive security for your websites and web applications. It blocks attacks that are manifested with HTTP request logic such as sql injectin,proxy takeover,header tampering etc and other known attacks.

By- Sourav

02:42 by Chetan · 1

C program for converting a 4 digit decimal number to words.

From today we will start posting various programs and codes.These are developed by the authors and is free to use.But please do keep the credit intact.

11:18 by Amor jyoti · 1

How to Identify a fake facebook profile

  Imagine something nice happens in your life.You are no more that lonely guy or girl.And it all starts from some social networking site say facebook.Out of nowhere some  God sent angel comes to your life and your life turns upside down.But life as we know it is not always that easy.Finally you came to know that the person was a fictional character and that person  never existed but its too late and you have shared some of your  darkest secrets or some information which that person  can use for his benefits or blackmail you.Or the person had sent you a trozan or key-logger in an email attachment   and without your knowing that  trozan got installed in  your system and now he  has got  all your passwords your credit card transaction details or may be he is getting your web-cam access. All these things might seem impossible to some but it happens and has ruined many peoples lives or have caused temporary troubles.People got robbed , got raped, lost their jobs.These are some of the scenarios that might happen to any random person who is too careless in choosing their online friend . Someone might invade your privacy.Social networking   has become an essential part of our lives and its good too.But to be safe in this cyber world we got to be more vigilant.

There are crooks, liars and scammers all around.In this post I will show you how to detect a fake facebook account and some tips for a safe journey in the information superhighway.

Identifying a fake facebook account

Analyse the  profile pictures and albums and info

Go through the persons photos.The first thing you need to analyze is the  profile photo.If the profile seem like that of some immensely attractive lady or man,you need to be alert.Next if the profile picture is that of some cartoon,film star ,celebraty it might not be a real one.Now go through the person’s another profile pictures in his or her albums and if you can find different photos or simply a few photos it’s a postive sign of a fake profile.Check if there are photos related to the persons life like family pics,office pics,with friends,or other such photos If you can’t find any such pictures then its most probably a fake profile.If the person's albums are filled with random pictures like flowers cars etc,It might be fake.  Look for tagged photos of the person.A real person will usually be tagged by his friends.It might also provide a clue.Usually some fakers donot neatly fills the info space,but many does.

Use GOOGLE  to check if a profile picture is fake!

Now here is a game changer.Google has introduced a cool new feature.Go to google image search.Drag any image and drop it in the search box and you will get results if that image exist anywhere or is linked in any website.Since most of these fackers uses pictures downloaded from various sites it is most probable that you will get your answer . Download the images of that person and drag it and drop it into the search box.The results might shock you.Even if the person has not enabled you to view photos since you have not accepted the friend request you can use screen shot tool  to  capture the Profile picture and search it in google.You can use a screen shot tool named greenshot,its easy to use.You can download greenshot from http://getgreenshot.org/.

Check  Out the wall

A  fake facebook profile owner will not have a uniform rate of posts on his wall .The person  will have lesser posts since he will have to maintain his original account too.Look carefully what content he posts.If it’s a fake profile you will find less posts related to personal life or work or other real life activities.There will be lesser interaction on his wall with friends, will comment less on others walls.There  might also  be  a lots of widgets that fills his walls with automated posts.They does this to make the page look more used.

Cyber Stalk that person

This might sound weird but it proves fruitful many a times in idetifying a fake profile. Try google and other search engines to search for that persons .You can try linkedin too.Try this if you know the person's e-mail id.There is a website called lullar www.lullar.com . It has various search options, I like the e-mail search option.Enter the e-mail id and you will get if the person is in any other social networking sites or have other online accounts with that e-mail id.

Some important points

An entire Album of some other person can be stolen.So You cannot always take it for granted that since there are many photos of the same person it is a genuine account.The person might already be friend with some your friends in facebook.These guys might be smarter than you assume. So use your common sense and don't go nuts even if it is too convincing.Do not click any links of apps posted by friends that claim to do more than expected.Always stay updated about the various viral images,spam status messages and hoax updates that keep spreading . Since for any cyber frauds the most vulnerable thing is the human element so choose your friends carefully and  share your updates and information cautiously.

Stay safe,Play Safe

12:07 by Sourav · 2

Facebook Ipad App Launched

Finally after month of anticipation the Facebook Ipad App was launched. The following features  are available as of now 

1) Chat onboard
2) Full Screen Games
3) News Feed Notifications
4) Easy navigation
5) Bigger Better Photos and many more

15:57 by Chetan · 0

TOP ANDROID APPS IN THE MARKET NOW

The google market is filled with a plethora of Apps . I have handpicked some of the most successful free Apps.Give them a try.

Lookout Mobile Security 

When it comes to mobile security Lookout is the no. 1 in the android market . The security widget scans blocks and removes malwares. You can schedule your scans and the database is very consistent which regularly updates automatically.You can make your phone ring, even if it is in a silent mode,and also you can locate via GPS from any browser if your phone is lost someday. You can also backup the data and restore them later. You can access all your backed up data from PC. The best use of this android app is its lightweight, Phone locator and backup options.

Astrid

Astrid also known as Android’s Simple Task Recording Dashboard.Astrid is a much loved and one of the most downloaded todo list/task manager with fully packed amazing features.Astrid makes it simple to organize your life within the phone. It integrates cleanly into the Android interface, and offers humanizing reminds (“Come on, let’s get this done.”) to help motivate you along on deadlines.It has been recognised as the no. 1 productivity application by Android Network Awards.

06:59 by Sourav · 1

INSTALLING APACHE SERVER AND PHP IN UBUNTU

Hello friends I will be explaining how to install Apache server and Php in Ubuntu in simple way. We will be using the LAMP stack for the installation using the command line. You need not be worried it’s not as it seems and your development server should be working within minutes.

We will look into it in a step by step manner and also provide certain screen shots to help. The first requirement is a working version of Ubuntu Linux (and I assume u already have Ubuntu installed).Now we will go through the procedure.

1)      Open Terminal

2)      Type sudo apt-get install apache2 mysql-server php5 phpmyadmin

13:48 by Chetan · 2

LINUX- AN INTRODUCTION TO THE VARIOUS FLAVOURS Part-2

PART 2 will focus in the versions suitable for advanced user

In the 1st part of the post I made an introduction with LINUX for beginners as well as distros suitable for new user and as well as those which can be used in everyday life as easily as Windows as well as other consumer operating systems. This time we will focus more on the advanced versions of LINUX suitably for geeks, programmers as well as for hackers. I will start with Slackware which is my favourite and use it every day.

1)   SLACKWARE

Well the golden words here would be it’s the most UNIX like distribution ever, and one of the earliest LINUX distributions to be built upon the LINUX Kernel. The Official Release of Slackware Linux was by Patrick Volkerding. And saw its 1^st beta release in April  1993. Slackware is a programmer’s heaven; it includes almost all compilers and development environment we could wish for. Say it C, C++ and java, pearl. It also includes networking utilities, Web server and almost everything you will ever need straigt out of the box. Slackware gives us the option of many desktop environments as well as a stripped down version for implementation as a server.

"THIS IS THE DISTRIBUTION FOR PROGRAMMERS BY PROGRAMMER"

More information and reference for advanced operations can be found in this free pdf link

ftp://ftp.slackbook.org/pub/slackbook/slackbook-2.0.pdf

Download SLACKWARE here http://www.slackware.com/getslack/

19:34 by Chetan · 0

A FORMAL INTRODUCTION WITH REVERSE ENGINEERING

 

When I was a kid I had the habit of or say the passion of opening up machines and looking inside with deep enthusiasm the parts and particles inside. Even the battery used in torchlight couldn’t escape. And in this process many a times I ended with mending some of my toy cars and breaking down our old radio, VCR several watches and many and took some really memorable electric jolts. So before becoming nostalgic let me come to the topic and here we go.. 

What is reverse Engineering?
Often stated in EULAs (End User Licence Agreement) as being forbidden, however it is rarely ever “defined” Reverse engineering is the process of extracting the knowledge or design blueprints from anything man-made or sometimes natural. The concept of reversing has been around since long before computers or modern technology, and probably dates back to the days of the industrial revolution or may be even before.

Like software engineering, software reverse engineering is a purely virtual process, involving only a CPU, and human intelligence. Reverse Engineering understands how a proprietary piece of software works. Software reverse engineering integrates several arts: code breaking, puzzle solving, programming, and logical analysis. All this stuff makes reversing quite interesting. Try and you will realize.

Uses

Generally, there are two categories of reverse engineering applications: security-related(both good and bad) and software development–related.

15:19 by Sourav · 0

LINUX- AN INTRODUCTION TO THE VARIOUS FLAVOURS Part-1

PART 1 will focus in the versions suitable for new user and absolute beginner in Linux

LINUX is probably the most heard word in the present computing world. LINUX and the Free and open source (FOSS) practically took the world by storm. LINUX is a modular UNIX-like operating and derives much of its basic from UNIX and due to this it was the Operating System of choice for servers thanks to its remarkable stability. But now LINUX has grown out of the servers and into the desktop world for everyday use providing an easy to use graphical user interface and MS compatible office applications like word processors, spreadsheets, presentations, and multimedia experience.

The penguin (TUX) has also invaded the mobile devices and all is for the great future!!

Today we are going to look in some of the most important flavours of LINUX suitable for everyday use as well as some of the favourites of the geeks.

      

     1) UBUNTU

An extremely great distro is Debian based and runs with the GNOME user interface. If you are new to LINUX or planning to switch from Windows Os or may be just want to try (Its free after all) this is for you. You get all the essential software from media players to office applications out of box and the software centre provide you thousands of free software if you want to get creative. Low system requirements, support graphics cards and as stable as a rock.

 

The latest version is 10.10. UBUNTU has also released a special version for Netbook version

  
 Download UBUNTU here http://www.ubuntu.com/desktop/get-ubuntu/download

14:45 by Chetan · 0