Recent facebook attacks and how to protect yourself

These days  there has been a significant increase of explicit material of violent and porn nature being posted on users walls or through messages. Though facebook is constantly under such attacks and have been handling those threats aptly the last week was a good one for the spammers and scammers.

Most of the users have gone through such posts : Check out the spider under this girl's skin! You won't believe what this dad found on his daughter's computer! . I bet you can't watch this video for more than 15 seconds! And the list goes on.

Most of these attacks uses a  technique called click jacking. The fake links looks like regular Facebook posts, often posted from friends we would normally trust to only post good links. On clicking these links a JavaScript command is executed, that causes a user's computer to perform a program that spreads the link even farther .The posts are designed to be interesting and to flare up the curiosity within us.

But this might not end only with spreading.T hey often come armed with malware, which is dropped on the user's computer when clicked. Malware can perform malicious functions on our computers like stealing our passwords and personal information or even more.

Protecting yourself

Though Facebook declared that it has quarantined the malicious accounts and pages behind the attack, but it also offered some simple tips to help users safeguard themselves in the future. Facebook says:

·         Don’t ever copy and paste code into your browser’s address bar unless you’re confident the source is legit.

·         Make sure your browser is up to date.

·         Report anything weird that you see on Facebook using the “report” links throughout the social network.

·         Don’t click any links that look too good to believe or claims weird things.

If you suspect that malware has already gotten a hold of your Facebook account, or if you're seeing unwanted spam, there are three simple steps to attempt to make your account secure again.

Change your password. This can be done by visiting your account settings. Be sure to use a strong password with a mix of numbers, symbols, capital and lowercase letters and no dictionary words if possible.

• While you're in your settings, remove any unwanted Facebook apps. This could be the culprit, or the malware could have installed an app without your knowledge.
• Run a virus and malware scan on your entire system with updated antivirus.

A little caution on the users part will keep such attacks at bay since most of the attacks have used  user affinity to interesting stuffs . Stay informed about the latest spams and attacks and donot share anything just because it looks quite obvious.Stay informed stay  secure.

11:58 by Sourav · 0

Top It security Tools For web developers to Make their websites and web applications secure

Most attacks on a web-site or web application can be prevented by exercising some caution by the web developer during and after application development. Study reveals that 70% of web sites have vulnerabilities that can lead to theft of valuable data or defacement. Some of  the threats an web application might have are  1)Cross site scripting 2)Sql Injection 3)Command injection  4) Cookie Poisoning  5)Directory traversal or forceful browsing  6)Authentication Hijacking  7)Zero Day attack  8)Platform Exploit 9) Log tampering  ,etc. But most of these attacks can be prevented by some countermeasures. Now in this post I will be discussing how to detect the common web vulnerabilities of your website after you have developed it using some easy to use tools. Knowing these vulnerabilities will make you able know to more about their remedies.

1)Acunentix Web Vulnerability Scanner

Acunetix web vulnerability scanner is a tool designed to discover security holes in your web applications.It looks for multiple vulnerabilities including SQL injection, cross site scripting, and weak passwords.The application can be used to perform scanning for web and application vulnerabilities and to perform penetration testing against the identified issues. Mitigation suggestions are then provided for each weakness and can be used to increase the security of the web server or application being tested. It is easy to use and a free edition is also available.

Download link  http://www.acunetix.com/

 

2) AppScan 

AppScan provides security testing throughout the application development lifecycle, easing unit testing and security assurance early in the development phase. Appscan scans for many common vulnerabilities, such as cross site scripting, HTTP response splitting, parameter tampering, hidden field manipulation, backdoors/debug options, buffer overflows and more. AppScan was merged into IBM's Rational division after IBM purchased its original developer (Watchfire) in 2007

Download link http://www.ibm.com/developerworks/downloads/r/appscan/

  

3) DirBuster 

DirBuster searches for hidden pages and directories on a web server. Sometimes developersl leaves a page accessible, but unlinked; DirBuster is meant to find these potential vulnerabilities.This is a Java application developed by OWASP.

Downlink https://www.owasp.org/index.php/Category:OWASP_DirBuster_Project#tab=Download

4) CookieDigger

CookieDigger helps identify weak cookie generation and insecure implementations of session management by web applications. The tool works by collecting and analyzing cookies issued by a web application for multiple users. The tool reports on the predictability and entropy of the cookie and whether critical information, such as user name and password, are included in the cookie values.     

Download link http://www.mcafee.com/apps/free-tools/termsofuse.aspx?url=/us/downloads/free-tools/cookiedigger.aspx

5) dotDefender

dotDefender is a web application security solution (a Web Application Firewall, or WAF) that offers strong, proactive security for your websites and web applications. It blocks attacks that are manifested with HTTP request logic such as sql injectin,proxy takeover,header tampering etc and other known attacks.

By- Sourav

02:42 by Chetan · 1