lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <CADa+gL4A6ir3uYyMa_+eTNUBk59a1zukPXERgh5GgSLCqdqvWQ@mail.gmail.com>
Date: Mon, 31 Oct 2011 16:43:47 +0530
From: Mohit Kumar <thehackernews@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Facebook "Trusted friends" Security Feature
	Easily Exploitable

Last week Facebook announced that in one day 600,000 accounts possibly get
hacked. Another possible solution for Facebook to combat security issues is
to find 3 to 5 "*Trusted friends*". Facebook will be adding two new
security features that will allow users to regain control of their account
if it gets hijacked.

In Facebook's case, the keys are codes, and the user can choose from three
to five "*Trusted friends*" who are then provided with a code. If you ever
get locked out of your account (and you can't access your email to follow
the link after resetting your Facebook password), you gather all the codes
and use them to gain access to it again. Yet This method is used by hackers
to hack most of the Facebook account using little bit of Social Engineering
from last 5-6 Months according to me. Let us know, how this works...

*How its Exploitable:*
*This Exploit is 90% Successful on the victims who add friends without
knowing them or just for increasing the number of Friends. *This method to
hack a Facebook Account only works if 3 trusted friends agree to give you
the security code ! Another Idea, Why not Create 3 fake accounts and send
Friend Request to Victim. Once your 3 Fake Accounts become friends with
your victims facebook account, you can select those 3 Accounts to get the
Security Code and Reset the password of Victim. Here a
Complete Demonstration of Hacking Method on
HackersOnlineClub<http://www.hackersonlineclub.com/hack-facebook-account>
.

*Other Serious Facebook Vulnerability in Last Week*
Last Week *Nathan Power* from SecurityPentest has discovered new Facebook
Vulnerability<http://thehackernews.com/2011/10/facebook-exe-attachment-vulnerability.html>,
that can easily attach EXE files in messages,cause possible User
Credentials to be Compromised . Not even Account Security, Also there are
lots of Privacy Issues in Facebook,like *Nelson Novaes Neto*, a Brazilian
(independent) Security and Behavior Research have analyze a privacy issue
in Facebook Ticker<http://thehackernews.com/2011/10/how-facebook-ticker-exposing-your.html>that
allows any person chasing you without your knowledge or consent .  *Facebook
should takes these privacy issues & security holes very seriously.*
*
*
Read More at  : The Hacker News ~
http://thehackernews.com/2011/10/facebook-trusted-friends-security.html

-- 
*Regards,*
*Owner,*
*The Hacker News <http://www.thehackernews.com/>*
*Truth is the most Powerful weapon against Injustice.*

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ