Facebook announced ThreatExchange, an API-based platform for the exchange of attack and threat data.
Tag Archives: Facebook
How to stay safe on social media – 5 top tips
As social media becomes an increasingly large part of our everyday lives, It’s easy to forget the dangers hiding behind our feeds. So, remember these five top tips next time you login to Facebook and Twitter.
The post How to stay safe on social media – 5 top tips appeared first on We Live Security.
Security, Tech Communities Rally to Support GnuPG
The last year has seen a big swing in the support from the technology community for open-source security tools, many of which are maintained by tiny staffs or volunteers. OpenSSL last year received a large chunk of funding from the Core Infrastructure Initiative, and now it’s GnuPG’s turn. After a story on ProPublica Thursday publicized […]
Facebook turns 11 – what you need to know, and what do your likes say about you?
Facebook updated its privacy settings at the end of January. As Facebook turns 11 today, here’s what you need to know about the new settings and how they could affect you.
The post Facebook turns 11 – what you need to know, and what do your likes say about you? appeared first on We Live Security.
Be careful with Facebook! A researcher has hacked it using a Word document
Who hasn’t checked their Facebook page from work? In addition to a distraction, it has been proved that this practice is also a risk to the security of the company. A researcher has hacked the platform using a simple Microsoft Word text document.
Mohamed Ramadan is an Egyptian hacker who discovered a bug in Facebook last July that is very dangerous for user security but that had simply gone by unnoticed; it could be hacked with a simple Word document.
It was not discovered by chance; for some time, Ramadan had been looking for possible vulnerabilities to demonstrate his potential as an ethical hacker and he had already done so by finding bugs in the Facebook apps for Android, iOS and Windows. The time had come to go one better and try with the company’s websites and servers.
He knew that this was a significant challenge; not only is it one of the technologies that have implemented the most security measures, but for years many security experts have been reporting and patching new holes. The company had even claimed that all of the holes in its servers had been patched. But it was wrong.
After thoroughly researching the topic, the hacker discovered the website Careers at Facebook, where anyone can look for work in the company and upload their CV. So, he decided to give it a go. To start checking (and find out if the platform was secure), he tried uploading a file where CVs are usually uploaded and he noticed that only .pdf or .docx files were admitted.
Docx files are compressed files and the data they contain can be modified if they are decompressed. So Ramadan took a .docx file and decompressed it (using the 7-zip program) in order to access its code and modify it. More specifically, he changed a line of code to command this Word document to communicate with a twin file hosted on his computer wherever it was.
Despite his good idea, Ramadan was aware that it could fail. It was probable that even if the modified document were sent to the server, the file would not be able to communicate with the twin file on his computer.
So before uploading the modified Word document to the Facebook server, he checked if it were possible to get a result from uploading this document to any other server (more specifically, to one he programmed for the purpose). The result was as expected; a few minutes after performing the test, the external server that he had just created tried to communicate with his computer, so Facebook’s would too, and it did.
“I forced Facebook’s servers to connect to my computer using a simple Word document,” says Ramadan on his page.
With this trick Mohamed Ramadan was able to contact the data belonging to anyone who had uploaded their CV to the Facebook platform, and also their profiles on the social network and the computers that these people normally use.
Therefore, any company’s data could be compromised if its employees use Facebook at work from the company’s computers. In this case the page that had the problem was Careers at Facebook and fortunately, it was Ramadan who detected it. However, the vulnerability on this server could have affected many others, according to the expert.
Although the bug has been fixed – and Ramadan has collected a reward of $6300 – its existence shows that compromising Facebook accounts is easier than it seems.
The post Be careful with Facebook! A researcher has hacked it using a Word document appeared first on MediaCenter Panda Security.
Should Kids Be Using Facebook?
Kids can put a lot of pressure on parents to let them use Facebook. However there are several important things that parents should know before making a decision either way.
Did you know?
- Facebook has a minimum required age to create an account, and for good reason – children can be exposed to inappropriate content.
For example: Kids may have older Facebook friends or family (perhaps friends of their friends) that post content to their timeline that isn’t appropriate for them to see.
- Kids themselves may be unknowingly posting inappropriate content or giving away too much of their families private information.
- When a Facebook account is created for an underage child using a fake date of birth, this gives Facebook a false impression of the child’s real age. This can result in young children being incorrectly targeted by Facebook advertisers and exposed to inappropriate products and services.
- Kids could also lose all of their Facebook data at any time. Facebook has a whistleblower policy that allows anyone to nominate an account that they think is being used by someone under the required age. If that happens, the account will be shut down and become inaccessible.
So do you still think kids should be using Facebook?
Facebook porn scam infects 110k users in 48 hours
A new porn scam is spreading startlingly quickly through Facebook – one that has managed to spread malware to over 110,000 users in 48 hours, reports The Guardian.
The post Facebook porn scam infects 110k users in 48 hours appeared first on We Live Security.
Facebook, Instagram and Tinder hit by outages, but deny cyberattack
Social Media giants Facebook, Instagram and Tinder were hit by simultaneous outages on Tuesday, which led many to suspect a coordinated cyberattack, reports City AM.
The post Facebook, Instagram and Tinder hit by outages, but deny cyberattack appeared first on We Live Security.
Facebook will highlight hoaxes in users’ newsfeeds
Facebook has announced plans to crack down on spam and hoaxes in the newsfeed, with a note highlighting ‘false information’ when enough people flag the link as a hoax.
The post Facebook will highlight hoaxes in users’ newsfeeds appeared first on We Live Security.
Spammers Take A Liking to WhatsApp Mobile App
Researchers at AdaptiveMobile released a report demonstrating an increase in spam over the WhatsApp messaging app.