Bidvert-advert

Stay Update - ICT Security

Enter your email address:

We hate spam as much as you do and we will never sell, barter, or rent your email address to any unauthorized third party.

Most Frequently Used Software


CURL / XPertMailer / AutoBlogger / (Parser - PHP Simple HTML DOM)

domenica 15 aprile 2012

Facebook features a trove\' of personally identifiable information

Facebook incorporates a "treasure trove" of personally identifiable information that hackers be capable to get their hands on.

A report by Imperva revealed that users' "general personal information" can often include a date of birth, home address and occasionally mother's maiden name, allowing hackers to access this and other websites and applications and create targeted spearphishing campaigns.

It detailed an idea I call "friend-mapping", where an attacker can get further knowledge of a user's circle of friends; having accessed their account and posing as a trusted friend, they are able to cause mayhem. This may include requesting the transfer of funds and extortion.

Asked why Facebook is so important to hackers, Imperva senior security strategist Noa Bar-Yosef said: “People also add work friends on Facebook so a team leader may well be identified and this may bring about corporate data being accessed, project work being discussed openly, while geo-location data may be detailed for military intelligence."

“Hacktivism made up 58 per cent of attacks within the Verizon Data Breach Intelligence Report, and they're going after information on Facebook which might be used to humiliate an individual. All kinds of attackers have their very own techniques.”

On how attackers get a password inside the first place, Imperva claimed that different keyloggers are used, while phishing kits that create a pretend Facebook login page had been seen, and a more primitive method is a brute force attack, where the attacker repeatedly attempts to guess the user's password.

In more extreme cases, a Facebook administrator's rights might be accessed. Even though it said that this requires more effort at the hacker side and isn't as prevalent, it's the “holy grail” of attacks because it provides the hacker with data on all users.

On protection, Bar-Yosef said the roll-out of SSL around the whole website, instead of just on the login page, was effective, but users still had to opt into this.



Pubblicato da alle 02:02

Nessun commento:

Posta un commento

Comments links could be nofollow free

Iscriviti a: Commenti sul post (Atom)