Subscribe to my RSS
Breaking News »
Latest Hacking News »
Enable java script to enjoy the advance design
17 June 2013
Facebook Spam: "She went inclusively nuts and lost all control of the razor-sharp axe"
A new spam that preys on people's curiosity is circulating in Facebook. Today, E Hacking News has come across a new spam campaign. The spam post has a picture of women that looks like a video.
"she went inclusively nuts and lost all control of the razor-sharp axe Well, Watch what happened..in..this..video:_:: [Tiny_URL]" The spam post reads.
Facebook spam post
Following the link provided in the post takes the users to a page where it says "She did this at the tender of age 15" and the site displays an image mimicking an embedded video player.
After clicking the image, i am really inspired by the clever work done by the CyberCriminals. When a user click the image, it asks users to press three shortcuts one by one - Ctrl+L, Ctrl + C, Ctrl +W .
I know what the last two shortcuts do but not sure about the first one. I've managed to find the usage of the Ctrl+L shortcut in browsers. It is being used for selecting the URL.
So the shortcuts are for selecting©ing the url and closing the windows. But wait a second, i failed to notice one thing. When i clicked the image , the page opens a new window.
Small window -1
Small window -2
Interestingly, the new window is so small and not visible. So pressing the shortcut keys copies the URL of the new-window and closes the window. The URL contains the victim's authentication token.
A victims who fail to notice the window and follow the instructions soon find them-self victim to the Facebook spam post. The spam will be posted in the victims' wall using the hijacked authentication token.
Monday, June 17, 2013
IT Security News
DEFCON Bangalore 2013 - Call For Papers
E Hacking News is glad to announce the Defcon Bangalore 2013 - The place where the top Indian Security researchers present their research on Information Security.
Defcon Bangalore is a part of Defcon Community Groups with a registered ID- DC9180. The team is supported by Cyber Security and Privacy Foundation, and provides a platform for talents in the Indian hacking community to showcase their research to a wider audience.The core team of defcon bangalore comprises of Mr. Karthik, Mr. HariKrishnan and Mr. J Prasanna( Founder, Cyber Security & Privacy foundation)
Submit Your research papers:
The call for paper has been opened. Security researchers are invited to submit their research paper. Submit your papers at firstname.lastname@example.org. The call for paper will close on 25th July 2013.
This year 2013, the DEFCON Bangalore team has initiated free training sessions for the attendees as a part of the meet! The charges incurred by the attendees are under 20 USD per head, this is collected in order to pay for the space occupancy at a 5 star Botique Hotel for the entire day - including snacks, high tea and Lunch. Apart from this no other charges are collected from the attendees.
Monday, June 17, 2013
DEF CON Bangalore
IT security conference
14 June 2013
Mumbai Police salary accounts hacked, Money withdrawn in Greece
Cybercriminals have reportedly targeted the Salary accounts of Mumbai Police and managed to withdraw money from their account.
According to NDTV
, cybercriminals have managed to withdraw money from Axis bank accounts of at least 14 Policemen from ATMs in Greece.
It appears hackers in Greece have done this heist by cloning ATM cards of Policemen in Mumbai.
At this time, there is no further information about how much money has been withdrawn and how many policemen have been affected by this heist.
The Mumbai police has formed a team to investigate the hack and bank has been asked to investigate.
Friday, June 14, 2013
Cyber Crime Report
Researcher found a way to Hack Facebook accounts with the help of Quora
An Indian Security researcher Prakhar Prasad has found a way to hack the facebook accounts by exploiting an open redirection flaw in Quora - one of the famous Question&Answer website.
Quora allows users to be signed up through facebook account. While signing up for the quora, researcher noticed quora.com was permitted to receive access token from facebook oAuth.
Prasad has managed to steal the access token from the quora website by exploiting an open-redirect security flaw in the quora.com
POC provided by the researcher:
"Facebook OAuth authorization URL requests token permission from the user, but as user will have Quora App installed, it will redirect to value specified in next parameter of OAuth authorization URL with a valid access_token" researcher said in his blog.
In this case , the next parameter's value is "https://www.quora.com/contacts/skip?goto=http://poc.prakharprasad.com/quora". So the request will redirect user to the above URL with access token which further redirects to the prasad's page(exploiting open-redirect flaw). The page created by prasad successfully captures the access token and direct users to the facebook.com
Unwitting users who follow the POC link soon find themself victim to the facebook account hack.
Complete technical details can be found in
his personal blog
You can also check out the video demo here:
Quora patched the security flaw few days after the Prasad reported the bug.
Friday, June 14, 2013
Open Redirect vulnerability
Become a Fan
Cyber Security and Privacy Foundation:
EHacking news is funded by Cyber Security and Privacy Foundation.
Get Latest news at Your Email
Enter Your Email:
Add me in Google +
Subscribe to our RSS Feeds!
Follow Us on Twitter!
Media Support To:
COPYRIGHT 2012 by