Jopa Posted March 1, 2013 Share Posted March 1, 2013 (edited) You probably assume hackers are using all sorts of devious viruses, obscure scripts, "exploits" (whatever that means, right?) and other complex means to break into accounts. But often the means of entry are stupid simple. Facebook has a huge one—and doesn't care about fixing it. There's a basic premise here that isn't a Facebook problem, but really an internet problem: it's super easy to reset someone's password. The web is an ornate, lumbering thing built on tiny little stilt legs, its foundation unfit for what came after it. It's complex stuff standing on simpler stuff. New on old. You don't need to be a hacker—you can just talk your way in: Step one: Say you've forgotten your password. Step two: Say you've forgotten your email address. Step three: Use a security question or customer service rep to change over to a new email address—one you control. Step four: Send a new password of your choosing to that new email address. Step five: Log in. Edited March 1, 2013 by Jopa Quote Link to comment Share on other sites More sharing options...
Jefke Posted March 1, 2013 Share Posted March 1, 2013 Well, that would be social engineering, isn't it. But it seems weird to me they would allow you to change the e-mail without knowing the password, that sounds retarded Quote Link to comment Share on other sites More sharing options...
rolf Posted March 1, 2013 Share Posted March 1, 2013 ^^ Technically that isn't social engineering. Social engineering is done on the victim (of whose account to hack) rather than abusing security policies. Quote Link to comment Share on other sites More sharing options...
Jefke Posted March 1, 2013 Share Posted March 1, 2013 Yeak, okay... But the technique is the same, you deceive the human in the chain (talking about contacting the customer support rep) Quote Link to comment Share on other sites More sharing options...
Gengis Posted March 1, 2013 Share Posted March 1, 2013 I call it phishing. (The act of attempting to acquire information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity. That technique is the one mostly used by hackers such as Anonymous. Gengis Quote Link to comment Share on other sites More sharing options...
Jefke Posted March 1, 2013 Share Posted March 1, 2013 I call it phishing. (The act of attempting to acquire information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity. That technique is the one mostly used by hackers such as Anonymous. Gengis phishing is a social engineering technique as far as I consider If only Anonymous was an actually group and not just a label... 1 Quote Link to comment Share on other sites More sharing options...
Chameleon Posted March 1, 2013 Share Posted March 1, 2013 phishing is a social engineering technique as far as I consider If only Anonymous was an actually group and not just a label... Well I think we all know there is a core group to Anonymous, I think the "Label" is something they hide behind personally hehe Quote Link to comment Share on other sites More sharing options...
Jefke Posted March 1, 2013 Share Posted March 1, 2013 (edited) Well I think we all know there is a core group to Anonymous, I think the "Label" is something they hide behind personally hehe Is there? I dunno, I guess there are coordinated hacker groups operating under the Anonymous label, but I don't think there is a core group controlling all the action by 'Anonymous' , because well they made that impossible by saying everybody (and nobody) is Anonymous => So I'm waiting until Anonymous decide to hack Anonymous, all the lolz when the general media gets confused BTW: did you know you used to get easy free stuff from microsoft and logitech? ^^ Friend of me enjoyed himself with it for a couple of months (I lacked the balls to try it ^^) Edited March 1, 2013 by DrJoske 1 Quote Link to comment Share on other sites More sharing options...
Administrators JoeDirt Posted March 1, 2013 Administrators Share Posted March 1, 2013 Sigh another copy/paste.... at least leave the link to the original site http://gizmodo.com/5986861/the-giant-security-hole-that-facebook-doesnt-care-about . 1 Quote Link to comment Share on other sites More sharing options...
Chameleon Posted March 1, 2013 Share Posted March 1, 2013 => So I'm waiting until Anonymous decide to hack Anonymous, all the lolz when the general media gets confused Hahahaha Quote Link to comment Share on other sites More sharing options...
Jopa Posted March 1, 2013 Author Share Posted March 1, 2013 Sigh another copy/paste.... at least leave the link to the original site http://gizmodo.com/5986861/the-giant-security-hole-that-facebook-doesnt-care-about . True, there are 20 sites that carry the these are, this is one of them which I thought was so important to most Quote Link to comment Share on other sites More sharing options...
Leader RedBaird Posted March 2, 2013 Leader Share Posted March 2, 2013 => So I'm waiting until Anonymous decide to hack Anonymous, all the lolz when the general media gets confused The News Media reported that Anonymous's twitter account was hacked: http://www.bbc.co.uk/news/technology-21532858 Some have speculated that some subset of Anonymous hacked another subset of same. Quote Link to comment Share on other sites More sharing options...
rajaah thunder Posted March 2, 2013 Share Posted March 2, 2013 The News Media reported that Anonymous's twitter account was hacked: http://www.bbc.co.uk/news/technology-21532858 Some have speculated that some subset of Anonymous hacked another subset of same. seems they are gonna say "sorry for party rocking " to each other. Quote Link to comment Share on other sites More sharing options...
slenderman Posted March 3, 2013 Share Posted March 3, 2013 Isn't the article technically a tutorial on how to hack someone's facebook? 1 Quote Link to comment Share on other sites More sharing options...
Gengis Posted March 3, 2013 Share Posted March 3, 2013 Phishing is not social engineering. With social engineering you manipulate people so they will be performing actions of divulging confidential information to you. Phishing is more like a troyan horse (but it is not). It is used so you will penetrate yourself in the system to obtain the information you wish. This technique was used for all the recent known major hacking attacks ( New York Times, Twitter, etc.) Gengis Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.