Jump to content

The Giant Security Hole That Facebook Doesn’t Care About

Jopa

By Jopa
in Report News

 Share

Recommended Posts

Jopa Newbie

Jopa

Posted
Posted (edited)

You probably assume hackers are using all sorts of devious viruses, obscure scripts, "exploits" (whatever that means, right?) and other complex means to break into accounts. But often the means of entry are stupid simple. Facebook has a huge one—and doesn't care about fixing it.

 

There's a basic premise here that isn't a Facebook problem, but really an internet problem: it's super easy to reset someone's password. The web is an ornate, lumbering thing built on tiny little stilt legs, its foundation unfit for what came after it. It's complex stuff standing on simpler stuff. New on old.

 

You don't need to be a hacker—you can just talk your way in:

  • Step one: Say you've forgotten your password.
  • Step two: Say you've forgotten your email address.
  • Step three: Use a security question or customer service rep to change over to a new email address—one you control.
  • Step four: Send a new password of your choosing to that new email address.
  • Step five: Log in.
Edited by Jopa
Link to comment
Share on other sites
Jefke Newbie

Jefke

Posted
Posted

Well, that would be social engineering, isn't it.

But it seems weird to me they would allow you to change the e-mail without knowing the password, that sounds retarded :P

Link to comment
Share on other sites
rolf Newbie

rolf

Posted
Posted

^^ Technically that isn't social engineering. Social engineering is done on the victim (of whose account to hack) rather than abusing security policies.

Link to comment
Share on other sites
Jefke Newbie

Jefke

Posted
Posted

Yeak, okay...

 

But the technique is the same, you deceive the human in the chain (talking about contacting the customer support rep)

Link to comment
Share on other sites
Gengis Experienced

Gengis

Posted
Posted

I call it phishing. (The act of attempting to acquire information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity. That technique is the one mostly used by hackers such as Anonymous.

 

Gengis

Link to comment
Share on other sites
Jefke Newbie

Jefke

Posted
Posted

I call it phishing. (The act of attempting to acquire information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity. That technique is the one mostly used by hackers such as Anonymous.

 

Gengis

phishing is a social engineering technique as far as I consider

 

If only Anonymous was an actually group and not just a label...

  • Like 1
Link to comment
Share on other sites
Chameleon Newbie

Chameleon

Posted
Posted

phishing is a social engineering technique as far as I consider

 

If only Anonymous was an actually group and not just a label...

 

 

 

  Well I think we all know there is a core group to Anonymous, I think the "Label" is something they hide behind personally hehe 

 

Link to comment
Share on other sites
Jefke Newbie

Jefke

Posted
Posted (edited)

  Well I think we all know there is a core group to Anonymous, I think the "Label" is something they hide behind personally hehe 

 

 

Is there? I dunno, I guess there are coordinated hacker groups operating under the Anonymous label, but I don't think there is a core group controlling all the action by 'Anonymous' , because well they made that impossible by saying everybody (and nobody) is Anonymous

 

=> So I'm waiting until Anonymous decide to hack Anonymous, all the lolz when the general media gets confused :P

 

 

BTW: did you know you used to get easy free stuff from microsoft and logitech? ^^ Friend of me enjoyed himself with it for  a couple of months (I lacked the balls to try it ^^)

Edited by DrJoske
  • Like 1
Link to comment
Share on other sites
Chameleon Newbie

Chameleon

Posted
Posted

=> So I'm waiting until Anonymous decide to hack Anonymous, all the lolz when the general media gets confused :P

 

Hahahaha :D

Link to comment
Share on other sites
  • Leader
RedBaird Grand Master

RedBaird

Posted
  • Leader
Posted

=> So I'm waiting until Anonymous decide to hack Anonymous, all the lolz when the general media gets confused :P

The News Media reported that Anonymous's twitter account was hacked: http://www.bbc.co.uk/news/technology-21532858

Some have speculated that some subset of Anonymous hacked another subset of same.

Link to comment
Share on other sites
rajaah thunder Newbie

rajaah thunder

Posted
Posted

The News Media reported that Anonymous's twitter account was hacked: http://www.bbc.co.uk/news/technology-21532858

Some have speculated that some subset of Anonymous hacked another subset of same.

:P seems they are gonna say "sorry for party rocking " to each other.

Link to comment
Share on other sites
Gengis Experienced

Gengis

Posted
Posted

Phishing is not social engineering.

 

With social engineering you manipulate people so they will be performing actions of divulging confidential information to you.

 

Phishing is more like a troyan horse (but it is not). It is used so you will penetrate yourself in the system to obtain the information you wish. This technique was used for all the recent known major hacking attacks ( New York Times, Twitter, etc.)

 

Gengis

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

About Us

We are glad you decided to stop by our website and servers. At Fearless Assassins Gaming Community (=F|A=) we strive to bring you the best gaming experience possible. With helpful admins, custom maps and good server regulars your gaming experience should be grand! We love to have fun by playing online games especially W:ET, Call of Duty Series, Counter Strike: Series, Minecraft, Insurgency, DOI, Sandstorm, RUST, Team Fortress Series & Battlefield Series and if you like to do same then join us! Here, you can make worldwide friends while enjoying the game. Anyone from any race and country speaking any language can join our Discord and gaming servers. We have clan members from US, Canada, Europe, Sri Lanka, India, Japan, Australia, Brazil, UK, Austria, Poland, Finland, Turkey, Russia, Germany and many other countries. It doesn't matter how much good you are in the game or how much good English you speak. We believe in making new friends from all over the world. If you want to have fun and want to make new friends join up our gaming servers and our VoIP servers any day and at any time. At =F|A= we are all players first and then admins when someone needs our help or support on server.

Player Gaming Stats for =F|A= Servers.

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept