Friday, 22 February 2013

How researcher Hacked Facebook OAuth To Get Full Permission On Any Facebook Account


A Security Researcher Nir Goldshlager, has discovered a security flaw in Facebook that allowed him to take a full control over any Facebook account.

OAuth is used by Facebook to communicate between Applications and Facebook users, Usally users must allow/accept the application request to access their account before the communication can start. Facebook application might ask for different permissions.

According to researcher, the vulnerability gives a full permissions (read inbox, outbox, manage pages, manage ads, read private photos, videos,etc..) over the victim account .

"To make a successful attack, the victim need to use a Facebook application (Texas Holdem Poker, Diamond Dash, etc..). And these applications only have a basic permissions, We can always change the scope of the application permission and set a new permission but this method not powerfull, Because the victim need to accept the new permissions of the app" Researcher said in his blog.

But researcher discovered that there are built-in Applications(Facebook Messenger) in Facebook that users never need to accept , And this application have a full control on your account.

How to secure your Wi-Fi connection? Guide to securing your wireless Network

1. Install a Firewall A firewall helps protect your PC by preventing unauthorized users from gaining access to your computer through the Internet or a network. It acts as a barrier that checks any information coming from the Internet or a network, and then either blocks the information or allows it to pass through to your computer.

2. Change the Administrative Password on your Wireless Routers Each manufacturer ships their wireless routers with a default password for easy initial access. These passwords are easy to find on vendor support sites, and should therefore be changed immediately.

3. Change the Default SSID Name and Turn off SSID Broadcasting This will require your wireless client computers to manually enter the name of your SSID (Service Set Identifier) before they can connect to your network, greatly minimizing the damage from the casual user whose laptop is configured to connect to any available SSID broadcast it finds. You should also change the SSID name from the factory default, since these are just as well-known as the default passwords

4. Disable DHCP for a SOHO network with only a few computers consider disabling DHCP (Dynamic Host Configuration Protocol) on your router and assigning IP addresses to your client computers manually. On newer wireless routers, you can even restrict access to the router to specific MAC addresses.

5. Replace WEP with WPA WEP (Wired Equivalent Privacy) is a security protocol that was designed to provide a wireless computer network with a level of security and privacy comparable to what is usually expected of a wired computer network. WEP is a very weak form of security that uses common 60 or 108 bit key shared among all of the devices on the network to encrypt the wireless data. Hackers can access tools freely available on the Internet that can crack a WEP key in as little as 15 minutes. Once the WEP key is cracked, the network traffic instantly turns into clear text – making it easy for the hacker to treat the network like any open network. WPA (Wi-Fi Protected Access) is a powerful, standards-based, interoperable security technology for wireless computer networks. It provides strong data protection by using 128-bit encryption keys and dynamic session keys to ensure a wireless computer network’s privacy and security. Many cryptographers are confident that WPA addresses all the known attacks on WEP. It also adds strong user authentication, which was absent in WEP.



This and many more will be explained  at the seminar , coming with your laptop is an added advantage

Change in venue please Note that...

This is to inform the participant of the up coming seminar that our venue has been  changed for your own comfort and accessibility.

The new Venue is 1st Floor Buffallo Plaza No 2 Allen
Beside MTN office
Opposite Opebi -Allen Roundabout
Opposite Glo office
Allen Ikeja
Lagos

A platform where we will be discussing security and the latest treats
Email account Security
Laptop Security
Facebook Security
Wireless Security
Bluetooth Security
Website security
Participant will be able to detect how to notice when they have been hacked
They will also be able to prevent themselves from being hacked.
How facebook accounts gets hacked and how to prevent it.
How do hackers hack into website and how to prevent such incidents.
How do we enhance our security and prevent us from being hacked
 Information Security as a profession.
How you can begin a career in Information Security

Participants will learn how to protect their data from being hacked.
The facebook hack and how we can prevent it
Email hack and how to prevent it.
Wireless hack and how to prevent it

We will also showcase several data security products:
Password safe
System security software
Network Monitoring tools
Wireless security tools
Antimalware/ Antivirus
Firewall
 

Who should attend the seminar?

    Information Security professional
    Ethical hackers
    Forensics Investigators
    Database Administrators
    Anyone using information and communication systems
    Those aspiring to start a career in Information Security


Cost:N 500
Visit: http://cyberinfocts.eventbrite.com/
Contact to book seat for reservation +2347037288651