Archive

Archive for the ‘collecting data’ Category

Operation Facebook, Anonymous To Destroy Facebook On 5th November


 

The hacktivist group Anonymous has issued a YouTube video in English, Spanish and German announcing plans to destroy the world’s biggest social network, Facebook.


The hackers offer anyone concerned with the spread of personal information on the web to join the cause and “kill Facebook for the sake of your own privacy” in the action that “will go down in history,” setting the date for November 5, 2011.

 

“Facebook has been selling information to government agencies and giving clandestine access to information security firms so that they can spy on people from around the world,” the video statement, recorded in a typical digitally-altered voice says.

Thanks from   & onTraz 

.

 

 

 

Advertisements

ATTACK AND PROTECTION | CLICKJACKING | HACKING


I was surfing around the internet when i saw the news saying that clickjacking attack is now targeting facebook users. yeah it’s bad news for facebook user.

Now it is important to know about this attack because this is  a  very advanced attack and need some programming skill.

I will try to explain it  but it is a bit complicated for a non programmer to understand but not too hard as you are thinking now!!

Clickjacking Hacking

Clickjacking " Hacking "

Clickjacking is the short form of click hijacking. This vulnerability is used by an attacker to collect an infected user’s clicks. The attacker can force the to do all sort of things from adjusting the user’s computer settings to unwittingly sending the user to Web sites that might have malicious code.

Now how attacker can adjust user’s computer setting?? attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they were intending to click on the the top level page. Thus, the attacker is “hijacking” clicks meant for their page and routing them to other another page, most likely owned by another application, domain, or both.

The term “clickjacking” was coined by Jeremiah Grossman and Robert Hansen in 2008.

The exploit is also known as UI redressing.

Attack Example:
The user receives an email with a link to a video about a news item, but another valid page, say a product page on amazon.com, can be “hidden” on top or underneath the “PLAY” button of the news video.

The user tries to “play” the video but actually “buys” the product from Amazon.

Prevention:

NoScript: This is the best prvention aginst Clickjacking. It is a firefox addon and prevent users from clicking invisible click.
GuardedID: It is a commercial product which provides client-side clickjack protection for users of IE or Firefox without interfering with the operation of legitimate iFrames
Comitari Web Protection Suite: Comitari provides client side protection against ClickJacking (aka UI Redressing) attacks. Installed as browser add-on

Source: hackingtricks & irish web

iPhone tracker was patented – Apple snooping plot thickens!


.Apple Tracker

Apple may have denied that it’s tracking iPhone customers, but a patent application filed in 2009 suggests the company was planning to base services on a history of where a handset had been.

The iPhone manufacturer has come under fire following the public disclosure that handsets were collecting data from GPS and Wi-Fi signals – a data set that formed a record of the user’s whereabouts on the handset and on synchronised computers.

Other handsets perform similar tasks, but Apple yesterday denied tracking users and claimed that only a bug in the system was causing the phone to store location data on handsets for up to a year. Even data detailing which cells and Wi-Fi hotspots were in range need only be kept for a week, the company said.

Yet this appears to contradict a patent application for “Location Histories for Location Aware Devices” that Apple filed with the US Patent and Trademark office in September 2009.

iPhone Tracker

“A location-aware mobile device can include a baseband processor for communicating with one or more communication networks, such as a cellular network or Wi-Fi network,” Apple said in its patent application. “In some implementations, the baseband processor can collect network information (e.g., transmitter IDs) over time.”

The plan sounds almost identical to the data-accumulating file that landed Apple in hot water with privacy campaigners, after researcher revealed that the company was collecting mappable data on handset locations.

“Upon request, the network information can be translated to estimated position coordinates of the location-aware device for display on a map view or for other purposes,” the patent claimed.

“A user or application can query the location history database with a timestamp or other query to retrieve all or part of the location history for display in a map view. The location history can be used to construct a travel timeline for the location-aware device.”

The Apple patent also made it clear that it planned to create a searchable history of users’ whereabouts. “The other information and location history can be part of a personal ‘journal’ for the user, which can be queried at a later time,” the patent states.

This despite the claim yesterday that: “Apple is not tracking the location of your iPhone. Apple has never done so and has no plans to ever do so.”

Third-party access

Apple also planned, according to the patent, to allow third parties to see this data trail in a bid to build services around the system.

“The travel timeline can be used by location-aware applications running on the location-aware device or on a network,” Apple said at the time. “In some implementations, an Application Programming Interface (API) can be used by an application to query the location history database.”

Apple’s intentions may have changed from the time the patent was filed in 2009 to when the tracking utility was implemented in iOS 4. The company has so far to declined to comment on the patent.

Note: Thanks to greatkingrat_666 & PcPro for the tip-off.

Info to Irish Web & onTraz

.