Archive

Archive for the ‘Fake’ Category

ATTACK AND PROTECTION | CLICKJACKING | HACKING


I was surfing around the internet when i saw the news saying that clickjacking attack is now targeting facebook users. yeah it’s bad news for facebook user.

Now it is important to know about this attack because this is  a  very advanced attack and need some programming skill.

I will try to explain it  but it is a bit complicated for a non programmer to understand but not too hard as you are thinking now!!

Clickjacking Hacking

Clickjacking " Hacking "

Clickjacking is the short form of click hijacking. This vulnerability is used by an attacker to collect an infected user’s clicks. The attacker can force the to do all sort of things from adjusting the user’s computer settings to unwittingly sending the user to Web sites that might have malicious code.

Now how attacker can adjust user’s computer setting?? attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they were intending to click on the the top level page. Thus, the attacker is “hijacking” clicks meant for their page and routing them to other another page, most likely owned by another application, domain, or both.

The term “clickjacking” was coined by Jeremiah Grossman and Robert Hansen in 2008.

The exploit is also known as UI redressing.

Attack Example:
The user receives an email with a link to a video about a news item, but another valid page, say a product page on amazon.com, can be “hidden” on top or underneath the “PLAY” button of the news video.

The user tries to “play” the video but actually “buys” the product from Amazon.

Prevention:

NoScript: This is the best prvention aginst Clickjacking. It is a firefox addon and prevent users from clicking invisible click.
GuardedID: It is a commercial product which provides client-side clickjack protection for users of IE or Firefox without interfering with the operation of legitimate iFrames
Comitari Web Protection Suite: Comitari provides client side protection against ClickJacking (aka UI Redressing) attacks. Installed as browser add-on

Source: hackingtricks & irish web

Advertisements

Beware of fake Facebook ‘dislike’ button


Beware of the fake Facebook ‘dislike’ button.

Facebook Security advise you not to click on suspicious links on Facebook.

“We’re working hard to block and remove malicious applications that claim to provide dislike functionality and inadvertently update people’s statuses,”

“It’s important to keep in mind that there is no official dislike button. Also, don’t click on strange links, even if they are from friends, and notify the person and report the link if you see something suspicious.”

If you accidentally installed the fake application,

Facebook

Stay Safe on Facebook

click on the “account” button at the top right of the Facebook home screen. Navigate to the option that says “application settings,” and disable the fake “dislike” application.

If the app has posted to your Facebook wall, go to your profile page and delete those posts to stop the scam from spreading further. mashable also recommends checking your “interests” and “likes” settings from the “edit my profile” menu, to be sure that the app hasn’t lodged itself there as well.

Or Facebook may do all of that for you.

Mashable Write

Android-powered iPed, China rips off Apple iPad, surprises no one.


iped

Well lookey here, it seem that the land where counterfeit products outnumber the aggregate of legitimate electronics, software, clothes, accessories, etc. (etc. etc.) has just started making their own Apple iPad, only it’s called the “iPed” and it doesn’t come from Apple. In the same Chinese city that Apple’s iPhone and iPad manufacturing plant calls home, the Chinese “iPed” has just started getting some serious traction. Reports have Chinese news stations covering the launch of this obvious iPad rip-off, which uses the Android mobile operating system in place of the Apple’s iPhone OS.

According to reports, the iPed is on sale in Shenzen, China. That’s the same place that all our iPhones and iPads are manufactured – in the Foxconn manufacturing facility that has been getting so much bad press recently. It’s not clear how the proximity of the Foxconn plant helped make the iPed almost aesthetically identical to what Apple launched earlier this year. The Chinese Android-powered tablet even ships in a box that looks like something that Apple sells in its retail stores around the US.

So, what’s different about the iPed? Well, it runs Android OS and it’s called the iPed. Oh, and it’s slightly uglier than the iPad. On the one hand, you gotta hand it to these Chinese rip-off artists for their ambition and “creativity.”

So the Questions is, will you buy it.