Category Archives: Social Media

Hackers exploit vBulletin flaw to inject rogue admin accounts

IDG News Service – Hackers are exploiting a vulnerability in the popular vBulletin Internet forum software in order to inject rogue administrator accounts into websites using it.

The exploit was found by researchers from security firm Imperva on underground hacker forums and targets versions 4.x.x and 5.x.x of vBulletin.

At the end of August, vBulletin Solutions, the company that develops the forum software, advised users to delete the “install” directories from their vBulletin deployments because of an unspecified exploit vector.

The company declined to release any additional information about the issue at that time, but Imperva’s researchers believe it’s the same vulnerability targeted by the exploit script they found.

The vulnerability allows attackers to abuse the vBulletin configuration mechanism to create a secondary administrative account, the researchers said Wednesday in a blog post.

In order to exploit the vulnerability, attackers need to know the exact URL for the upgrade.php script from the install directories of the targeted vBulletin deployments and the vBulletin customer IDs associated with those deployments.

To obtain this information, hackers created a separate PHP script that scans vBulletin sites for the vulnerable path and extracts the customer IDs from the source code of the upgrade.php pages, the researchers said.

Once they have those details, attackers only need to choose a username and password for the rogue administrator account that will be created and the exploit will do the rest.

Retrieved from Computer World

Post reporter: Here’s why we refused the NSA’s demand to censor the names of PRISM companies

FILE - This June 6, 2013, file photo shows a sign outside the National Security Administration campus in Fort Meade, Md. Spying by the National Security Agency has cost the United States economically and angered allies, a bipartisan group of senators said Sept. 25, in unveiling legislation that would end the collection of millions of Americans' phone records and data on Internet usage. (AP Photo/Patrick Semansky, File)(Patrick Semansky/AP)

Barton Gellman, the Washington Post reporter who broke the news of the NSA online content collection program PRISM, says the government asked him to suppress the names of the nine companies participating in the program.

Speaking at a Cato Institute conference on Wednesday, Gellman said The Washington Post has a practice of talking to the government before running stories that may impact national security. According to Gelman, there were “certain things” in the PRISM slides that they agreed raised legitimate security concerns. But, he said:

Retrieved from Washington Post

Blackhole exploit kit author arrested in Russia

IDG News Service – Russian authorities have arrested the main developer of the notorious Blackhole exploit kit, one of the most popular attack tools used to infect Web users with malware.

Rumors of the arrest appeared Monday on Twitter, with independent reports from security researchers Alex Gostev from Kaspersky Lab and Maarten Boone from Fox-IT.

The Russian Ministry of Interior did not respond to several requests for comment on Tuesday.

However, a source familiar with the investigation who requested anonymity confirmed that the creator of Blackhole, a person who uses the online identity “Paunch,” has been arrested by the Russian authorities. Because the investigation is ongoing, the source declined to share additional information.

The European Cybercrime Centre (EC3) has been informed that a high-level cybercrime suspect has been arrested in Russia, Europol spokesman Soren Pedersen said Tuesday. The EC3 cannot confirm any other details including the suspect’s name or his activities, and Pedersen referred all other questions to the Russian authorities.

Kaspersky’s Gostev said via email that he learned about the arrest from a trusted source who also wished to remain anonymous.

Retrieved from ComputerWorld


Fruit-Themed Spam Hits Instagram

                         Instagram Fruit Spam

Fruit spam?

Fruit spam.

If you’ve been noticing a strange rise of fruit-related pictures in your Instagram feed today, don’t worry.  Your friends haven’t become (even more) obsessed with taking pictures of their healthy meals.

Well, you might want to worry a wee bit, because the pictures might be linked to a fruit-themed spam attack that’s slowly making its way around the popular photo-sharing service.  It’s unclear just how said spammers are getting a hold of users’ login credentials, but the attack results in a number of pictures of fruit – of all things – being posted to a person’s Instagram account.

The text accompanying the pictures also includes a Bitly hyperlink – clicked on more than 35,000 times as of this article’s writing – that takes users to a fake BBC page promoting weight-loss coffee.

“Ever seen this stuff?  I guess its super healthy, im giving it a try. I saw it on Dr Oz’s show! Link is in my bio #lovemyfollowers #health,” reads an example of one spammy photo’s description.

To its credit, Bitly is now throwing up a giant warning message for users attempting to click through to the aforementioned link.  It’s possible the fake BBC site could just be a follow-through for the spam attack that attempts to pull money (and credit card credentials) from users foolish enough to place an order for the coffee, but there could also be some kind of method for pulling a user’s login credentials hosted on the itself.  That’s the part we remain a bit in the dark on – how spammers get one’s credentials in the first place and load up one’s account with the fruity photos (in addition to changing a user’s bio to reference said fake BBC page).

The spam attack was first reported by GigaOm’s Om Malik earlier today and, according to him, Facebook hasn’t offered up any comment as to what might be going on.

Those who feel as if their accounts have been compromised only really have one major recourse: Resetting their passwords (and, hopefully, using as strong a passphrase as they can remember).  It’s also worth going into one’s third-party application access list – accessible via this link – which allows you to see what non-Instagram sites have access to your account.  Revoke the privileges of anything that sounds unknown or odd.

Beyond that, users can also check their follower lists to make sure they aren’t following any obvious spam accounts — and do report those, or any spam-filled comments you happen to find on your photos, if that’s the case.

Retrieved from PC Mag


Millions exposed by Facebook data glitch

Millions exposed by Facebook data glitch

Facebook boss Mark Zuckerberg
Facebook said the impact of the data disclosure was “minimal”

Personal details of about six million people have been inadvertently exposed by a bug in Facebook’s data archive.

The bug meant email and telephone numbers were accidentally shared with people that would not otherwise have had access to the information.

So far, there was no evidence the data exposed was being exploited for malicious ends, said Facebook.

It said it was “upset and embarrassed” by the bug, which was found by a programmer outside the company.

Bug bountyThe data exposure came about because of the way that Facebook handled contact lists and address books uploaded to the social network, it said in a security advisory.

Typically, it said, it analysed the names and contact details on those lists so it could make friend recommendations and put people in touch with those they knew.

The bug meant some of the information Facebook generated during that checking process was stored alongside the uploaded contact lists and address books.

That meant, said Facebook, that when someone had downloaded their profile this extra data had travelled with it, letting people see contact details that had not been explicitly shared with them.

An investigation into the bug showed that contact details for about six million people were inadvertently shared in this way. Despite this, Facebook said the “practical impact” had been small because information was most likely to have been shared with people who already knew the affected individuals.

The bug had now been fixed, it added.

Facebook was alerted to the bug by a member of its “White Hat” program who checks the site’s code for glitches and other loopholes. A bounty for the bug has been paid to the programmer who found it.

Retrieved from BBC news


Facebook opens first European data center, uses company-designed servers

DNP Facebook data center in Sweden

Facebook’s first European data center in Luleå, Sweden (near the Arctic Circle) is now online, and thus far it’s the only facility that’s exclusively using servers the company itself designed. Similar to the social network’s North Carolina complex that served as testing ground for its outdoor air-cooling configuration, the Swedish facility takes advantage of the region’s frigid winds. Excess heat produced by the machines is then routed to offices to keep employees warm in the chilly region. The firm claims the 900,000-square-foot center is powered entirely by hydroelectric energy — a source so reliable that Facebook saw it fit to scale down the number of backup generators by more than 70 percent. With an average power usage efficiency (PUE) of 1.07, the servers should consume 1.07 watts of energy for each watt they need to function pointing to minimal energy loss. Now that the Luleå installation is complete and operational, the company can focus on building its $1.5 billion megastructure (its biggest data center yet) in Altoona, Iowa.

Retrieved from Engadget


Facebook, Google CEOs weigh in on NSA controversy

Facebook CEO Mark Zuckerberg at a company event.(Photo: Noah Berger Bloomberg)

SAN FRANCISCO — Executives from Facebook and Google late Friday refuted reports that the companies have provided direct access to their servers for the National Security Agency and the FBI.

Reports surfaced Thursday of a security leak that technology’s biggest names were quietly cooperating with the previously undisclosed covert government surveillance program known as PRISM.

Facebook CEO Mark Zuckerberg said the social network has never been part of any program to give the U.S. government or any other government such access to its servers. “We hadn’t even heard of PRISM before yesterday,” he wrote in a post on Facebook.

Google CEO Larry Page and Chief Legal Officer David Drummond offered similar remarks in a blog post titled, “What the …?

Ditto Apple in a prepared statement yesterday.

Microsoft, Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube and Apple were all reported to be giving up data to the National Security Agency and the FBI, according to reports from The Washington Postand The Guardian.

The Internet traffic tracked was said to be that of users outside the U.S.

The technology companies have all denied that they have given full access to their servers to the government.

Each of the statements issued by Google, Facebook and other companies linked to the program has been carefully worded in ways that doesn’t rule out the possibility that the NSA has been gathering online communications as part of its efforts to uncover terrorist plots and other threats to U.S. national security.

“I think a lot of people are spending a lot of time right now trying to parse those denials,” says Lee Tien, a senior staff attorney at the Electronic Frontier Foundation, a digital rights group. “The top level point is simply: it’s pretty hard to know what those denials mean.”

That’s in part because corporate boards don’t actually have any legal responsibility to disclose that these requests for data are being received, says Jason Schloetzer, assistant professor of accounting at Georgetown University’s McDonough School of Business. “These requests come with a gag order that doesn’t allow anyone within the firm to tell anyone outside the firm or anyone else within the firm.”

Google and Twitter — the micro blogging service wasn’t named in reports on PRISM’s data collection — both take the high road in issuing so-called transparency reports that disclose the data requests they receive.

“The U.S. government does not have direct access or a “back door” to the information stored in our data centers,” Google said in its blog post Friday.

Tapping into consumer Internet companies by legal means is made possible under the Patriot Act and subsequent extensions. Similar to how technology companies can use data to target advertising, government agencies can use it as an aid in tracking terrorist movements.

“They are data companies. These algorithms to make predictions of your buying habits … similar algorithms could be used to find out if someone is a terrorist or to track their behavior. I don’t find this at all surprising. This is what we signed up for,” says Rohan Williamson, professor of finance at Georgetown University’s McDonough School of Business.

Companies don’t have a fiduciary responsibility to disclose this type of information to investors if it’s not relevant to the stock, points out University of Florida Professor Jay Ritter.

“From an investor’s point of view, the decision would be based on whether the action had a material effect on the stock price, including an effect on a loss of customers.”

Retrieved from USA Today

Twitterverse not letting up on Verizon-NSA uproar

Twitter users are poking fun at the spying controversy. The latest: The National Security Agency has an office where workers monitor cat videos all day. The Obama administration is calling to let people know when they’ve left the lights on. Government workers are tired of listening to whiny couples bickering.

These jokes are the news of the day on Twitter — that mixed with a heaping spoonful of anger.

The Twitter hashtag #NSA continues trending into the afternoon Friday, two days after The Guardian revealed that Verizon, on orders from a top secret court, has been handing over call data to national security officials and a day after The Washington Post and The Guardian reported that national security officials have for six years received information from the central servers of nine U.S. Internet companies.

Commenting after delivering a health care speech in San Jose, Calif., Obama denounced the “hype” surrounding recent news reports, and that “nobody is listening to your telephone calls” or “reading the e-mails” of U.S. citizens.

That hasn’t calmed the twitterverse.

The hashtag #NSA as well as #NSAcalledtotellme are buzzing with anger and plenty of jokes.

Verizon’s “share everything plan” and its catchphrase “Can you hear me now?” are taking particularly hard hits.

Politicians, athletes and celebrities took to Twitter to crack jokes and criticize the government. Actor Jason Biggs tweeted: ” ‘Can you hear me now?’ – Verizon customers ‘Yep.’ – The U.S. government.”

NFL player Donte’ Stallworth tweeted: “To all of my friends and associates… If you have @verizon, lose my phone number for a while lol #BusinessNotPersonal”

Former presidential hopeful Herman Cain tweeted: “Congratulations, verizon subscribers! The NSA is spying on you without probable cause!”

Verizon has not responded to the issue on their social media accounts.

retrieved from usatoday

Hackers use social media to bedevil advertisers

The hallowed halls of social media are no longer safe. Not when the operators of  botnets like Chameleon are able to systematically steal $6 million per month from advertisers in the form of payments received for clicks from infected PCs, not real consumers.

Similarly, highly publicized hacking hoaxes that bedeviled the Twitter accounts of Burger King and Jeep demonstrate just how vulnerable brands can be on social media.

And then there is pixeljacking. This refers to the  introduction of malicious code that highjacks consumer web browsers so as to push fake Internet traffic through  that identity.

This type of fraudulent traffic poses a threat to consumer privacy and wreaks havoc on advertisers and agencies that rely on accurate ad data to run their businesses.

At latest count, RadiumOne has verified over 1,000 distinct domains used by botnet operators involved in  “pixeljacking.”   We estimate the existence of over 10,000 such sites across the web. This relates to a potential fraud spend of $324 Million each year, about 5.4% of all display ad spend.

With a virtually unlimited supply of online ads to choose from, nefarious hackers have the potential to inflict greater losses for specific brands as well as the industry as a whole, driving up the cost of display advertising. Not to mention the loss of credibility that occurs when visible security threats like Twitter hacks are targeted at specific brands.

The use of social media as a platform to inflict damage and emphasis on the advertising industry as a target is unique. We are living in a time where there are now dunes of important data that can easily be accessed and used against us if it falls into the wrong hands. The complexity, frequency and scope of hacking attacks have increased exponentially as both business and technology collide in the digital age.

The good news is, there are ways of preventing these forms of attacks. Recently, the advertising tech industry has been abuzz, searching for new ways to address this drastic rise in online security and privacy threats. One approach to solve this problem would be to introduce human challenge and response tests like Captcha in order to ensure that real people are responsible for clicking on ads and driving traffic.

With the alarming progression of computer hacking and virus creation, consumers and the advertising industry at large must understand the potential exposure, and arm themselves with actionable steps to combat impression fraud.

Retrieved from USA Today

Microsoft warns of new Trojan hijacking Facebook accounts

Microsoft has issued a warning that a new piece of malware masquerading as a Google Chrome extension and Firefox add-on is making the rounds, threatening to hijack Facebook accounts

First detected in Brazil, Trojan:JS/Febipos.A attempts to keep itself updated, just like normal, legitimate browser extensions, Microsoft noted in a security bulletin late Friday.

Once downloaded, the Trojan monitors whether the infected computer is logged into a Facebook account and attempts to download a config file that will includes a list of commands for the browser extension. The malware can then perform a variety of Facebook actions, including liking a page, sharing, posting, joining a group, and chatting with the account holder’s friends.

Some variants of the malware include commands to post provocative messages written in Portuguese that contain links to other Facebook pages. The number of likes and shares on one such page grew while malware experts at Microsoft were analyzing the Trojan, suggesting that the infections are continuing to occur.

Microsoft did not indicate how the malware installs itself or how many infections might have occurred.

So while the malware appears to be designed to target users in Brazil — where Portuguese is the dominant language — Microsoft concluded that the Trojan could easily be modified to target users in other regions.

Retrieved from C-Net