Browsing articles tagged with "security Archives - kayliza"

Waspada Pencurian account Facebook

apakah scam

Hari ini Account facebook istri saya menerima inbox seperti gambar berikut ini :

yang isi inbox nya :

Facebook Securi*y

Peringatan Pelanggaran

Sistem keamanan kami mendeteksi aktivitas mencurigakan di akun Anda yang melanggar Terms of Services (TOS) berupa posting yang mengandung pornografi, penghinaan, kebencian, mengancam, menghasut, kekerasan, pelanggaran hak cipta atau berisi gambar telanjang.

Silahkan konfirmasi akun Facebook Anda dalam waktu 24 jam jika Anda merasa telah terjadi kekeliruan. Jika Anda tidak mengkonfirmasi, sistem secara otomatis akan menutup akun Facebook Anda dengan anggapan bahwa indikasi tersebut benar.

Silahkan konfirmasi akun Facebook Anda di link berikut:


ya pasti istri saya bingung, karena tidak pernah melakukan kesalahan seperti yang disebutkan dalam pesat inbox facebook tersebut. Dengan semangat 45 saya turun tangan lah untuk mengecek pesan tersebut, dan jelas-jelas inbox tersebut dari fake account dan berniat mencuri account facebook kita. Berikut dibawah ini lampiran gambar dari web phising tersebut :

dari konfirmasi tersebut dia meminta kita mengisi  email dan password facebook kita serta tanggal lahir juga, dan pada konfirmasi selanjutnya akan meminta alamat email kita serta password email kita (hahahaha… nakal nya..)

Nah, bila kita teliti lebih lanjut sebenarnya account phising tersebut sepertinya  beralamat :

Demi kemanan teman-teman facebook saya sudah melaporkan account facebook palsu tersebut dengan alasan Fake account dan Phising link/scam

Buat teman-teman facebooker agar lebih berhati hati dan lebih teliti. Banyak contoh kasus link phising yang beredar, sebagai informasi tambahan bisa dilihat juga di link berikut :




Android App Can Hijack Web Sessions over Protected Wireless Networks

A new Android app makes hijacking other people’s Facebook, Twitter, YouTube and Amazon sessions a breeze over private or open wireless networks.

Called FaceNiff, the app is the work of a Polish programmer named Bartosz Ponurkiewicz and was apparently released on his website in mid-May.

“It is possible to hijack sessions only when WiFi is not using EAP, but it should work over any private networks (Open/WEP/WPA-PSK/WPA2-PSK),” the developer writes.

FaceNiff requires root access on the phone in order to work properly. Root (admin) access is not enabled by default on most devices, but there are many tutorials and tools available to obtain it.

So far, the app can hijack sessions for FaceBook, Twitter, Youtube, Amazon and Nasza-Klasa, a Polish social networking service. It has been confirmed to work on HTC Desire CM7 (CyanogenMod 7), Original Droid/Milestone CM7, SE Xperia X10, Samsung Galaxy S, Nexus 1 CM7, HTC HD2, LG Swift 2X, LG Optimus Black – original rom, LG Optimus 3D – original rom, Samsung Infuse.


Facebook Dislike Button News Is a Code Pasting Scam

Facebook scammers are tricking users to paste rogue code into their browser’s address bars in order to get a Dislike button added to their options.

The spam messages posted by victims read “Facebook now has a dislike button! Click ‘Enable Dislike Button’ to turn on the new feature!”

The scammers are using a trick to replace the Share link that appears under the message with an “Enable Dislike Button” one.

Clicking on the link will share the spam message from the user’s account with all of their friends, but also run rogue code on their computers.

“As we’ve explained before, there is no official dislike button provided by Facebook and there isn’t ever likely to be. “But it remains something that many Facebook users would like, and so scammers have often used the offer of a ‘Dislike button’ as bait for the unwary,” warns Graham Cluley, senior technology consultant at Sophos.

A second scam using the Dislike button lure is spreading by encouraging users to paste rogue JavaScript code into their browser’s address bar.

This technique is low-tech and should raise a lot more suspicion, but even so, there are enough users falling for it.


Majority of Android Devices Vulnerable to Session Hijacking Attacks

Security researchers have discovered a vulnerability in Google’s ClientLogin authentication protocol which allows potential attackers to execute session hijacking attacks against Android users.

The security hole was identified by researchers from the Institute of Media Informatics of the University of Ulm in Germany and builds on the findings of Rice University professor Dan Wallach.

In February, Mr. Wallach discovered that many Android applications sent data in clear form, a problem on unsecured wireless networks where attackers can freely sniff out traffic.


New Security Update Available for WordPress

The WordPress development team has released version 3.1.2 of the popular blogging platform in order to address a privilege escalation issue affecting post publishing.

According to the release announcement, the flaw allowed Contributor-level users to improperly publish posts.

The security hole was located in press-this.php and was resolved by beginning to validate the post status against the user’s capabilities. WordPress developer and security team member Andrew Nacin together with a user named Benjamin Balter are credited with identifying the flaw. “We suggest you update to 3.1.2 promptly, especially if you allow users to register as contributors or if you have untrusted users,” the WordPress development team advises. The release also addresses several bugs that didn’t make it into WordPress 3.1.1 released less than a month ago, on April 6. These include fixing the user query ordering by post count for cases when the database table prefix is not the standard wp_, fixing tag queries which were broken in 3.1.1, preventing over-escaping of post titles when using Quick Edit for pages and ensuring Walker_PageDropdown filters titles correctly.



September 2017
« Sep