Hari ini Account facebook istri saya menerima inbox seperti gambar berikut ini :

yang isi inbox nya :

Peringatan Pelanggaran

Sistem keamanan kami mendeteksi aktivitas mencurigakan di akun Anda yang melanggar Terms of Services (TOS) berupa posting yang mengandung pornografi, penghinaan, kebencian, mengancam, menghasut, kekerasan, pelanggaran hak cipta atau berisi gambar telanjang.

Silahkan konfirmasi akun Facebook Anda dalam waktu 24 jam jika Anda merasa telah terjadi kekeliruan. Jika Anda tidak mengkonfirmasi, sistem secara otomatis akan menutup akun Facebook Anda dengan anggapan bahwa indikasi tersebut benar.

Silahkan konfirmasi akun Facebook Anda di link berikut:

?http://www.facebook.security-notice.com/id  (LINK INI ADALAH PHISING HATI-HATI)

ya pasti istri saya bingung, karena tidak pernah melakukan kesalahan seperti yang disebutkan dalam pesat inbox facebook tersebut. Dengan semangat 45 saya turun tangan lah untuk mengecek pesan tersebut, dan jelas-jelas inbox tersebut dari fake account dan berniat mencuri account facebook kita. Berikut dibawah ini lampiran gambar dari web phising tersebut :

dari konfirmasi tersebut dia meminta kita mengisi  email dan password facebook kita serta tanggal lahir juga, dan pada konfirmasi selanjutnya akan meminta alamat email kita serta password email kita (hahahaha… nakal nya..)

Nah, bila kita teliti lebih lanjut sebenarnya account phising tersebut sepertinya  beralamat : Security-Notice.com

Demi kemanan teman-teman facebook saya sudah melaporkan account facebook palsu tersebut dengan alasan Fake account dan Phising link/scam

Buat teman-teman facebooker agar lebih berhati hati dan lebih teliti. Banyak contoh kasus link phising yang beredar, sebagai informasi tambahan bisa dilihat juga di link berikut : http://facecrooks.com/Safety-Center/Scam-Watch/Phishing-Alert-Fake-Message-from-Facebook-Security-stating-you-violated-a-policy.html

A new Android app makes hijacking other people’s Facebook, Twitter, YouTube and Amazon sessions a breeze over private or open wireless networks.

Called FaceNiff, the app is the work of a Polish programmer named Bartosz Ponurkiewicz and was apparently released on his website in mid-May.

“It is possible to hijack sessions only when WiFi is not using EAP, but it should work over any private networks (Open/WEP/WPA-PSK/WPA2-PSK),” the developer writes.

FaceNiff requires root access on the phone in order to work properly. Root (admin) access is not enabled by default on most devices, but there are many tutorials and tools available to obtain it.

So far, the app can hijack sessions for FaceBook, Twitter, Youtube, Amazon and Nasza-Klasa, a Polish social networking service. It has been confirmed to work on HTC Desire CM7 (CyanogenMod 7), Original Droid/Milestone CM7, SE Xperia X10, Samsung Galaxy S, Nexus 1 CM7, HTC HD2, LG Swift 2X, LG Optimus Black – original rom, LG Optimus 3D – original rom, Samsung Infuse.

Facebook scammers are tricking users to paste rogue code into their browser’s address bars in order to get a Dislike button added to their options.

The spam messages posted by victims read “Facebook now has a dislike button! Click ‘Enable Dislike Button’ to turn on the new feature!”

The scammers are using a trick to replace the Share link that appears under the message with an “Enable Dislike Button” one.

Clicking on the link will share the spam message from the user’s account with all of their friends, but also run rogue code on their computers.

“As we’ve explained before, there is no official dislike button provided by Facebook and there isn’t ever likely to be. “But it remains something that many Facebook users would like, and so scammers have often used the offer of a ‘Dislike button’ as bait for the unwary,” warns Graham Cluley, senior technology consultant at Sophos.

A second scam using the Dislike button lure is spreading by encouraging users to paste rogue JavaScript code into their browser’s address bar.

This technique is low-tech and should raise a lot more suspicion, but even so, there are enough users falling for it.

Security researchers have discovered a vulnerability in Google’s ClientLogin authentication protocol which allows potential attackers to execute session hijacking attacks against Android users.

The security hole was identified by researchers from the Institute of Media Informatics of the University of Ulm in Germany and builds on the findings of Rice University professor Dan Wallach.

In February, Mr. Wallach discovered that many Android applications sent data in clear form, a problem on unsecured wireless networks where attackers can freely sniff out traffic.

The WordPress development team has released version 3.1.2 of the popular blogging platform in order to address a privilege escalation issue affecting post publishing.

According to the release announcement, the flaw allowed Contributor-level users to improperly publish posts.

The security hole was located in press-this.php and was resolved by beginning to validate the post status against the user’s capabilities. WordPress developer and security team member Andrew Nacin together with a user named Benjamin Balter are credited with identifying the flaw. “We suggest you update to 3.1.2 promptly, especially if you allow users to register as contributors or if you have untrusted users,” the WordPress development team advises. The release also addresses several bugs that didn’t make it into WordPress 3.1.1 released less than a month ago, on April 6. These include fixing the user query ordering by post count for cases when the database table prefix is not the standard wp_, fixing tag queries which were broken in 3.1.1, preventing over-escaping of post titles when using Quick Edit for pages and ensuring Walker_PageDropdown filters titles correctly.

Google has released version 11.0.696.57 of its Google browser which addresses a large number of vulnerabilities and sets a new record for the amount of money paid to security researchers as reward in a single update. A total number of 27 vulnerabilities were patched in this release, 18 of which are rated with high severity, 6 with medium and 3 with low.

Regular Chrome security contributors Sergey Glazunov, miaubiz and kuzzcc are credited with discovering three vulnerabilities each which earned them $4,000, $2,000 and $4,000 respectively. The total payout for this release was $16,500, which exceeds the previous records set by Chrome 8.0.552.334 in February when researchers earned $14,500. There were no special $1,337 or $3,133.7 rewards associated with this release, but there were many $1,000, $1,500 and $2,000 ones suggesting that researchers also helped fix the bugs they found. Five of the patched vulnerabilities were discovered by members of the Chromium development community or Google’s own security team. “We would also like to thank miaubiz, kuzzcc, Slawomir Blazek, Drew Yao and Braden Thomas of Apple Product Security and Christian Hollier for working with us during the development cycle and helping prevent bugs from ever reaching the stable channel,” Google added.

Jakarta – Kisruh di Playstation Network belum jua berakhir. Bahkan kabar terbaru, serangan cracker berhasil menggondol data-data personal, termasuk detail kartu kredit.

Sony menyatakan bahwa data penting tersebut kemungkinan jatuh ke tangan orang asing, bersamaan dengan serangan cracker ke Playstation Network. Sampai kini, Playstation Network belum dapat difungsikan.

“Kami menemukan antara 17 April dan 19 April 2011, beberapa informasi account user Playstation Network dan layanan Qriocity dibobol dalam hubungannya dengan gangguan ilegal di jaringan kami,” kata Nick Caplin, Head of Communications Playstation.

Sony says the extended PlayStation Network (PSN) downtime is caused by an intrusion into its systems which has prompted a detailed investigation. The PlayStation Network is used by 70 million gamers, many of whom are currently infuriated after being locked out of the service for over three days. “An external intrusion on our system has affected our PlayStation Network and Qriocity services,” Patrick Seybold, Sony’s senior director of corporate communications & social media, announced.

Facebook users are targeted by a new survey scam which lures them with an app allegedly capable of showing them how they’ll would look when they’re old.

The spam message spread from the victims’ profiles reads: “hahah mine is halrious!!! check yours out :) See what you’ll look in the future! This cutting-edge technology will show you exactly how your face will look in the future!” The included link takes users to a page asking them to give an app access to post on their walls. Once installed, this application silently sends spam in their name.

Users are then redirected to a page displaying a “Show Me” button overlaid with a dialog asking them to take a survey as a security check.

Some of these surveys are deceptive and can trick users into subscribing to costly services. They are usually part of affiliate marketing schemes that pay scammers commission money.

Pengguna Skype yang ada di Android harus ekstra waspada. Berdasar temuan terbaru, aplikasi VoIP dan Video Chat tersebut rentan disusupi program jahat yang bisa mencuri data pribadi pengguna.

Bayangkan saja jika seluruh data pribadi seperti nomor dan password rekening kartu kredit yang tersimpan di ponsel Android berhasil dicuri, ketika membuka Skype.

Seperti dikutip detikINET dari engadget, Minggu (17/4/2011), ternyata program jahat tersebut menyusup melalui file chatting log pada Skype. Diketahui program jahat yang menyusup tersebut memiliki file database SQLite3.

Semoga pihak Skype segera menutup ‘lubang’ ini, dengan melakukan enkripsi file tersebut, agar tidak bisa diakses beberapa orang. Dengan meningkatnya jumlah pengguna Android, tampaknya makin banyak pelaku kejahatan cyber yang mengincarnya.

Sumber : Detik.net