Even if you are aware of the latest defence methods in order to keep you safe online, save you from Phishing or Java- Driveby’s, Your facebook account may not be totally secure.
A new feature introduced in facebook called groups, allows members to interact with each other and post on the groups wall. A member of the group can invite his/her other friends to the group and they automatically get added without a confirmation.
If you don't know which all groups are you a member of, you can check it in the left hand side of your facebook page.
For ex, following are the groups I’m a member of :
A latest bug in facebook, allows the attacker to post status updates from your account, or post anything he wants in any of the groups you have joined.
Let’s suppose that the attacker is one of your friends on facebook, and he has your primary email id through which you login.
Now, all he would have to do, is to send a fake mail tosomething@groups.facebook.com
Where "something" is the name of the group in which he wants to post anything on your behalf.
The result would be something like this:
He could send mail to that email id ( abc@m.facebook.com ) from the email account you use of facebook using a simple trick known as email spoofing. This can be used to post status updates, comments on any update, and even to change your account settings.
Also, make sure you change your personalized email ( @m.facebook.com ) every few days in order to be safe.
Be Secure.
Happy Hacking.
Special thanks to Shavik and Sai Satish of AH. :)
Email me : aditya1391@facebook.com
simply a great post...
ReplyDeletei thought till now my fb a/c is safe ;)
Leave aside email spoofing.
ReplyDeleteif you can achieve SMS spoofing you can update status. add / remove friends and join unjoin community / pages.
procedure would be same as that of email forging.
SMS number is just one number that is used by facebook across all places and sender's number will be the registered mobile number.
Goooodddddddd one.................
ReplyDeleteWill do dis steps for security...............
thanksss............
omg!!!reli a useful piece of info!!superb!thnx...wil try implementin it..
ReplyDeleteVery helpful article. Kudos, adi! :) Two thumbs up ;-)
ReplyDeleteg8t job man,,,, highly appriciable work
ReplyDeletehappy hacking.
really u r a geek.