Docstoc

How To Hack Facebook profile

Document Sample
How To Hack Facebook profile Powered By Docstoc
					                  savid INSIGHT                                                                                                   Volume 1 Issue 5




How to Hack A                                                                                    IPv6 – New
                                                                                                 Protocol,
Facebook Pro le                                                                                  less security?
                                                                                                 Is your password protected?


                                                                                                 D
Attack Content Distribution Networks                                                                         id you know that most of the mobile




A
                                                                                                 p          phones in Asia do not use IPv4
             s the clouds continues to        And that is what led to an arrest and                         to communicate with the Internet?
             roll in, (Sorry, I had to...),   charges for a privacy breach. During                          They use IPv6 to IPv4 tunneling
             we are learning of more          his presentation, Heinrich demonstrated                        because they have run out of IP
             attacks being successful         this vulnerability at Flickr, Facebook,            address space in most parts of Asia. The
              against organizations such      and MySpace. He demonstrated how                   quick move to IPv6 by other countries has
as Google, Facebook, and others. The          we could access the private photos                 promoted a global growth in IPv6 as many
latest is from a security researcher,         of his fellow researcher, Chris                    Asian manufacturers require their US
Christian Heinrich, located in                G a t f o r d ’s , w i f e . O n e e x a m p l e   counterparts to integrate with their supply
Australia. He reverse engineered the          showed a picture of Chris Gatford’s                chain using IPv6.
algorithm Facebook uses to access             wife and child. The Queensland                              The problem is when we talked to
your personal photos. Since Facebook          Police responded to a complaint,                   enterprises they are not ready for IPv6
is a massively distributed application,       although we don’t know who filed                   even though IPv6 has been supported by
items such as photos and larger files         the complaint about Heinrich’s                     vendors like Cisco for over 8 years. Many
are placed into a content distribution        breach of Chris Gatford’s wife’s                   organizations do not understand the fundamental
network (CDN) such as that provided           privacy caused by the demonstration.               differences in IPv6 and that is cause of
by Amazon, Akamai, and others in              The Police responded by arresting a                some security concerns.
order to reduce the load on                   reporter for the Sidney Morning                             First, Network Address Translation
Facebook’s servers. The thing is, the         Herald, who had interviewed Heinrich               (NAT) is no longer available in IPv6
CDNs don’t integrate into                     about his presentation, and seized                 because it is impossible to use up the entire
Facebook’s authentication framework           the reporter’s iPad.                               IPv6 address space. The length of an IPv6
since the CDN just stores files and                        Is this really Facebook’s or          address is 128 bits, compared to 32 bits in
serves them to anyone that requests           Flickr’s problem or the CDN’s? It                  IPv4 which means you can have a total of
the proper filename. Guess the                most definitely is the content                     3.4×1038 addresses which is a lot more
filename of he private photos for a           p r o d u c e r ’s p r o b l e m . T h e C D N     than IPv4. However, many SMB rely upon
person on Facebook, send the request          networks can provide authentication                NAT to hide their servers from the Internet.
to the CDN, and you get the photo in          and more advanced security controls                While this is simply security through
return.                                       but that lowers performance by 30%                 obscurity the fact is NAT works! Without
                                              or more.                                           NAT, you may need to rethink or purchase
                                                                          continued on page 2    additional equipment to protect IPv6 servers.
                                                                                                          Next, many IT professional have
                                                                                                 read that IPv6 is inherently more secure than
                            Inside this Issue                                                    IPv4 because authentication and encryption
                                                                                                 is baked into the IPv6 protocol. While it is
   How to hack a -------------------- 1          Monthly Special----------- 4                    part of the specification, the technology still
   Facebook profile?                             Receive a free 37 Point Assessment
                                                                                                 needs to be configured and deployed and has
   Attack Content Distribution Networks          of your IT environment                          the similar performance problems with its
                                                                                                 IPv4 counterpart which means if you
   IPv6 – New Protocol, ---------1                                                               couldn’t get management to buy into IPv4
                                                 The CEO Corner---------- 2                      encryption good luck with IPv6.
   less security?                                Michael Davis shares his thoughts
                                                                                                          Back to that huge address space we
   Know the value of your ----- 3                Events--------------------------- 3
                                                                                                 talked about earlier. We regularly hear that
   business becoming a Social                                                                    IPv6’s huge address space makes it immune
   Media butterfly.                                                                              to port scanning.
                                                                                                                               continued on page 2
   .
How to hack a Facebook profile?                    IPv6 – New Protocol, less security? Is
Attack Content Distribution Networks.              your password protected?
continued from page 1                              continued from page 1


Ah, the old security versus performance            By far the most common IPv6 subnet
argument. That age old argument is                 prefix is 64 bits, which supports up
why this little and perhaps unknown                to 1.8 x 1019 individual addresses.
arrest in Australia affects your                   Assuming a port scanner could “hit”
organization whether you using a CDN               one address per second; a scan of the
or not. When the age old performance               entire address space of a 64-bit
                                                   subnet would take over 584 billion
versus security argument comes up, the                                                          What are the key security considerations with
                                                   years! The problem is that most port
focus must be on the data type. Many                                                            IPV6 you need to be in front of?
                                                   scanners use predictive algorithms to
pieces of data are not considered                  greatly optimize their scanning capa-        •Security means more than firewalls and ACLs.
private or confidential, but if they are           bilities and don’t just hit one port per     Ensure all your IP systems are ready for IPv6
you must stick to the security guns and            host at a time so while it will slow         such as your IDS/IPS, SIEM, etc.
only allow authenticated and authorized            port scanning down; it definitely            •Networking devices may process IPv6 in
access to that data. Your argument back            won’t take 584 billion years for one         software. This is an opportunity for CPU
to IT or development about the performance         scan. Also don’t forget, security            depletion attacks.
gains is to analyze the increase in                professionals have legitimate uses           •Many modern operating systems enable IPv6
performance from only allowing the                 for port scanning too so this IPv6           by default. Do you know everywhere these
                                                   “feature” can cause administrative           OSes reside and how to secure them?
non-confidential data to be accessed
                                                   problems too.                                •IPv6 code is new. There have been security
without security controls. Meeting                                                              holes, and there will be more, so make sure you
                                                             Lastly, we believe the
them halfway means they may have to                                                             monitor. Remember, black hats are studying
                                                   biggest security issue with IPv6 is
accept a 15% or 20% increase in                    the ease of configuration. Give this a       IPv6 closely.
performance that is less than perhaps              try. Install 2 Windows machines.             •There are three legs to the security stool:
the increase they were looking for but             Next, disable IPv4. You will be              tools, people and processes/policies. Budget
it is better than no increase at all.              amazed that communication between            sufficient time and money to update procedures
                                                   the two devices still works. By              and train your people.
                                                   default IPv6 is enabled and function-
                                                   ing and most admins do not disable                    There are other deployment and
                                                   IPv6 which means an attacker could           security concerns for IPv6 and we will
                                                   start using IPv6 to communicate              continue to discuss them as IPv6 continues to
                                                   between machines and evade any               be deployed. If you are not ensuring new
                                                   IPv4 or host based Ipv4 firewalls that       security technology you purchase is IPv6
                                                   are installed. Add to this scenario the      capable, stop what you are doing and go do an
                                                   ability to tunnel IPv6 into IPv4 and         audit right now and update any RFP or RFQ
                                                   they could use one IPv4 server to            documents IT uses when purchasing security
                                                   proxy all their malicious traffic            technologies otherwise the security issues
                                                   through to your unknown and                  within IPv6 could come up and bite you.
                                                   unmanaged IPv6 network.


                                   CEO Corner                                                      Check this out!
                        As IT looks to outsource more functions to the cloud most                 Top 10 Mobile Application
                        businesses find out that cloud services are pay as you go
                        based on some metrics such as transactions, gigabytes of
                                                                                                        Security Risks
                        storage, or CPU cycles. This finite measurement of utility can be
                        difficult to estimate for many IT organizations but the process
                        may be worth the pain because of a hidden benefit.

      I am starting to see IT organizations use the same metrics cloud providers are using to
      charge them in order to charge the business for IT services. This seems like a simple     This on-demand webinar teaches you
      and elegant idea and it might take off. Example: Want to purchase a mobile device         how to strategically approach mobile
      security product? Simple, charge an extra $1 per phone per month to the business.           security, so you can stay one step
      Want to purchase a new backup system? Charge users per gigabyte backed-up.                         ahead of attackers .
      Outsourced vendors are helping shape the “IT as a service” strategy into a reality and
      the use of such simple payment schemes enables IT to more easily estimate Return on
      Investment and cost.                                                                         Call 877-307-0444 for more information
                                                                                                              or watch today @
      With all the things IT does to help create business value, don’t be surprised when you      http://www.savidtech.com/top10mobilerisks
      get a bill from IT.
Know the Value of your business
becoming a Social Media butterfly.
 For most of us Facebook, Twitter, and Linkedln have become part of our daily lives
 which is why your marketing or sales team may be coming to you asking about
 having the company join these social media networks. You may still be skeptical on
 how this could benefit your business so we decided to give you the top reasons why
 social media is here to stay.
          Once thought of as a fad,         Increases Customer Loyalty & Trust:
social media is now a fundamental way       Providing knowledge and insight through
we communicate and conduct business.        thought leadership to your readers will
According to comScore, 22% of               help build their trust in the company,                          So marketing and sales have good inten-
Fortune 500 companies now have              which will make them do business with                 tional but if you are still skeptical you have every
public-facing blogs which created           you rather than your competition. It will             right to be. According to InformationWeek’s 2011
additional web presence. In 2010, Twitter   also improve the chances of customer                  Strategic Security Survey of over 1,000 business
gained 100 million users, while more                                                              and security professionals, more than 70% think
                                            recommendations.                                      that social media sites present a threat to their organi-
than 250 million people connect to
                                                                                                  zation and 58% believe data loss is possible from
Facebook every month. Chicago was           Lead Generation:                                      employees having access to social media sites. If
the fastest growing city on Facebook in     With millions of users logging in daily don’t         you have social media policies but are not enforcing
terms of usage in 2010 (AllFacebook.com);   underestimate the power of social media.              them, start enforcing them immediately as more
how many of these users are your            These platforms connect you to qualified              social media attacks are being launched every day
company’s target market? By intergrad-      leads and when used right in will bring in            but realize that enforcement does not mean
ing social media into your companies        more traffic than the search engines.                 disabling access. Now that you know why sales
marketing plan, your target market is       There are over 700,000 local businesses on            and marketing are asking for these changes, work
more accessible than you think.             Facebook and those businesses have created            with sales and marketing and properly educate
                                            more than 5.3 billion fans for their sites.           your organization on social media risks.
The Benefits that                Social                                                                     Since employees have children or spouses
                                                                                                  at home using the same social networks, we have
Media Can Provide:                                      In the end, social media is a             seen much better security awareness retention
                                              privilege and a tool — one more opportunity         rates when the organization opens up social media
Branding and Awareness:                       to run a more productive and success-               sites but uses their awareness training to educate
By using social media sites such as           ful business. Now that you know the                 the employee about company and personal social
Twitter, Facebook, and LinkedIn your          reason why Social Media can benefit                 media security risks. Helping employees protect
company will gain new exposure and            your company here’s how you can help                themselves at work and at home while helping
be known in the industry which increases      your marketing and sales team the right             sales and marketing attract new customers is a
brand awareness and improves brand            way with technology by making sure                  win-win for all.


                                                                                                  Monthly Events
reputation.                                   that these components are in check before
                                              becoming a Social Media butterfly.
Building Community:                                     First, remember that your employees
Build your number of business contacts        are users of social media too. They follow
and enhance your reputation as an expert      other brands and companies they want to             June 9th @ 9:00am -5:00pm, CAMP IT-
in your industry. Connect with other          buy from. This can be a problem for your            Enterprise Risk/Security Management
professionals in your field to share          company because of the dreaded password             If attending this event stop by out table to win fun
                                                                                                  gadgets, and big prizes. Join us at the Donald E.
information with like-minded people.          sloth problem. Password sloth refers to             Stephens Convention Center Rosemont, IL (O'Hare)
Leverage these online communities for         using the same passwords for more than
your business by being a valued               one account or website and if that password         Happy Hour, Cocktails and Conversation @
member of the community yourself.             your employees use on Facebook is the
                                                                                                  5:30pm-7:30pm, VIP Lounge
                                              same as their VPN password it could cause           Attended CAMP IT or in the area? Join us for a
Research and Development:                     a breach.                                           complimentary Happy Hour at the Crown Plaza
Social Media allows for better track-                   Second, watch out for the negative
                                                                                                  Hotel in Rosemont, IL (across from the Donald E.
ing through clicks and other metrics          impact of social media. While social media          Stephens Convention Center Rosemont, IL (O'Hare)
captured online versus in traditional         can help your company acquire new customers,
media (like TV, newsprint, magazines,         it can also quickly lead to reputational            Complimentary Executive Briefing, by
radio). Instant surveys can be conducted      impacts if the company responds improperly          appointment only.
for enhanced product decision making.         to social media questions or concerns.              Michael Davis will review his 2011 Security Report
                                              Social media is a double edged sword.               discussing the results of a year long study of over
                                                        Lastly, most organizations that
Increases Customer Loyalty & Trust:                                                               1,300 security professionals in the US. demonstrating
                                              start embracing social media end up opening         how organizations approach security strategically,
Providing knowledge and insight
                                              up social media sites to employees so they          and how you can learn from the mistakes of others.
through thought leadership to your
                                              can use them while at work. If employees
readers will help build their trust in the
                                              have the capability to interact on social           June 23rd @2:00pm CST. How to Properly
company, which will make them do
                                              networks it is likely they may talk about
business with you rather than your                                                                Perform a Risk Assessment, Webinar Learn
                                              your company in a negative way, discuss
competition. It will also improve the                                                             cutting edge information on how to perform a
                                              internal projects, or accidentally leak             risk assessment with this free webinar! Register
chances of customer recommendations.
                                              confidential data so you must be prepared           here today:
                                              with proper social media policies.              http://www.savidtech.com/landing/proper_risk_assessment_webinar.php
                18470 Thompson Ct. Ste. 2B
                Tinley Park, IL 60477




Take a Break!                                                 Like Us” on Facebook
                                                              and be entered to win
                                                                                                                              Follow Us On

                                                              $50 Best Buy Gift Card!                                        http://www.facebook.com/savidtech

                                                              Savid Technologies is very active in our                       http://twitter.com/savidtech
                                                              web presence on Facebook, Twitter, and
                                                              LinkedIn and we want to interact more with                     http://www.savidtech.com/blog
                                                              YOU. We will make sure all your IT or                   BLOG



                                                              security questions are answered! We regularly
                                                              post:
                                                              Exclusive content including the latest IT                      Joke of the Month
                                                              trends and security threats to help keep your           “How can you get four suits for a
                                                              valuable data protected and your networks                dollar? Buy a deck of cards.”
                                                              running smoothly with no IT headaches
                                                              .                                                     Got a funny joke? Send it to us at
                                                              Informational videos featuring our experi-            info@savidtech.com and we may include it
              Monthly Trivia                                  enced IT engineers educating on the newest            in an upcoming issue.
                                                              technologies as well as our security experts
Be the first to email us the correct answer and win a         providing information on the latest threats
              $20 Starbucks Gift Card!
                                                                                                                                         FREE
                                                              and how to prevent your organization from
                                                              becoming a target.
Given these words, think of a famous person whose
first and last names conceal the words. The given word Upcoming events & promotions such as                                              37 Point
extends to both the first and last names and is not informational webinars, complimentary                                                Assessment
 concealed entirely in the first or last name alone. lunch & learns, and exclusive executive                                             of your IT
                       Example: Heap                                     briefings for you and your organization.                        Environment
                  Answer: Rhea Perlman
                                                                         "LIKE" us today and we will enter you to
          Words: Shop, Case Lined, Idle, Lore
                                                                         win a $50 Best Buy Gift Card! Start             Valid through the month of June.
 E m a i l y o u r a n s w e r t o : i n f o @ s a v i d t e c h . c o m interacting with us to gain exclusive,        Contact 877-307-0444 to schedule your
 and look for the winner listed in next months newsletter valuable information within the IT industry                   appointment or for more details.
Congratulations to last months trivia winner Greg Bee.

				
DOCUMENT INFO
Shared By:
Stats:
views:100
posted:11/23/2012
language:
pages:4
Description: How To Hack Facebook profile