Author |
Message |
Obi-Wan Knievel
*** BANNED ***
Joined: 10 Dec 2006
Posts: 1486
Location: Bald Knob, NF
|
Posted:
Mon Feb 11, 2008 7:24 am |
|
Alright, time for an SFQ about Facebook and similar sites where you create a little profile. Yes, I'm a moron in such things. Here we go...
I have a nice little profile on Facebook, and I even go there from time to time. A co-worker of mine, who possibly knows less about computers than I do, absolutely won't set up a facebook thing because she knows someone who knows someone who had their entire computer hacked through a profile and all sorts of nasty things happened. She was denied access to her machine, evil mail was sent from her account, things levitated in her house, etc. etc. and her cyber-attacker insisted on a huge ransom to be paid before he'd release control of her computer. The police got involved but of course the guy got away with it.
I've heard the story before. It always happens to an innocent young woman or girl, and it's ALWAYS a friend of a friend. There's never any indication of giving out a password, but even if she did it seems a bit far-fetched. All the logical indicators scream urban legend, but I just have to know...
- Is that even possible?
- Has that ever happened to anyone here? (no FOAF's) |
|
|
|
|
Reaper
Hello I'm New here!
Joined: 06 May 2007
Posts: 0
Location: Travelling in a fried-out combie. On a hippie trail, head full of zombie...
|
Posted:
Mon Feb 11, 2008 8:11 am |
|
1. Not sure. 2. Nope. Maybe because my Facebook has a llama picture on it? |
_________________ 110+
x15 x18 50+
Shola - 4.3k miles Lagos - Abidjan | Lagos - N'Djamena, Chad | Lagos - Sokoto "i have not eaten anything except water"
Mr Floyd - Lagos - N'Djamena, Chad | Lagos -N'Djamena --> Abeche, with RS (7 days in hell ) "we are dieing here"
Art Trophies: <a href="http://forum.419eater.com/forum/viewtopic.php?t=129502">Eva Bust</a> - <a href="http://forum.419eater.com/forum/viewtopic.php?t=135167">Reaper's Art Gallery</a>
- I am the King of Rome, and above grammar
|
|
|
|
Ivor Grimey Colon
"Trophy slut"
Joined: 16 Jun 2005
Posts: 1338
Location: England
|
Posted:
Mon Feb 11, 2008 8:21 am |
|
Obi-Wan Knievel wrote: |
- Is that even possible? |
It depends what you mean by "having their entire computer hacked through their profile". If you mean that information posted on their profile/submitted to the owners of a third party 'application' was used to gain access to their computer, I suppose that's not beyond the realms of possibility. If you mean some uber hacker using her profile page as a way into her computer, then absolutely not. Facebook pages are stored on the Facebook server, there's no way for anyone to gain access to yours or any other computer by looking at your facebook page. |
_________________ x25 x24 Togo-Ghana "If i tell you that i am happy the way you are playing me i am a lier" - Uche Onwuka
"YOU ARE AN IDIOT AND SON OF A BITCH" - Barrister Melodie Bekee
"If your bait does not cause an ethics thread, you are not baiting hard enough." - YeaWhatever
Pimp My Number | A Donation a Day keeps Nurse Nasty at bay |
|
|
|
Rodus
Baiting Guru
Joined: 13 Dec 2006
Posts: 3685
Location: Back under the cold shower
|
Posted:
Mon Feb 11, 2008 12:10 pm |
|
^^Ditto Ivor, you can't be hacked through facebook. If however she was using her dogs name as a password and put that on her facebook page then yes, thats possible. |
_________________ I will kiss you romance u,suck and penetrate u - Williams Muyeke
now am as poor as a church rat - Lou1s Mar1on
I AM FINANCIALLY DEAD RIGHT AWAY - Louis in Accra
u can keep sending money to Gomer and leave me alone - Agent Smith cracks up
Lou1s Mar1on - Lagos to Accra (satellite IP) - "so, what i need to do to get out of these place?"
- 18 mths: Louis
The*Catb1ngo Hotel*
*My Church*
x23 |
|
|
|
Scam Patroller
Baiting Guru
Joined: 08 Jul 2004
Posts: 11857
Location: UK
|
Posted:
Mon Feb 11, 2008 12:31 pm |
|
I do remember something, which I don't think was just facebook related, although it was targeted, basically, your computer picks up a virus/malaware, it's called "ransomware", where your machine is taken over after the virus/malaware is run, and the person who owns that particular ransomware then demands a payment from you in order to give control of your computer back to you:
http://en.wikipedia.org/wiki/Ransomware_(malware)
Quote: |
A cryptovirus, cryptotrojan or cryptoworm is a type of malware that encrypts the data belonging to an individual on a computer, demanding a ransom for its restoration. The term ransomware is commonly used to describe such software, although the field known as cryptovirology predates the term "ransomware". |
Facebook Ransomware |
_________________
40x 4x 2x 2x 10x 34x 17x 9x 1x 1x 6x 4x 1x 6x 1x 23x
YMCA Summer Holdiay + Bus Hijack
www.scamwarners.com - www.scam-info-links.info - www.aa419.org - The Numpties Gallery |
|
|
|
Rodus
Baiting Guru
Joined: 13 Dec 2006
Posts: 3685
Location: Back under the cold shower
|
Posted:
Mon Feb 11, 2008 12:35 pm |
|
^^Pretty nasty, in this circumstance the safest route out is to A: Remove hard drive. B: Hit said hard drive with sledge hammer until in small pieces. C: Buy new hard drive and keep virus checkers up to date. N way would I use the same drive after this, too much potential for the trojan authors to have left back doors open/other viruses dormant. |
_________________ I will kiss you romance u,suck and penetrate u - Williams Muyeke
now am as poor as a church rat - Lou1s Mar1on
I AM FINANCIALLY DEAD RIGHT AWAY - Louis in Accra
u can keep sending money to Gomer and leave me alone - Agent Smith cracks up
Lou1s Mar1on - Lagos to Accra (satellite IP) - "so, what i need to do to get out of these place?"
- 18 mths: Louis
The*Catb1ngo Hotel*
*My Church*
x23 |
|
|
|
Eliza_Doolittle
"Warned for lad hugging"
Joined: 16 Mar 2006
Posts: 1979
Location: Contemplating a plan to steal Shiver's cat
|
Posted:
Mon Feb 11, 2008 1:40 pm |
|
When you are setting up accounts online you should use passwords that people cannot guess. So if you are stupid enough to use something that would be easy to guess (your kid's name or wife's name - husband's name, etc) - then you may have someone who is close to you be able to get into the system and lock you out.
Sadly, we have people like this out there. |
_________________ Uch3nna - 222km Lagos, Nigeria to Cotonou, Benin
M4rtins Uzo - Lagos to Abuja "l have spent money,time,took risk to travel all the way from lagos to abuja to meet you.(8 good hours on board)."
Ed - Port Harcourt to Kaduna
vLad's ebay auction states "Wonderful seller! Thinks "out of the box" to get item to you."
<br>
<a href="http://www.youtube.com/user/MrsRobinson419"> Click to see the videos Ed sent me.</a><br>
<A href="http://members.419eater.com/~eliza_doolittle/index.html"> Eliza's lad quotes, photos, and audio files</a>
x12
*this sig icon has been censored* <br><a href="http://members.419eater.com/~eliza_doolittle/809104_ML.pdf" > click here</a> for a Bank Account Transfer Form.
|
|
|
|
Obi-Wan Knievel
*** BANNED ***
Joined: 10 Dec 2006
Posts: 1486
Location: Bald Knob, NF
|
Posted:
Mon Feb 11, 2008 2:25 pm |
|
Well I'll be danged... it's possible at least with this ransomware thing. Lucky for me I don't keep anything important without a backup on my drive, because I'd just nuke the whole thing and reinstall all my data.
Geez, let's hope our lads don't catch on with this "modality". I still think those stories are BS though! |
|
|
|
|
PRS Girly Girl
Will Post for Food
Joined: 06 Mar 2007
Posts: 1174
Location: Any place where cute shoes are on sale.
|
Posted:
Mon Feb 11, 2008 6:39 pm |
|
A bit off-topic, but still a Facebook problem related issue is this very recent article about deleting Facebook accounts. |
_________________ "A pessimist is a man who thinks all women are bad. An optimist is a man who hopes they are." Chauncey Mitchell Depew
"Women and cats will do as they please, and men and dogs should relax and get used to the idea." Robert A. Heinlein
x3
Banjul, The Gambia to Dakar, Senegal and back. 0usman C4mar4 |
|
|
|
bearkat419
Baiting Guru
Joined: 25 Jun 2007
Posts: 4445
Location: Houston, TX
|
Posted:
Mon Feb 11, 2008 6:54 pm |
|
It is possible that your email account could be hacked based on information that you post on facebook (or any profile site). Most email accounts with security questions for forgotten passwords use common information like "what high school did you go to" or "what is your pet's name." If you post your email address, and information about yourself, on the profile... someone intent on doing harm could find everything they need to get access.
If your FOAF had her machine compromised, it is much more likely that she opened an attachment in an email without proper tinfoil on her computer. It is possible that the offending email spoofed the facebook domain to look like it came from there... |
_________________ |
|
|
|
Stoker Thompson
419Eater is my life
Joined: 11 Apr 2007
Posts: 271
Location: Out There.
|
Posted:
Mon Feb 11, 2008 10:34 pm |
|
Most of my clients who get their computers hacked do so because of web based exploits rather then lame password security.
But yes, the facebook profile makes perfect sense for getting that type of personal information.
However the hacker would still need to find the computer to compromise it. Hmmm it's been a while since I played around like that but programs like ICQ used to show the IP of the person you were chatting with. I doubt modern clients Like Skype expose that information.
The most likely vector would be getting the victim to go to an infected page and click on a link that would trigger the exploit. In this case facebook, and other social sites, would just be used to herd victims to whatever exploit the gang was running.
There was a famous Pen test done where a corporation with a very expensive firewall/AV/IPS system was compromised on the first day of the test. The Security company (That was hired to do the test) hired a bunch of interns to stand around outside the company with questionnaires. If you answered the questions you were given a free CD of Music. Of course the employees then went to their work computer and played the music CD which promptly uploaded the exploit.
In my experience, even after all of the lectures and lessons, the amount of people who will willingly infect their own system for a free song or a chance to look at naked celebrity pictures is truly staggering. |
|
|
|
|
thud419
Baiting Guru
Joined: 04 Jan 2006
Posts: 3193
|
Posted:
Tue Feb 12, 2008 10:07 am |
|
Someone stood around in a London train station a while ago and offered people a Mars bar for the password of their work PC. Lots of people got the Mars bar, but of course I would have done too, and my PC would still be secure
This strikes me as a story that has been misunderstood several times during its transmission from person to person. It is certainly possible, and it happens, to hijack a facebook account. All you need is the password once. Hijacking happens for the usual bullying reasons and with the expected bullying outcome. It can be a long time before you get the account back - or it would seem a long time. Of course once a hacker got the facebook account, there's a good chance they could get the email account too, and maybe even the online banking, paypal, ebay etc, depending on how many different passwords the victim uses. (How many of your passwords are in your email inbox for safe keeping?)
Most people these days use their computer offline for one thing; word-processing. Everything else is done on-line with a web browser. Once all their online accounts are hijacked they may very well think that their computer had been hacked - or at least express it that way. Many people do not have a clear idea of what a computer is or where its boundaries are. It is a magical technology. |
_________________ Click here to feel warm and cozy.
I did not f**k your wife in any way -- Nike Akanbi
I don't know what else to do or do I continue filling and filling forms. -- Barr. Koloti
you has been dribbling me up and down but I will show some thing you have never seen before, I think you breath air wait and see. -- Barr. Cole
x14
x 0.25 won from Reaper in a sucker's bet
x8 x several |
|
|
|
Obi-Wan Knievel
*** BANNED ***
Joined: 10 Dec 2006
Posts: 1486
Location: Bald Knob, NF
|
Posted:
Wed Feb 13, 2008 3:59 am |
|
Stoker Thompson wrote: |
the amount of people who will willingly infect their own system for a free song or a chance to look at naked celebrity pictures is truly staggering. |
Yeah, those dumbasses! Ummmm, you wouldn't know which naked celebrities would you? Because you know I have this friend who's into that sort of thing...
But seriously folks. So the bottom line it that a computer can get "pwned" if the user is careless, but it's no more likely on Facebook than it is anywhere else on the web by the look of things. Thanks for the info guys. |
|
|
|
|
rootuser
Elite Baiter
Joined: 10 Dec 2007
Posts: 1632
Location: Right behind you
|
Posted:
Wed Feb 13, 2008 4:09 am |
|
A nice variation of the pen-test is this:
Here in Hong Kong you can often enough see people giving out some promotional CDs, that way it would also be possible to spread malware.
Otherwise you just leave a CD in an area that is frequently visited, like a public toilet.
When using the first option the CD of course should look quite good, for the second option it's enough to have a simple CD-R labeled by hand with something like "Games" or "Pr0n".
Somebody is bound to try out what's on the disc. |
_________________ "..., if it not the destiny has reduced us together, then who?"
"may u die tomorrow in jesus name"
"The devil has eaten away your soul as you will decay in the hail fire, so go and die with your dyning devil hopless devil advocate."
"This is what i sent to them am not with any money to go back to nigeria pls help."
(0.25 go to fake_buster)
x4 Wole A.: Akure, Nigeria to Cotonou, Benin, Akure, Nigeria to Tanguieta, Benin (both with Thomas-the-Tank and Simba), Akure, Nigeria to Kano, Nigeria (with TtT and OD), Akure, Nigeria to Abidjan, Cote d'Ivoire (with TtT)
|
|
|
|
The False Italian
*** BANNED ***
Joined: 10 Jan 2004
Posts: 3779
|
Posted:
Wed Feb 13, 2008 5:33 am |
|
|
|
|
Gnasher
Baiting Guru
Joined: 29 May 2006
Posts: 2849
Location: Centre Stage in the Theatre of Cruelty
|
Posted:
Wed Feb 13, 2008 5:58 am |
|
Why do people feel the urge to put all their personal info out there in cyberland in the first place? [/old dinosaur] |
_________________ x21
"you have to pay because he need to submit this form to the Federal Ministry Of Fancies" Barrister John/Mike/Richard Okeke
"they are in deed the swinders rotating about in the net and searching for whom they will stylishly defraud your belongings" A. Moron
"Please pray harder for God to guide and protect us during our travelling because flight airplane i observe is a very big risky" Abdul Karibu
"WE DOESN'T LIKE HOW DISOBIDIENT YOU ARE!" Coco Law Chambers
"BE INFORMED THAT YOU WILL INCUR DUMMERAGE AFTER 9 DAYS FROM TODAY" Burkina Faso Air Secure Air Service.\ |
|
|
|
Pastor Frank
Baiting Guru
Joined: 31 Jan 2007
Posts: 12237
|
Posted:
Wed Feb 13, 2008 6:21 pm |
|
I know that I am mainly preaching to the choir, but for the new folks that stumble in, here are 2 great weapons against many JS exploits.
http://www.mozilla.com/en-US/
http://noscript.net/ |
_________________ "Father Juan are sure that you are man of God,because your behaviors showed you as unbeliever" -Mary R |
|
|
|
|