SmartFeedSmartFeed          

Porsche Hangout


WELCOME - YOU ARE CURRENTLY VIEWING 419EATER AS A GUEST

By joining our community you will have the ability to post topics and access other forums reserved for members. Registration is quick, simple and absolutely free. Join our community today by clicking here.

ScamWarners.com - Internet Anti-Fraud Center - now open!


 Stupid Facebook Myth, Or Izzit?

View next topic
View previous topic
 
Post new topicReply to topic
Author Message
Obi-Wan Knievel
*** BANNED ***


Joined: 10 Dec 2006
Posts: 1486
Location: Bald Knob, NF


PostPosted: Mon Feb 11, 2008 7:24 am Reply with quoteBack to top

Alright, time for an SFQ about Facebook and similar sites where you create a little profile. Yes, I'm a moron in such things. Here we go...

I have a nice little profile on Facebook, and I even go there from time to time. A co-worker of mine, who possibly knows less about computers than I do, absolutely won't set up a facebook thing because she knows someone who knows someone who had their entire computer hacked through a profile and all sorts of nasty things happened. She was denied access to her machine, evil mail was sent from her account, things levitated in her house, etc. etc. and her cyber-attacker insisted on a huge ransom to be paid before he'd release control of her computer. The police got involved but of course the guy got away with it.

I've heard the story before. It always happens to an innocent young woman or girl, and it's ALWAYS a friend of a friend. There's never any indication of giving out a password, but even if she did it seems a bit far-fetched. All the logical indicators scream urban legend, but I just have to know...

- Is that even possible?
- Has that ever happened to anyone here? (no FOAF's)
View user's profileSend private messageSend e-mailYahoo MessengerSkype Name
Reaper
Hello I'm New here!


Joined: 06 May 2007
Posts: 0
Location: Travelling in a fried-out combie. On a hippie trail, head full of zombie...


PostPosted: Mon Feb 11, 2008 8:11 am Reply with quoteBack to top

1. Not sure. 2. Nope. Maybe because my Facebook has a llama picture on it?

_________________
110+United KingdomNigeriaSpainNetherlandsGhanaChinaIvory CoastUnited StatesSwitzerlandAustraliaFranceDenmarkSierra LeoneEuropean UnionSenegalUnited NationsRussiaBurkina FasoBeninCzech RepublicQuestion
Cellphone x15 Mortar x18 Closed lad accounts 50+

SafariSafariSafari Shola - 4.3k miles Lagos - Abidjan | Lagos - N'Djamena, Chad | Lagos - Sokoto "i have not eaten anything except water"
SafariSafari Mr Floyd - Lagos - N'Djamena, Chad | Lagos -N'Djamena --> Abeche, with RS (7 days in hell Rolling Eyes ) "we are dieing here"

Art Trophies: <a href="http://forum.419eater.com/forum/viewtopic.php?t=129502">Eva Bust</a> - <a href="http://forum.419eater.com/forum/viewtopic.php?t=135167">Reaper's Art Gallery</a>

- I am the King of Rome, and above grammar
Easter Egg
View user's profileSend private messageSkype Name
Ivor Grimey Colon
"Trophy slut"


Joined: 16 Jun 2005
Posts: 1338
Location: England


PostPosted: Mon Feb 11, 2008 8:21 am Reply with quoteBack to top

Obi-Wan Knievel wrote:
- Is that even possible?
It depends what you mean by "having their entire computer hacked through their profile". If you mean that information posted on their profile/submitted to the owners of a third party 'application' was used to gain access to their computer, I suppose that's not beyond the realms of possibility. If you mean some uber hacker using her profile page as a way into her computer, then absolutely not. Facebook pages are stored on the Facebook server, there's no way for anyone to gain access to yours or any other computer by looking at your facebook page.

_________________
Cellphone Mortar x25 Closed lad accounts x24 Pith Helmet Togo-Ghana "If i tell you that i am happy the way you are playing me i am a lier" - Uche Onwuka
"YOU ARE AN IDIOT AND SON OF A BITCH" - Barrister Melodie Bekee

"If your bait does not cause an ethics thread, you are not baiting hard enough." - YeaWhatever

Pimp My Number | A Donation a Day keeps Nurse Nasty at bay
View user's profileSend private messageYahoo Messenger
Rodus
Baiting Guru


Joined: 13 Dec 2006
Posts: 3685
Location: Back under the cold shower


PostPosted: Mon Feb 11, 2008 12:10 pm Reply with quoteBack to top

^^Ditto Ivor, you can't be hacked through facebook. If however she was using her dogs name as a password and put that on her facebook page then yes, thats possible.

_________________
I will kiss you romance u,suck and penetrate u - Williams Muyeke
now am as poor as a church rat - Lou1s Mar1on
I AM FINANCIALLY DEAD RIGHT AWAY - Louis in Accra
u can keep sending money to Gomer and leave me alone - Agent Smith cracks up

Pith Helmet Lou1s Mar1on - Lagos to Accra (satellite IP) - "so, what i need to do to get out of these place?"
Sand Timer - 18 mths: Louis

starstar

The*Catb1ngo Hotel*
*My Church*

pony pony pony Nurse Nastys Audi TT Nurse Nastys Audi TT Mortar x23 Closed lad accounts
View user's profileSend private messageSend e-mailYahoo Messenger
Scam Patroller
Baiting Guru


Joined: 08 Jul 2004
Posts: 11852
Location: UK


PostPosted: Mon Feb 11, 2008 12:31 pm Reply with quoteBack to top

I do remember something, which I don't think was just facebook related, although it was targeted, basically, your computer picks up a virus/malaware, it's called "ransomware", where your machine is taken over after the virus/malaware is run, and the person who owns that particular ransomware then demands a payment from you in order to give control of your computer back to you:

http://en.wikipedia.org/wiki/Ransomware_(malware)

Quote:
A cryptovirus, cryptotrojan or cryptoworm is a type of malware that encrypts the data belonging to an individual on a computer, demanding a ransom for its restoration. The term ransomware is commonly used to describe such software, although the field known as cryptovirology predates the term "ransomware".


Facebook Ransomware

_________________
Pith Helmet 10 Safari Safari Safari Safari Safari Safari Safari Safari Suitcase
40x Nigeria 4x South Africa 2x Ghana 2x Benin 10x Ivory Coast 34x United Kingdom 17x United States 9x Spain 1x Belgium 1x 6x European Union 4x Canada 1x New Zealand 6x Netherlands 1x pyramid 23x Cellphone Jolly Roger
Vcamera YMCA Vcamera Summer Holdiay + Bus Hijack

www.scamwarners.com - www.scam-info-links.info - www.aa419.org - The Numpties Gallery
View user's profileSend private message
Rodus
Baiting Guru


Joined: 13 Dec 2006
Posts: 3685
Location: Back under the cold shower


PostPosted: Mon Feb 11, 2008 12:35 pm Reply with quoteBack to top

^^Pretty nasty, in this circumstance the safest route out is to A: Remove hard drive. B: Hit said hard drive with sledge hammer until in small pieces. C: Buy new hard drive and keep virus checkers up to date. N way would I use the same drive after this, too much potential for the trojan authors to have left back doors open/other viruses dormant.

_________________
I will kiss you romance u,suck and penetrate u - Williams Muyeke
now am as poor as a church rat - Lou1s Mar1on
I AM FINANCIALLY DEAD RIGHT AWAY - Louis in Accra
u can keep sending money to Gomer and leave me alone - Agent Smith cracks up

Pith Helmet Lou1s Mar1on - Lagos to Accra (satellite IP) - "so, what i need to do to get out of these place?"
Sand Timer - 18 mths: Louis

starstar

The*Catb1ngo Hotel*
*My Church*

pony pony pony Nurse Nastys Audi TT Nurse Nastys Audi TT Mortar x23 Closed lad accounts
View user's profileSend private messageSend e-mailYahoo Messenger
Eliza_Doolittle
"Warned for lad hugging"


Joined: 16 Mar 2006
Posts: 1979
Location: Contemplating a plan to steal Shiver's cat


PostPosted: Mon Feb 11, 2008 1:40 pm Reply with quoteBack to top

When you are setting up accounts online you should use passwords that people cannot guess. So if you are stupid enough to use something that would be easy to guess (your kid's name or wife's name - husband's name, etc) - then you may have someone who is close to you be able to get into the system and lock you out.

Sadly, we have people like this out there.

_________________
Pith Helmet Uch3nna - 222km Lagos, Nigeria to Cotonou, Benin
Pith Helmet M4rtins Uzo - Lagos to Abuja "l have spent money,time,took risk to travel all the way from lagos to abuja to meet you.(8 good hours on board)."
Pith Helmet Ed - Port Harcourt to Kaduna
vLad's ebay auction states "Wonderful seller! Thinks "out of the box" to get item to you."
<br>
starstar Ghana Easter Egg 2013

Vcamera <a href="http://www.youtube.com/user/MrsRobinson419"> Click to see the videos Ed sent me.</a><br>
<A href="http://members.419eater.com/~eliza_doolittle/index.html"> Eliza's lad quotes, photos, and audio files</a>
Mortar x12
*this sig icon has been censored* <br><a href="http://members.419eater.com/~eliza_doolittle/809104_ML.pdf" > click here</a> for a Bank Account Transfer Form.
Golden Pith
View user's profileSend private message
Obi-Wan Knievel
*** BANNED ***


Joined: 10 Dec 2006
Posts: 1486
Location: Bald Knob, NF


PostPosted: Mon Feb 11, 2008 2:25 pm Reply with quoteBack to top

Well I'll be danged... it's possible at least with this ransomware thing. Lucky for me I don't keep anything important without a backup on my drive, because I'd just nuke the whole thing and reinstall all my data.

Geez, let's hope our lads don't catch on with this "modality". I still think those stories are BS though!
View user's profileSend private messageSend e-mailYahoo MessengerSkype Name
PRS Girly Girl
Will Post for Food


Joined: 06 Mar 2007
Posts: 1174
Location: Any place where cute shoes are on sale.


PostPosted: Mon Feb 11, 2008 6:39 pm Reply with quoteBack to top

A bit off-topic, but still a Facebook problem related issue is this very recent article about deleting Facebook accounts.

_________________
"A pessimist is a man who thinks all women are bad. An optimist is a man who hopes they are." Chauncey Mitchell Depew

"Women and cats will do as they please, and men and dogs should relax and get used to the idea." Robert A. Heinlein

Mortar x3
Pith Helmet Banjul, The Gambia to Dakar, Senegal and back. 0usman C4mar4
View user's profileSend private messageSkype Name
bearkat419
Baiting Guru


Joined: 25 Jun 2007
Posts: 3530
Location: Houston, Texas


PostPosted: Mon Feb 11, 2008 6:54 pm Reply with quoteBack to top

It is possible that your email account could be hacked based on information that you post on facebook (or any profile site). Most email accounts with security questions for forgotten passwords use common information like "what high school did you go to" or "what is your pet's name." If you post your email address, and information about yourself, on the profile... someone intent on doing harm could find everything they need to get access.

If your FOAF had her machine compromised, it is much more likely that she opened an attachment in an email without proper tinfoil on her computer. It is possible that the offending email spoofed the facebook domain to look like it came from there...

_________________
United Kingdom United States Hong Kong Taiwan Whip Sand Timer Mortar Closed lad accounts Easter Egg 2013
View user's profileSend private message
Stoker Thompson
419Eater is my life


Joined: 11 Apr 2007
Posts: 271
Location: Out There.


PostPosted: Mon Feb 11, 2008 10:34 pm Reply with quoteBack to top

Most of my clients who get their computers hacked do so because of web based exploits rather then lame password security.

But yes, the facebook profile makes perfect sense for getting that type of personal information.

However the hacker would still need to find the computer to compromise it. Hmmm it's been a while since I played around like that but programs like ICQ used to show the IP of the person you were chatting with. I doubt modern clients Like Skype expose that information.

The most likely vector would be getting the victim to go to an infected page and click on a link that would trigger the exploit. In this case facebook, and other social sites, would just be used to herd victims to whatever exploit the gang was running.

There was a famous Pen test done where a corporation with a very expensive firewall/AV/IPS system was compromised on the first day of the test. The Security company (That was hired to do the test) hired a bunch of interns to stand around outside the company with questionnaires. If you answered the questions you were given a free CD of Music. Of course the employees then went to their work computer and played the music CD which promptly uploaded the exploit.

In my experience, even after all of the lectures and lessons, the amount of people who will willingly infect their own system for a free song or a chance to look at naked celebrity pictures is truly staggering.
View user's profileSend private message
thud419
Baiting Guru


Joined: 04 Jan 2006
Posts: 3193


PostPosted: Tue Feb 12, 2008 10:07 am Reply with quoteBack to top

Someone stood around in a London train station a while ago and offered people a Mars bar for the password of their work PC. Lots of people got the Mars bar, but of course I would have done too, and my PC would still be secure Wink

This strikes me as a story that has been misunderstood several times during its transmission from person to person. It is certainly possible, and it happens, to hijack a facebook account. All you need is the password once. Hijacking happens for the usual bullying reasons and with the expected bullying outcome. It can be a long time before you get the account back - or it would seem a long time. Of course once a hacker got the facebook account, there's a good chance they could get the email account too, and maybe even the online banking, paypal, ebay etc, depending on how many different passwords the victim uses. (How many of your passwords are in your email inbox for safe keeping?)

Most people these days use their computer offline for one thing; word-processing. Everything else is done on-line with a web browser. Once all their online accounts are hijacked they may very well think that their computer had been hacked - or at least express it that way. Many people do not have a clear idea of what a computer is or where its boundaries are. It is a magical technology.

_________________
Click here to feel warm and cozy.

I did not f**k your wife in any way -- Nike Akanbi
I don't know what else to do or do I continue filling and filling forms. -- Barr. Koloti
you has been dribbling me up and down but I will show some thing you have never seen before, I think you breath air wait and see. -- Sand Timer Barr. Cole
Cellphone x14
United States x 0.25 won from Reaper in a sucker's bet

Hello Kitty! pony Mortar x8 Closed lad accounts x several
View user's profileSend private messageSend e-mailVisit poster's website
Obi-Wan Knievel
*** BANNED ***


Joined: 10 Dec 2006
Posts: 1486
Location: Bald Knob, NF


PostPosted: Wed Feb 13, 2008 3:59 am Reply with quoteBack to top

Stoker Thompson wrote:
the amount of people who will willingly infect their own system for a free song or a chance to look at naked celebrity pictures is truly staggering.

Yeah, those dumbasses! Ummmm, you wouldn't know which naked celebrities would you? Because you know I have this friend who's into that sort of thing...

But seriously folks. So the bottom line it that a computer can get "pwned" if the user is careless, but it's no more likely on Facebook than it is anywhere else on the web by the look of things. Thanks for the info guys.
View user's profileSend private messageSend e-mailYahoo MessengerSkype Name
rootuser
Elite Baiter


Joined: 10 Dec 2007
Posts: 1632
Location: Right behind you


PostPosted: Wed Feb 13, 2008 4:09 am Reply with quoteBack to top

A nice variation of the pen-test is this:
Here in Hong Kong you can often enough see people giving out some promotional CDs, that way it would also be possible to spread malware.
Otherwise you just leave a CD in an area that is frequently visited, like a public toilet.

When using the first option the CD of course should look quite good, for the second option it's enough to have a simple CD-R labeled by hand with something like "Games" or "Pr0n".

Somebody is bound to try out what's on the disc.

_________________
"..., if it not the destiny has reduced us together, then who?"
"may u die tomorrow in jesus name"
"The devil has eaten away your soul as you will decay in the hail fire, so go and die with your dyning devil hopless devil advocate."
"This is what i sent to them am not with any money to go back to nigeria pls help."

United Kingdom (0.25 go to fake_buster)

Safari x4 Wole A.: Akure, Nigeria to Cotonou, Benin, Akure, Nigeria to Tanguieta, Benin (both with Thomas-the-Tank and Simba), Akure, Nigeria to Kano, Nigeria (with TtT and OD), Akure, Nigeria to Abidjan, Cote d'Ivoire (with TtT)

Mortar

pony pony
View user's profileSend private messageVisit poster's websiteMSN MessengerSkype Name
The False Italian
*** BANNED ***


Joined: 10 Jan 2004
Posts: 3779


PostPosted: Wed Feb 13, 2008 5:33 am Reply with quoteBack to top

http://www.heise-online.co.uk/security/news/101292
http://www.heise-online.co.uk/security/news/100989
http://www.heise-online.co.uk/security/news/81927

-> Be careful with what you post, what you watch, what you open and in general.
View user's profileSend private message
Gnasher
Baiting Guru


Joined: 29 May 2006
Posts: 2849
Location: Centre Stage in the Theatre of Cruelty


PostPosted: Wed Feb 13, 2008 5:58 am Reply with quoteBack to top

Why do people feel the urge to put all their personal info out there in cyberland in the first place? [/old dinosaur]

_________________
Mortar x21
"you have to pay because he need to submit this form to the Federal Ministry Of Fancies" Barrister John/Mike/Richard Okeke
"they are in deed the swinders rotating about in the net and searching for whom they will stylishly defraud your belongings" A. Moron
"Please pray harder for God to guide and protect us during our travelling because flight airplane i observe is a very big risky" Abdul Karibu
"WE DOESN'T LIKE HOW DISOBIDIENT YOU ARE!" Coco Law Chambers
"BE INFORMED THAT YOU WILL INCUR DUMMERAGE AFTER 9 DAYS FROM TODAY" Burkina Faso Air Secure Air Service.\
View user's profileSend private message
Pastor Frank
Moderator


Joined: 31 Jan 2007
Posts: 11559
Location: EN34ix


PostPosted: Wed Feb 13, 2008 6:21 pm Reply with quoteBack to top

I know that I am mainly preaching to the choir, but for the new folks that stumble in, here are 2 great weapons against many JS exploits.

http://www.mozilla.com/en-US/

http://noscript.net/

_________________
"Father Juan are sure that you are man of God,because your behaviors showed you as unbeliever" -Mary R
View user's profileSend private messageSend e-mail
Display posts from previous:      
Post new topicReply to topic


 Jump to:   



View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



** Find out information about your IP address **


All Content © 2003 - 419Eater.com
Powered by phpBB © 2001, 2002 phpBB Group :S5: FI Theme :: All times are GMT