News

An Android Firefox exploit found which can be triggered and execute apk files. It forces Firefox versions 23/24/26 to download and execute a malicious application. This exploit was posted by a Russian hacker and exploit writer and the auction starts at $460. This can happen by just visiting a malicious site so even browsing is not safe. The only thing for the attacker is to use some social engineering and convince people to visit a malicious website. He might not even have to do it since he can instead infect a known website and all its visitors be victims. Update your software to the latest version and be careful on the websites you are visiting.

Arul Kumar, an Indian security researcher found a vulnerability to Facebook which he could delete any image within a minute. The vulnerability was in Facebook’s support dashboard and they rewarded him with $12.500 for helping the security team to patch it. Basically the security hole was in the photo removal request where the attacker could change the profile id and the image id and so be able to delete any image on Facebook. Imagine if someone that hates you finds this and exploits it or pay someone else and delete all your images. There are people that have uploaded hundreds of photos and they can’t even imagine such a thing happening to them.

During the creation of a Facebook account you must provide an email address which becomes your primary email address. A security researcher found a vulnerability in Facebook, yes another one, that reveals the primary address of any account. The flaw can be found in the invitation mechanism and hackers and spammers can exploit this vulnerability to get the primary email address of every account. The process can be easily automated so this is not an issue to someone with basic programming knowledge. I will not post the steps of how someone can get this information as it is already patched by Facebook and they awarded $3500 to the person that found the vulnerability. If you receive an email to your email address that you only used on Facebook then you know why.

According to Edward Snowden NSA and Isreal worked together to create Stuxnet, a computer worm that was used to attack Iran’s nuclear facilities. It was spread via Microsoft Windows and its target was industrial control systems by Siemens. After that, a more sophisticated virus called Flame was linked with Stuxnet. Kaspersky researchers concluded that the creators of the Flame were the same that also created Stuxnet due to the similarities in the code. So, if what the whistleblower says is true then NSA created both malicious software. I guess they created more than the ones we just learned about. But don’t worry, they create malicious software, worms and viruses to protect you, at least this is what they will say if you ask them. They don’t want to but they have to in order to protect the people.

Researches at Bluebox Security have discovered a vulnerability in Android core from version 1.6 (Donut). This means that almost all Android devices are vulnerable. The numbers are huge, it is about a billion devices. Apparently Samsung knew about this and its flagship, Galaxy S4, is patched and safe from this vulnerability. Bluebox will reveal details of this security hole during the Black Hat USA conference. To understand how serious this vulnerability is, a hacker can modify any application without breaking its cryptographic signature

Security researcher fin1te was able to find a way to gain access to any Facebook account by sending only one SMS. This is how secure you are, one SMS away from someone to hack into your account. Facebook, like many other websites, have added a new layer of protection. They added the phone number and you can use it to verify an access to your account or recover a lost password. In every new feature there are few vulnerabilities. For this process you fill a form and you submit it to their servers for processing. The two main parameters of that form are for the verification code and the user id. If you edit this form, replace your id with the victim’s id and put the verification code Facebook sent you, your number will be linked with that account. From now you can figure it out, you can visit the forgot password page and access the victim’s account.