Internet Program to hack facebook and twitter accounts

[IronRain]

Yesterday, some one launched a program on the Internet and with that program you can login on accounts on Facebook or twitter.

When are you vulnerable for this program? When you don't use a secure Internet connection. This means that almost everyone with a normal WiFi connection can be hacked.

What are they be able to do?
Send messages
get your personal ID
and everything else that facebook and twitter offers you.

I post this just to inform you. So watch out with your accounts :thumbup:

Derk

 

[Xyon]

A little more information, if this is the same thing, is available here: http://www.pocket-lint.com/news/36428/firesheep-firefox-extension-exploits-vulnerability

 

[IronRain]

Thanks. A little update: Only non-secured wireless networks are vulnerable. If you have your network secured, there won't be a problem (first they said that all wireless networks were vulnerable)

 

[Pyromaniac605]

Good thing I don't have anything useful on Facebook and never use it anyway.

Darren

 

[Moach]

good thing i don't even HAVE facebook :lol:

and most routers, even the most basic, have at least WEP security built-in quite conveniently...


but there are some "linksys" owners out there who should probably be concerned....

 

[Wishbone]

Any WiFi is an open invitation to hackers.

 

[Xyon]

Any WiFi is an open invitation to hackers.

Correction: Any visible WiFi is an open invitation. You have to know it's there before you can even think about hacking into it.

Visibly broadcast SSID + no security = free internet for the neighbours.

 

[Fabri91]

good thing i don't even HAVE facebook :lol:

and most routers, even the most basic, have at least WEP security built-in quite conveniently...


but there are some "linksys" owners out there who should probably be concerned....

Problem is, the router's security only works if the user sets it up to do so...absolutely noone I know who has bought a router instead of having one delivered from the ISP bothered with setting it up properly.
Most delivered routers have WPA2 activated with the password written on a label under them.

 

[DanM]

Now I'm really really really glad I deleted my Facebook. I have a twitter, but have absolutely nothing on it, I don't think I've logged in since it was created.

 

[garyw]

Problem is, the router's security only works if the user sets it up to do so...absolutely noone I know who has bought a router instead of having one delivered from the ISP bothered with setting it up properly.

Meet one - I binned my BT provided router and used my own but then I have one for DSL only and a seperate one for wireless. For various reasons the SSID is visible but the security is based on a rotating WEP key. Any traffic that goes to the router is checked and evaluated. Anything suspect generates an email.

 

[RisingFury]

Now I'm really really really glad I deleted my Facebook.

Errr... I doubt your Facebook is actually deleted. Try logging in.

 

[Enjo]

Correction: Any visible WiFi is an open invitation. You have to know it's there before you can even think about hacking into it.

Visibly broadcast SSID + no security = free internet for the neighbours.

Correction to correction: Invisible SSID + a human who can learn the SSID traditionally or by social engineering = ability to hijack the connections by using the same, but visible SSID.

Not related actually:
I use WEP + MAC whitelist for WiFi.

 

[Turbinator]

Only non-secured wireless networks are vulnerable. If you have your network secured, there won't be a problem

Not true, there are tools out there that can easily sniff out your wireless key.
You just leave them running, and over time they get the entire key. About 5 minutes.

The only true way to protect your wireless is to not use one.
Even the ones that do no broadcast the SSID can be easily sniffed out.

 

[Mindblast]

AFAIK these tools need a few Gigabyte of encoded data sniffed from the network you want to hack into. So i doubt 5 minutes will be enough..
For a private network hiding the SSID, using encryption, white listing MAC addresses and if possible also limiting the transmission power of the router (i have mine throttled down to 12.5% power) should be more than enough to be on the safe side i think.

 

[MeDiCS]

Some corrections (and corrections of corrections (...)):

-Lack of SSID broadcast != security
Disabling SSID broadcast may not even stop script kiddies. Simple sniffer programs are capable of discovering network names not being broadcast, and the only advantage of doing this is to help avoid roaming (if your wifi is open to the public, that is).

-Anything WEP related != security
WEP is a fragile, easily cracked open, flawed encryption protocol. Few minutes is more than enough to expose all your traffic.

-MAC whitelist != security
This may be one of the dumbest things ever. When a client is connected to a wifi network, its MAC is transmitted in clear text, and is extremely easy, on both Windows and *nix, to spoof the MAC address transmitted by the wireless card.

-Less power != security
Electromagnetic waves from the wifi AP travel long ways, and it's only a matter of the right antenna for the right distance. You can save a few cents on the electricity bill though.

-WPA2 PSK == security
This is only true if your key is long enough and is not contained in any dictionary, so the only attack avenue left to the attacker is brute force. PSK provides security and authentication at the same time, meaning that it secures your network from prying eyes, and only clients that know the password can connect.

 

[Enjo]

Thanks for corrections to corrections and so on.

I've just checked. Actually I use WPA2-Personal.

Whitelist ... well better whitelist than no list. I've never said that it's the ultimate solution. I alter MAC address myself, but for legitimate purposes.
That the MAC goes unencrypted in an encrypted network, I didn't know.

 

[Xyon]

-Lack of SSID broadcast != security
Disabling SSID broadcast may not even stop script kiddies. Simple sniffer programs are capable of discovering network names not being broadcast, and the only advantage of doing this is to help avoid roaming (if your wifi is open to the public, that is).

Quite right, too. The reason mine is hidden is not, however, as a first line of defence against a determined war-walker, but to stop my neighbours trying to nick my intnets. They're not a technical bunch, they're 98% of computer users these days - they don't have the first clue. If Windows doesn't see it, as far as they know, it doesn't exist, and it saves me a headache later on.

-Anything WEP related != security
WEP is a fragile, easily cracked open, flawed encryption protocol. Few minutes is more than enough to expose all your traffic.

Wholeheartedly agreed. I believe someone mentioned cracking wireless security within 5 minutes? That's WEP for you. WPA2 is more secure.

-MAC whitelist != security
This may be one of the dumbest things ever. When a client is connected to a wifi network, its MAC is transmitted in clear text, and is extremely easy, on both Windows and *nix, to spoof the MAC address transmitted by the wireless card.

No comment on that, never even bothered to try it.

-Less power != security
Electromagnetic waves from the wifi AP travel long ways, and it's only a matter of the right antenna for the right distance. You can save a few cents on the electricity bill though.

An interesting theory in the first place, that's the first I've heard of low-power being a security implementation.

-WPA2 PSK == security
This is only true if your key is long enough and is not contained in any dictionary, so the only attack avenue left to the attacker is brute force. PSK provides security and authentication at the same time, meaning that it secures your network from prying eyes, and only clients that know the password can connect.

True enough, for the stipulations given, but a fool is he who defends his network from attack with just the one method. Combinations of WPA2, hidden SSIDs, and the wireless being shunted through a selective server which controls access through it to the internet (and outside of the network on which anything important lies) is a perhaps the most security I can think of to implement. Few people bother to do such things, because it gets in your way, but there again that's what security is there for.

 

[TSPenguin]

An interesting theory in the first place, that's the first I've heard of low-power being a security implementation.

It is called whispering and has been in civil and military use for at least 5 thousand years.



Sorry, couldn't resist

 

[Keatah]

This oughta get the script kiddies all excited! Free facebook and amazon and bunch others like google and whatnot! Cool! The possibilities and potentials!


BTW: I'm a whitehat..

 

[Turbinator]

Whitelist ... well better whitelist than no list. I've never said that it's the ultimate solution. I alter MAC address myself, but for legitimate purposes.
That the MAC goes unencrypted in an encrypted network, I didn't know.

MAC address filtering for wireless networking isn’t real “security”. Anyone who pays any attention to current trends in wireless security at all should know that MAC filtering is less effective than WEP — and that WEP can be cracked almost instantly these days with commonly available tools.

This doesn’t mean MAC filtering is useless. Its resource consumption is almost unmeasurable, and even if it doesn’t keep out any reasonably knowledgeable security crackers willing to spend a few moments gaining access, it does keep out a lot of automated opportunistic attacks that are aiming solely for the absolute lowest-hanging fruit on the security tree. Since that lowest-hanging fruit consists of the majority of wireless access points, MAC filtering can be of value as a way of turning away the majority of opportunistic attackers.

Don’t rely on MAC filtering alone, however. Please, just don’t. It’s a bad idea. People seem to think “Oh, well, sure a determined attacker can get past it, but not anyone else.” It doesn’t take much determination at all to spoof a MAC address.