Topic: Hacking you right from the start - Badoo.com and Facebook Pages that link to <a href="https://ozoneasylum.com/backlink?for=29345" title="Pages that link to Topic: Hacking you right from the start - Badoo.com and Facebook" rel="nofollow" >Topic: Hacking you right from the start - Badoo.com and Facebook\

 
Author Thread
argo navis
Nervous Wreck (II) Inmate

From:
Insane since: Jul 2007

IP logged posted posted 07-09-2007 16:11 Edit Quote

Hello all,

I am getting "auto invites" from people who were either :
a) dense when registering to the above mentionned "social networking site" and gave away their msn live passwords
b) infected by some virus that spreads the link and concept

I was in shock the day some young girl sent me an invite to facebook : site ASKS me for the password to one of my mail accounts.
Now I get more and more spam from badoo.com, quite refined, it impersonates the other person perfectly with a spam-like invite,
contains a hash to identify me when I click the "reply to invite link" - and then know my mailbox is real...

I did not go any further as far as badoo is concerned. Please remember the basic security rules on the web,
would you give your id to some random person "for a photocopy"? Well, that's what badoo and facebook customers are asked to do.

And apparently, many of my acquaintances do that with joy : it's called a live ID (for Windows live), previously .Net passport,
trust me, there is a reason.

(and then, there are other solid reasons to avoid so called social networking sites, see : http://www.codinghorror.com/blog/archives/000898.html

But the above two? They make business by trying to own you, plain and simple)

(Edited by argo navis on 07-09-2007 16:12)

White Hawk
Maniac (V) Inmate

From: zero divided.
Insane since: May 2004

IP logged posted posted 07-09-2007 19:36 Edit Quote

I was recently convinced to add an entry into Facebook by my girlfriend - but I refused to enter my email password(s) as a matter of personal security (when asked as a method of inviting others or determining whether your contacts are already members). I agree with you - there's something a little fishy about it all.

In fact, I have rarely had a profile on any social networking site for more than a week before changing my mind and deleting it. My Facebook entry has only survived this long because I'm listed as my girlfriend's boyfriend... (soppy, eh?)

argo navis
Nervous Wreck (II) Inmate

From:
Insane since: Jul 2007

IP logged posted posted 07-09-2007 19:59 Edit Quote

talking about "social engineering" ,)

Regarding badoo, I just had confirmation that they use several viruses like techniques to capture Windows Live adress books. They spam on Windows Live IM and webmail,
automatically, and when a new user supplies his password, contacts absorbed => "virus" spreads.

Even WORSE, they will completely use victim ids, kicking off the user during a chat session to spam away and spider further,
and that's when it gets to really be a virus, even without software installation it does hinder your usage... of the web!!

I reported to the fbi, contact form says they will process my request for a few hours. Let's wait and see (this badoo thing has been up for weeks).
Facebook is less publicly insulting, less actively seeking, but it's just as dangerous.

poi
Paranoid (IV) Inmate

From: Norway
Insane since: Jun 2002

IP logged posted posted 07-09-2007 20:02 Edit Quote

rule #1 of the internet circus : never click a link in a mail.

If the invitation is real, you'll see a notification next time you log in on Facebook or whatever social network you're in.

argo navis
Nervous Wreck (II) Inmate

From:
Insane since: Jul 2007

IP logged posted posted 07-09-2007 20:53 Edit Quote

Problem is worse than that poi, Facebook or Baboon, I mean, Badoo, ASK EXPLICITELY for user hotmail names and passwords, aka live id.

Petskull
Maniac (V) Mad Scientist

From: 127 Halcyon Road, Marenia, Atlantis
Insane since: Aug 2000

IP logged posted posted 07-10-2007 10:17 Edit Quote

Wow... people still:
a) click links in email
b) enter their passwords on other sites
c) open spam email
d) not patch their OS's
e) entertain "friends" emails that ask them to "Wow ju gotza dl this .exe video of Britney"
f) not fowarding their 'phishy emails' to abuse@
g) Not run antivirus or
h) manually scan downloaded files
???


They're lost- they deserve what they get..
This has to be on CNN's "Big Shocking Bulletin" about every 2 weeks now..

WebShaman
Lunatic (VI) Mad Scientist

From: Happy Hunting Grounds...
Insane since: Mar 2001

IP logged posted posted 07-10-2007 16:19 Edit Quote

^ What PS said.

WebShaman | The keenest sorrow (and greatest truth) is to recognize ourselves as the sole cause of all our adversities.
- Sophocles

mas
Maniac (V) Mad Librarian

From: the space between us
Insane since: Sep 2002

IP logged posted posted 07-10-2007 18:40 Edit Quote

petskull: we gotta create a new FAQ called the donts of everyday pc life
brilliant list

The Space Between Us | My Blog: lukas.grumet.at

argo navis
Nervous Wreck (II) Inmate

From:
Insane since: Jul 2007

IP logged posted posted 07-11-2007 11:59 Edit Quote

Yeah. Problem is, many more users than expected have configurations of the past, and little knowledge
and will to improve their knowledge, for reasons.

For example, some countries still use 56Kb connections, from my recent experience in Latin America,
and some people have never actually ran a spyware check, let alone a virus check. The hotel lady when I was there
had her pc "surprisingly infected" by a few hundreds viruses. She is 50 years old, and uses MSN and Excel only, she has no idea
what a virus is, how it works, and will simply never wonder.

PC in question is available to hotel guests. The user account is "Administrator" without password. So, get the IP, remote desktop,
and you're the king of her castle. Same if you are a virus.

And the girl who invited me to facebook is a student from a top university... in social sciences. She has no clue. She won't get any.
She knows how social missions function (or disfunction).

Guess this list should be part of *any* class, not only the news. And who else could improve prevention of such problems?



The paradox lies in dev best practices I think. Today, development means architecture : definition of clear specs and building huge programs
out of this. Recycling is a best practice, programming is not defensive anymore, it is contract based.

But how trustable is the guy who built that so usable library? Humans are humans, not perfect in essence.
And among development best practices "expect the user not to do what you planned him to do".

So the industry publishes stuff, like javascript, and expect unexpected outcomes. Among those, security flaws (after all, Ajax was born out of
undocumented features). And so on and...

SleepingWolf
Paranoid (IV) Inmate

From:
Insane since: Jul 2006

IP logged posted posted 07-11-2007 23:15 Edit Quote
quote:

Petskull said:

Wow... people still:a) click links in emailb) enter their passwords on other sitesc) open spam emaild) not patch their OS'se) entertain "friends" emails that ask them to "Wow ju gotza dl this .exe video of Britney"f) not fowarding their 'phishy emails' to abuse@g) Not run antivirus orh) manually scan downloaded files???They're lost- they deserve what they get..This has to be on CNN's "Big Shocking Bulletin" about every 2 weeks now..



i) use the same account for both their personal mail and for registering to crap

Nature & Travel Photography
Visit the Sleeping Wolves

poi
Paranoid (IV) Inmate

From: Norway
Insane since: Jun 2002

IP logged posted posted 07-11-2007 23:50 Edit Quote

SleepingWolf: I quite like having serveral domains for that. One email address is the contact of the others, so I can bounce anything@myOtherDomains on it. Very convenient to subscribe to random crap. Easy to filter those mails and mark the undesired bounce as spam/junk.

SleepingWolf
Paranoid (IV) Inmate

From:
Insane since: Jul 2006

IP logged posted posted 07-12-2007 04:04 Edit Quote

Yeah - I redirect my domain account (info@sw) to a webmail account.

Nature & Travel Photography
Visit the Sleeping Wolves

Royce
Neurotic (0) Inmate
Newly admitted

From:
Insane since: Sep 2007

IP logged posted posted 09-24-2007 10:43 Edit Quote

Look I'm sorry if you thought my invites from Badoo.com were spam, but I actually chose to invite you! You caould have check out my latest photos...



Post Reply
 
Your User Name:
Your Password:
Login Options:
 
Your Text:
Loading...
Options:


« BackwardsOnwards »

Show Forum Drop Down Menu