Tag: Facebook

Microsoft's Redmond Campus

Late To The Party, Microsoft Offers Mega Bounties For Software Bugs

Microsoft on Wednesday announced its first ever formal program to pay security researchers for finding software vulnerabilities in its newest products. The bug bounty program will launch on June 26 and be formally unveiled at the upcoming Black Hat Briefings hacker conference in Las Vegas at the end of July.  And, though late to the party, Microsoft is making up for lost time by going large. The Redmond, Washington software maker will pay researchers up to $100,000 for “truly novel” exploitation techniques that defeat protections built into the very latest version of Windows, 8.1 Preview. It will additionally pay $50,000 for ideas for defensive strategies that accompany a bypass, raising the total potential purse for an exploit and accompanying remediation to $150,000. Additionally, Microsoft announced a short-term bounty program for its Internet Explorer 11 Preview, with the company paying up to $11,000 USD for critical vulnerabilities that affect Internet Explorer […]

Podcast: Project Prism – Has Uncle Sam Gone Rogue?

Podcast: Play in new window | Download () | EmbedSubscribe: Apple Podcasts | Android | Email | Google Podcasts | Stitcher | TuneIn | RSS | https://www.securityledger.com/subscribeIt was hard to escape the big news this week: revelations from The Guardian and The Washington Post about a program of widespread surveillance of online social networks and mobile phone use. The news, both the result of high-level leaks of classified information, has embroiled the Obama Administration in the most serious questions about domestic spying since the Nixon administration. To discuss the week’s events, Paul sat down with Ron Gula, the CEO of Tenable Network Security (and a former NSA security ninja) and Rick Forno, director of the University of Maryland Baltimore County’s Graduate Cybersecurity Program and a Junior Affiliate Scholar at the Stanford Law School’s Center for Internet and Society (CIS).  While neither guest was surprised to read about the government’s monitoring of […]

Browser Plug-in Steals Facebook Logins, Pumps Spam For GM Cars

Microsoft is warning users of Google’s Chrome and The Mozilla Foundation’s Firefox web browsers that a malicious browser extension for those platforms attempts to steal Facebook account login information after it is installed. The attacks have mostly occurred in Brazil, Microsoft, and have been linked to spam campaigns promoting GM cars, like the Chevy Celta, an ultracompact car produced by General Motors do Brasil, according to a post on Microsoft’s Technet web site. Microsoft identified the malware bundled with the browser extensions as Febipos.A, a malicious Trojan. After being installed, the Trojan waits for the user to log in to Facebook before it springs to life. Febipos downloads commands from a remote website that instruct it to carry out a wide range of actions through the active Facebook account, including wall posts, sharing and “liking” pages, commenting on other users’ posts and inviting Facebook friends to a group chat. You […]

Graph Search

Facebook Graph Search API Used To Brute Force Phone Numbers From Profiles

Facebook’s Graph Search feature hasn’t been released yet. But white hat hackers are already harnessing the powerful social search engine to gather sensitive information on Facebook users. A new module for Recon-ng an open source “web reconnaissance framework” allows anyone with a Facebook Developer account to use Graph Search and Recon-ng’s features to harvest phone numbers associated with Facebook user accounts. The tool, dubbed “Facebook Harvester” allows brute force searching by partial phone numbers, using brute-force techniques, according to a blog post by Rob Simon, a Canton, Ohio- based security professional. Simon, who counts penetration testing and reverse engineering  among his skill set, wrote about his experiments using Graph Search on his blog, kc57.com. in April. In a phone interview with The Security Ledger, Simon said his work doing penetration testing drew him to the Graph Search API, which allows programmatic interaction with the Graph Search engine. He said the […]

Anti-Social: Popular WordPress Sharing Plugin Linked To Payday Loan Spam

A popular plug-in for sharing blog content on social networks was discovered to have hidden code that was injecting WordPress blogs with links to phony Pay Day Loan offers and other spam, according to the firm Sucuri. The plug-in, named Social-Media-Widget (SMW) was compromised with malicious code 12 days ago, in concert with an update of the widget. The new version of the plug-in contained a hidden call to a remote PHP script that inserted “Pay Day Loan” spam text and links into WordPress web sites running the plugin. The goal was to infect as many web sites as possible with text that would increase the web reputation and visibility of a web site run by the spammers, according to the post on Tuesday, by Daniel Cid, Sucuri’s CTO. SMW is among the most popular add-ons for Wordpess sites. It allows bloggers who use WordPress to configure sharing buttons that will […]