Tag: social networking

Facebook Graph Search API Used To Brute Force Phone Numbers From Profiles

Facebook’s Graph Search feature hasn’t been released yet. But white hat hackers are already harnessing the powerful social search engine to gather sensitive information on Facebook users. A new module for Recon-ng an open source “web reconnaissance framework” allows anyone with a Facebook Developer account to use Graph Search and Recon-ng’s features to harvest phone numbers associated with Facebook user accounts. The tool, dubbed “Facebook Harvester” allows brute force searching by partial phone numbers, using brute-force techniques, according to a blog post by Rob Simon, a Canton, Ohio- based security professional. Simon, who counts penetration testing and reverse engineering  among his skill set, wrote about his experiments using Graph Search on his blog, kc57.com. in April. In a phone interview with The Security Ledger, Simon said his work doing penetration testing drew him to the Graph Search API, which allows programmatic interaction with the Graph Search engine. He said the […]

Continue Reading

Fitbitten: Researchers Exploit Health Monitor To Earn Workout Rewards

Call it “the quantified self” – that intersection of powerful, IP-enabled personal health monitoring tools and (usually) Web based tools for aggregating, analyzing and reporting. The last five years has brought an explosion in these products. In addition to the long-popular gear like Garmin GPS watches – must have items for the exercise addicted – there’s a whole range of new tools for the merely “exercise curious” or folks interested in losing weight or just figure out what, exactly, they do all day. Count  Nike’s FuelBand, Jawbone’s UP, and Fitbit in that category. Alas, a growing number of reports suggest that, when it comes to medical devices and health monitoring tools, the security of sensitive personal data isn’t a top priority. The latest news comes by way of researchers at Florida International University in Miami, Florida. A team of three researchers, composed of students and faculty, analyzed the Fitbit health monitoring device […]

Continue Reading

Meet The Software That Helped Catch The Boston Bombers

With one suspect in the Boston Marathon bombings dead and another on the run IN CUSTODY!  the global, collective effort to identify those responsible for the crime has ended, and focus shifted to apprehending PROSECUTING Dzhokhor A. Tsarnaev, 19. He and his older brother, Tamerlan Tsarnaev, 26,  were the subject of a massive manhunt, culminating in a firefight in the suburb of Watertown, Massachusetts, that killed the older Tsarnaev brother and set of a massive, daylong manhunt that shut down the metropolitan Boston area.(*) So how did crowdsourcing fare in the effort to catch the two? You’d have to say: not too well. High-profile collaborative efforts to crowdsource public images of the Boston Marathon bombing site, like those organized by the group 4Chan, assembled intriguing collections of material and clocked impressive pageviews (3.4 million and counting). In the end, those efforts yielded some clues: the type of clothing worn by the suspects, […]

Continue Reading

Will Reddit Get Its Man? New Clues Come Fast As FBI Releases Boston Suspect Photos

The collective energies of a lot of pissed off people were given focus on Thursday, after the FBI released photos and a video of two men – identified as Suspect #1 and #2 – who were identified as the only suspects in the horrific bombing of The Boston Marathon on Monday. Within hours of releasing the photos, new clues to the identities of the suspects emerged on web sites like Reddit. Astute viewers flocked to the popular website Reddit.com to crowd source clues, with a special area or “subreddit,” dubbed “findbostonbombers” created to collect tips and analysis from the sea of fervent users. Their efforts paid off in short order, as contributors identified the brand of cap worn by both suspects (the white cap worn by Suspect #2 is believed to be by Ralph Lauren, while the black cap worn by Suspect #1 is believed to be a Bridgestone golf cap […]

Continue Reading

Update: DARPA Cyber Chief Peiter “Mudge” Zatko Heads To Google

Editor’s Note: Updated with comment from Google on Zatko’s role. – PFR Noted hacker and innovator Peiter “Mudge” Zatko, a project manager for cyber security research at DARPA for the past three years- will be setting up shop in the Googleplex, according to a post on his Twitter feed. Zatko, who earned fame as a founding member of the early 1990s Boston-area hacker confab The L0pht and later as a division scientist at government contractor BBN Technologies, announced his departure from DARPA following a three-year stint as a Program Manager in DARPA’s Information Innovation Office on Friday. “Given what we all pulled off within the USG, let’s see if it can be done even better from outside. Goodbye DARPA, hello Google!” he Tweeted. Google did not immediately respond to a request for comment on Zatko’s hiring and Zatko declined to expound on his title and responsibilities within the search giant. However, he has acknowledged that […]

Continue Reading
1 9 10 11 12 13