Facebook Security Changes

 Facebook Security Changes


Facebook is one of the famous and biggest social networking website across the Internet, it provides a lot of different features to protect your account from hacking attacks, millions of people are using Facebook for different purposes like to grow their business or to make friends etc.

Facebook Security

Security is always a point of consideration for social networking websites and for webmaster, the main aim of this article is not to introduce some security and privacy tips, as title shows that we are going to talk about some advance security features that are available on your Facebook account.

Protection From Sniffing 

Sniffing is one of the famous and common hacking in which an attacker can sniff your information while your information travel through the wire (for wired network) or through air (for wireless network), Facebook provides an exclusive feature of encryption means your Facebook first encrypt the information (your ID and password) than transfer it to the server.

To activate this feature go to your account setting-->Account security--> Check on secure browsing (HTTPS). After all your browser turn http into https that is a secure channel to transfer information.

Attach Cell Phone To Your Facebook Account
This is one of the most important feature to protect your account to being hacked, let suppose an attacker stole your ID and password of Facebook, than the attacker try to log in from your account from an unknown computer, Facebook block this log in even if the password and ID is correct, Facebook block this log in because of an unknown computer try to log in your account than Facebook will send a message into your number to verify this log in.

This all happen when you turn on this feature, go to your account setting-->account security--> mark check on log in approvals.


Some Other Tips  


Well the most important tips to secure your account has been discussed above, but it is not enough because you have to secure account from an attack like information gathering, hacker uses different social engineering techniques to get into your account, to get more and more information about yourself and your surrounding persons like friends, relatives and others.

Why an attacker do this things? The answer is depend on multiple factors for example this type of information gathering relate to your job and occupation, this may be related to your research on a specific field and many more reason. So you must consider all this thing as a security measures,

Use a strong privacy policy
Do not add an unknown person into your friend list
Limit yourself to share the personal information on Facebook
Do not share your unique creation (May be a research, tool, etc)

Read more »

The Drop Box

The Drop Box For Facebook Security Hole

Security flaw is more mobile than before, as well as identity theft and other data from Facebook profiles.

Facebook is said that this security hole, only victim of the operating system has been changed or jailbroken. This assertion is incorrect, because the vulnerability of all Android and Apple gizmos.

Security hole was discovered by a security expert Gareth Wright,who IExplorer, free program that allows users to find the file on their iPhones or iPads storage devices as if they were.

He discovered in the text as a sign of Facebook - encapsulation, a user's identity and personal information - in Omgpop Draw All mobile games.

The Drop Box

After copying and testing of the access token of the query language, he was able to get access to "all information" in his Facebook account.

Facebook app to access the folder and access it with IExplorercom.Facebook.plist file, find its credentials in clear text. Wright sent a plist file to a local blogger, he is with friends, and bloggers can access their Facebook account and carry out activities, such as the taste of the wall pages, send personal messages, and send pictures to add apps to run anything.

Plist file, Wright installed four units, and the result was the same, so he contacted Facebook, which initially responded to this problem have been reported, and it works.

He tested multiple devices plist problem, which, as a rule, will be used to illegally collect user information, and Wright was able to collect more than a week in 1000 plist file (it does not copy any data).

Facebook issued a long statement, the accused persons, who have jailbroken or modified security hole:

IOS and Android applications for the Facebook-provided only by the manufacturer, operating system, and access tokens are only vulnerable if they have changed the mobile OS (ie jailbroken IOS or modded Android), or the condition, the actor threatened with physical access to the device.

We develop and test our applications with the same version of the mobile operating system and native of Hope, a foundation for development, implementation and compromised the safety of all on jailbroken devices. As Apple says, "IOS could allow hackers to steal personal information from unauthorized modification ... or a malware or a virus."

To protect themselves, we recommend that all users refrain from changing the use of mobile OS in order to avoid instability and security problems.

End of story? A. Wright and the Web as a duplicate of a security hole on devices that have been jailbroken or modified.

Wright published:

I feel I must repeat Facebook plays it, and it was fine, but says that only jailbroken phones are stolen or not.

The greatest risk of malware and viruses are designed to slurp data from devices connected to PCs, so that no matter what other articles say, jailbroken or not, that you are vulnerable.

When testing, it worked for closed pass - coded native IOS devices.

The Web has also shared her experience:

As a matter of fact, we are here to copy Facebook hack TNW Labs(using their own equipment) and it works very well without the jailbreak.

If you carefully read the Facebook application, but it does not cover the bases when he says that you are vulnerable if you have it quite right, "the actor threatened with physical access to the device." - The unit will be required to physically access one way or another, but that does not mean that it should be stolen or that someone was not for him.

Read more »