Another Facebook Hacking Tool

Short Bytes: Your desire to master the art of Facebook hacking can harm you in a big way. Recently, a variant of Remtasu malware has been spotted in the wild that can hack your Facebook, instead of your friend’s account. Surprisingly, this malware always finds a way to remain on the system even after the victim reboots the system or tries to locate the threat in the list of active processes.

Anew Facebook hacking tool has been spotted in the wild that can actually hack Facebook accounts. However, if you try to use this tool to hack someone’s Facebook account, you might end up becoming the victim of this tool.

This hacking tool is a disguised version of a Windows-based trojan whose reach has witnessed an accelerated growth over the last year. Ostensibly, the malware is now busy using social engineering tactics to target the people who are looking for ways to hack other’s Facebook accounts. This finding was recently unveiled by the security firm ESET in a blog post.

How is Remtasu Facebook hacking tool spreading?

This Win32/Remtasu.Y malware reaches your machine when you search queries like “how to hack Facebook account?” etc. As a result, you may end up downloading this Facebook hacking tool that can hack your own account.

Talking about different ways by which this trojan spreads, ESET writes, “we are no longer seeing propagation through e-mail. They are instead coming from direct download sites. Once a user downloads and executes the file, their data is compromised.”

This Facebook hacking variant of Remtasu is most common in Latin America, Thailand, Turkey and other countries.

How Remtasu hacks your Facebook account?

Once a user visits a direct download website, the malware enters in your system and disguises itself among other files. It was observed that the malware makes use of UPX compression. After the file is uncompressed, various functions are executed that include opening and capturing clipboard information, recording keystrokes and sending it to an FTP server.

Surprisingly, this malware always finds a way to remain on the system even after the victim reboots the PC or tries to locate the threat in the list of active processes. “In this case, the malware replicates itself, saving the copy in a folder that it also creates within thesystem32 folder. The new InstallDir folder remains hidden inside the system files, making it difficult for users to access,” ESET explains the process.

The security firm has recorded 24 different versions of the malware. Out of those, Win32/Remtasu.Y represents more than a quarter, followed by the variant Win32/Remtasu.O at 23%.

foss Bytes advises the readers to stay away from Facebook hacking tools as they can harm your digital life. Also, it’s unethical.

Feeling Bored? You can now play in Facebook Messenger

Here’s where it gets interesting and why you have to appreciate the humor of engineers – to make a move, you use “Standard Algebraic Notation.” For instance, @fbchess Nbd2would move a knight from b-file to d2. @fbchess B2xc5 takes on c5 with 2nd rank bishop. You don’t have to be a math wiz to play, but it might help.

If you get stuck or need assistance, you can type in @fbchess help and you’ll get this menu listing all of the possible moves and commands you can make.

Facebook’s Chess game works equally well on both the desktop version of Facebook and the Facebook Messenger app, so you can start a game on the go and pick up right where you left off when you get to work.

Now, if they would just add @fbcheckers life would be really good. Your move, Twitter.

P.S. Not into chess? Type the command @dailycute into Facebook Messenger and you’ll get an an image that will make you go “aww,” like this.

Windows 10 Sends Data From Microsoft Thousands of Times Every Day

This is being deemed as Windows 10’s worst kept secret: it sends data from your PC to Microsoft thousands of times every day. This not only compromises your privacy but can also be a big drain on your mobile phone in case you are using Windows 10 on your mobile phone. And this is despite disabling tracking options or installing anti-spying apps. Back in November 2015 Microsoft had openly admitted that the operating system was spying on users and surprisingly, the company also admitted that it cannot stop Windows 10 from spying on you.

Windows 10 is constantly tracking how it works on your device and how you’re using it and then sending this information back to Microsoft by default. Despite giving users some option to stop this data transfer, the core data collection simply cannot be stopped, according to the official statement.

Last year, Microsoft Corporate Vice President Joe Belfiore had told PC World, “The company needs that information to improve the experience of using its operating system. And in the case of knowing that our system that we have created is crashing, or is having serious performance problems, we view that is so helpful to the ecosystem, and so not an issue of personal privacy, that today, we collect that data so that we make that experience better for everyone.”

I know, it’s terrible English, but I have quoted it as it is from the above link and I’m pretty sure it makes no sense to you, but the problem is, this secret has now gone out of hand. According to an instancementioned in this Forbes article, one individual has done “extensive investigation” and has found that Windows 10 contacts Microsoft reported are thousands of times per day.

During the observation period of eight hours, Windows 10 try to send data back to 51 different Microsoft IP addresses over 5500 times! Within 30 hours, Windows 10 was sending data to 130 non-private IP addresses. Non-private means the data can be intercepted by hackers.

Just to make sure that it wasn’t a fluke, a clean Windows 10 install was used and on top of that a third-party tool called DisableWinTracking was installed to stop any hidden Windows 10 data-gathering modules. Despite that, in the 30-hour period, Windows 10 was able to send data to 2078 times to 30 different IP addresses. Isn’t this insane?

Google to Ban Adobe Flash-based Advertising

Google to ban Adobe Flash-based display ads, go 100% HTML5

Google's massive AdWords network will no longer accept new display ads made in Adobe Flash as of June 30, the search giant announced this week, as it works to phase out the much maligned Internet plugin.

Both Google's Display Network and DoubleClick Digital Marketing will be 100 percent HTML5-based once the changes take effect. Advertisers will no longer be able to upload Flash-based display ads starting June 30, while display ads in Flash will no longer run after Jan. 2, 2017.

While the changes will affect all display ads on Google's network, video ads built in Flash will not yet be affected.

To aid advertisers in the transition, Google has created a new help document explaining how to update Flash ads to HTML5 ads. HTML5 ads can be created on their own, or with help from Google tools.

The news comes only days after Adobe itself axed its Flash Professional software, renaming it Adobe Animate CC. The revamped software has a greater focus on HTML5 Canvas and WebGL.

Apple stopped pre-installing Flash on Macs years ago, citing the potential security threats involved. Last fall it even went a step further, actively blocking old versions from being installed in Safari. And of course, Flash has never worked on its iOS platform.

How to Prevent A DDoS Attack

The best way to stop DDoS attacks 

A Distributed Denial of Service (DDoS) attack is an attempt to make an online service unavailable by overwhelming it with traffic from multiple sources. They target a wide variety of important resources, from banks to news websites, and present a major challenge to making sure people can publish and access important information.

Distributed denial-of-service (DDoS) attacks are always in top headlines worldwide, as they are plaguing websites in banks, and virtually of almost every organization having a prominent online presence. The main cause behind the proliferation of DDoS attacks is that there is a very low-cost that the attacker has to incur to put such attack in motion. Fortunately, today various prevention methods have been developed to tackle such attacks. Before delving further into understanding about the ways to prevent DDoS attack, let’s first understand what exactly a DDoS attack is!

Understanding DDOS Attack

A DDoS (distributed denial-of-service) attack is an attempt made by attackers to make computers’ resources inaccessible to its anticipated user. In order to carry out a DDOS attack the attackers never uses their own system; rather they create a network of zombie computers often called as a “Botnet” – that is a hive of computers, to incapacitate a website or a web server.

Let’s understand the basic idea! Now, the attacker notifies all the computers present on the botnet to keep in touch with a particular site or a web server, time and again. This increases traffic on the network that causes in slowing down the speed of a site for the intended users. Unfortunately, at times the traffic can be really high that could even lead to shutting a site completely.

3 Basic Tips to Prevent a DDoS Attack

There are several ways to prevent the DDOS attack; however, here in this guest post I’ll be covering three basic tips that will help you to protect your website from the DDoS attack.

1. Buy More Bandwidth.

One of the easiest methods is to ensure that you have sufficient bandwidth on your web. You’ll be able to tackle lots of low-scale DDOS attacks simply by buying more bandwidth so as to service the requests. How does it help? Well, distributed denial of service is a nothing more than a game of capacity. Let’s suppose you have 10,000 computer systems each distributing 1 Mbps directed towards your way. This means you’re getting 10 GB of data that is hitting your web server every second. Now, that’s causes a lot of traffic!

So to avoid such issue, you need to apply the same rule intended for normal redundancy. According to this technique, if you wish to have more web servers just multiply around diverse datacenters and next make use of load balancing. By spreading your traffic to various servers will help you balance the load and will most likely create large space adequate to handle the incessant increase in traffic.

However, there’s a problem with this method that is buying more bandwidth can be a costly affair. And as you’ll know that the current DDoS attacks are getting large, and can be a lot bigger exceeding your budget limit.

2. Opt for DDoS Mitigation Services.

A lot of network or Internet-service providers render DDoS mitigation capabilities. Look for an internet service provider having the largest DDoS protection and mitigation network, automated tools, and a pool of talented anti-DDoS technicians with the wherewithal to take action in real-time as per the varying DDoS attack characteristics. A viable alternative is to utilize a DDoS prevention appliance, which is specifically intended to discover and prevent distributed denial-of-service attacks.

3. Restricted Connectivity.

In case you have computer systems that are connected to the web directly, a better idea is to properly install/configure your routers and firewall so as to limit the connectivity. For an instance, while receiving some data from a client machine you can only allow traffic to pass from the machine only on a few chosen ports (like HTTP, POP, SMTP etc.) via the firewall.

Summary :

Websites are largely getting attacked by hackers every second. Denial-of-service attack is insanely getting huge and is creating a lot of problems for business organizations having strong online vicinity. In this guest post you’ll not only understand what a DDoS attack actually means, but will also come to know about a few type of methods to prevent DDoS attacks. Aforementioned are three tips that I’ll recommend you to run through to at least understand where to get started towards building a resilient web network with chances of surviving a DDoS attack.

Basic Understand about HACKING

Understand HACKING

Are you a beginner who wants to learn hacking but don’t know where to start? If so you are at the right place. Since most of the books and free resources on the Internet are only meant for those who already have a considerable amount of knowledge on the subject, they fail to teach hacking for beginners. Therefore, I have decided to come up with this post that gives useful tips for beginners on how to kick start their journey to becoming a hacker

many subgroups of the computer underground with different attitudes use different terms to demarcate themselves from each other, or try to exclude some specific group with which they do not agree. Eric S. Raymond (author of The New Hacker's Dictionary) advocates that members of the computer underground should be called crackers. Yet, those people see themselves as hackers and even try to include the views of Raymond in what they see as one wider hacker culture, a view harshly rejected by Raymond himself. Instead of a hacker/cracker dichotomy, they give more emphasis to a spectrum of different categories, such as white hat, grey hat, black hat and script kiddie.

White hat:-

A white hat hacker breaks security for non-malicious reasons, perhaps to test their own security system or while working for a security company which makes security software. The term "white hat" in Internet slang refers to an ethical hacker. This classification also includes individuals who perform penetration tests and vulnerability assessments within a contractual agreement. The EC-Council , also known as the International Council of Electronic Commerce Consultants has developed certifications, course ware, classes, and online training covering the diverse arena of Ethical Hacking.

Black hat:-

A "black hat" hacker is a hacker who "violates computer security for little reason beyond maliciousness or for personal gain" (Moore, 2005). Black hat hackers form the stereotypical, illegal hacking groups often portrayed in popular culture, and are "the epitome of all that the public fears in a computer criminal". Black hat hackers break into secure networks to destroy data or make the network unusable for those who are authorized to use the network.

Part 1: Targeting

The hacker determines what network to break into during this phase. The target may be of particular interest to the hacker, either politically or personally, or it may be picked at random. Next, they will port scan a network to determine if it is vulnerable to attacks, which is just testing all ports on a host machine for a response. Open ports—those that do respond—will allow a hacker to access the system.

Part 2: Research and Information Gathering

It is in this stage that the hacker will visit or contact the target in some way in hopes of finding out vital information that will help them access the system. The main way that hackers get desired results from this stage is from "social engineering", which will be explained below. Aside from social engineering, hackers can also use a technique called "dumpster diving". Dumpster diving is when a hacker will literally search through users' garbage in hopes of finding documents that have been thrown away, which may contain information a hacker can use directly or indirectly, to help them gain access to a network.

Part 3: Finishing The Attack

This is the stage when the hacker will invade the preliminary target that he/she was planning to attack or steal. Many "hackers" will be caught after this point, lured in or grabbed by any data also known as a honeypot (a trap set up by computer security personnel).

Grey hat:-

A grey hat hacker is a combination of a Black Hat and a White Hat Hacker. A Grey Hat Hacker may surf the internet and hack into a computer system for the sole purpose of notifying the administrator that their system has been hacked, for example. Then they may offer to repair their system for a small fee.

Elite hacker:-

A social status among hackers, elite is used to describe the most skilled. Newly discovered exploits will circulate among these hackers. Elite groups such as Masters of Deception conferred a kind of credibility on their members.

Script kiddi:-

A script kiddie (or skiddie) is a non-expert who breaks into computer systems by using pre-packaged automated tools written by others, usually with little understanding of the underlying concept—hence the term script (i.e. a prearranged plan or set of activities) kiddie (i.e. kid, child—an individual lacking knowledge and experience, immature).

Neophyt:-

A neophyte, "n00b", or "newbie" is someone who is new to hacking or phreaking and has almost no knowledge or experience of the workings of technology, and hacking.

Blue hat:-

A blue hat hacker is someone outside computer security consulting firms who is used to bug test a system prior to its launch, looking for exploits so they can be closed. Microsoft also uses the term BlueHat to represent a series of security briefing events.

Hacktivis:-

A hacktivist is a hacker who utilizes technology to announce a social, ideological, religious, or political message. In general, most hacktivism involves website defacement or denial-of-service attacks. Nation state Intelligence agencies and cyberwarfare operatives of nation states.

Attack:-

A typical approach in an attack on Internet-connected system is:

1. Network enumeration: Discovering information about the intended target.

2. Vulnerability analysis: Identifying potential ways of attack.

3. Exploitation: Attempting to compromise the system by employing the vulnerabilities found through the vulnerability analysis.

In order to do so, there are several recurring tools of the trade and techniques used by computer criminals and security experts.

Security exploit:-

A security exploit is a prepared application that takes advantage of a known weakness. Common examples of security exploits are SQL injection, Cross Site Scripting and Cross Site Request Forgery which abuse security holes that may result from substandard programming practice. Other exploits would be able to be used through FTP, HTTP, PHP, SSH, Telnet and some web-pages. These are very common in website/domain hacking.

Techniques

Vulnerability scanner:-

A vulnerability scanner is a tool used to quickly check computers on a network for known weaknesses.Hackers also commonly use port scanners. These check to see which ports on a specified computer are "open" or available to access the computer, and sometimes will detect what program or service is listening on that port, and its version number. (Note that firewalls defend computers from intruders by limiting access to ports/machines both inbound and outbound, but can still be circumvented.)

Password cracking:-

Password cracking is the process of recovering passwords from data that has been stored in or transmitted by a computer system. A common approach is to repeatedly try guesses for the password.

Packet sniffer:-

A packet sniffer is an application that captures data packets, which can be used to capture passwords and other data in transit over the network.

Spoofing attack (Phishing):-

A spoofing attack involves one program, system, or website successfully masquerading as another by falsifying data and thereby being treated as a trusted system by a user or another program. The purpose of this is usually to fool programs, systems, or users into revealing confidential information, such as user names and passwords, to the attacker.

Rootkit:-

A rootkit is designed to conceal the compromise of a computer's security, and can represent any of a set of programs which work to subvert control of an operating system from its legitimate operators. Usually, a rootkit will obscure its installation and attempt to prevent its removal through a subversion of standard system security. Rootkits may include replacements for system binaries so that it becomes impossible for the legitimate user to detect the presence of the intruder on the system by looking at process tables.

Social engineering:-

When a Hacker, typically a black hat, is in the second stage of the targeting process, he or she will typically use some social engineering tactics to get enough information to access the network. A common practice for hackers who use this technique, is to contact the system administrator and play the role of a user who cannot get access to his or her system.

Trojan horses:-

A Trojan horse is a program which seems to be doing one thing, but is actually doing another. A trojan horse can be used to set up a back door in a computer system such that the intruder can gain access later. (The name refers to the horse from the Trojan War, with conceptually similar function of deceiving defenders into bringing an intruder inside.)

Viruses:-

A virus is a self-replicating program that spreads by inserting copies of itself into other executable code or documents. Therefore, a computer virus behaves in a way similar to a biological virus, which spreads by inserting itself into living cells. While some are harmless or mere hoaxes most computer viruses are considered malicious.

Worm:-

Like a virus, a worm is also a self-replicating program. A worm differs from a virus in that it propagates through computer networks without user intervention. Unlike a virus, it does not need to attach itself to an existing program. Many people conflate the terms "virus" and "worm", using them both to describe any self-propagating program.

Key loggers:-

A key logger is a tool designed to record ('log') every keystroke on an affected machine for later retrieval. Its purpose is usually to allow the user of this tool to gain access to confidential information typed on the affected machine, such as a user's password or other private data. Some key loggers uses virus-, trojan-, and rootkit-like methods to remain active and hidden. However, some key loggers are used in legitimate ways and sometimes to even enhance computer security. As an example, a business might have a key logger on a computer used at a point of sale and data collected by the key logger could be used for catching employee fraud. 

 

  Learn Programming (Optional)

 

If you want to take your hacking skills one step ahead, programming is something that you can’t skip down. Although you can easily find a lot of ready made tools and programs that let you hack with ease, it is always better to have some basic knowledge of programming languages like HTML, PHP and JavsScript so that you will be in a position to develop your own tools and exploit codes. However, if you do not wish to learn programming you can skip this step and still be a good hacker.

How Long does it Take to Master the Skills of Hacking?

Since hacking is not something that can be mastered overnight, you should never be in a hurry to get going. It requires knowledge, skills, creativity, dedication and of course the time. Depending upon the amount of effort and dedication you put, it can take up anywhere between a few months to few years to develop all the the necessary skills. Everyone can become a hacker provided they learn it from the basics and build a solid foundation. So, if you want to be a hacker all you need is passion to learn, a good source of knowledge that will guide you through the basics and some perseverance.

 

Why SSL Certifiate is Important for your Website’s Security

When you are surfing the internet, a lot of information is being exchanged between the web host and the device being used to surf the internet. This type of information can always be easily breached by hackers, especially if it involves online transactions and this has always been a major issue when dealing with the internet. Nowadays, cases of online theft are becoming increasingly popular. There is one way of determining whether a site is safe to use through an SSL Certificate which is powered by the beauty of cryptography.

How SSL Cryptography Works?

Cryptography ensures that data is transmitted in a means that only the intended party can access it. You can easily determine a site which has an SSL certificate by the padlock icon that is displayed beside the web address. So how do SSL certificates work? SSL in full is Secure Sockets Layer. An SSL certificate provides tight security during the exchange of data.

PadLock Icon Showing SSL Security

In SSL cryptography, encryption makes use of separate keys for the decryption and encryption of data. Encryption keys are public and anyone can use them. But the decryption keys (ones used to turn encrypted data into meaningful information) are private and are kept secret. The SSL certificate, on the other hand, can simply be described as a tiny data file that has the appropriate information about a certain website. The information can be quickly read by the host connection once the request for connection is received. It is through an SSL that a website can prove its authenticity to a web browser.

How To Get SSL Certificate?

An SSL certificate is not handed out like a college certificate. There are a number of companies called Certificate Authorities (CA)that authenticate that a site/server is legitimate and sign a resultant digital certificate which is then stored, just like a cookie is stored on your browser. The certificate will continuously alert all incoming connections and protocols that the connection is trustworthy.

SSL Certificate Advantages

SSL certificates make online data-exchange, especially financial transactions, safer. It is a common rule of thumb not to trust any e-commerce site that does not have an SSL certificate. There is just too much information floating around online nowadays such as credit card info, banking information etc. The safety of all these vital information will be ensured by the SSL certificate, and every browser will accept the websites incoming connections. However, most small websites, such as blogs, don’t really need to supply an SSL certificate.