Facebook offered $12,500 to security researcher for finding critical photo bug.

An Indian security researcher, Arul Kumar recently discovers a security flaw on Facebook that allows hackers to delete any photo from a user’s account without his/her knowledge or permission via mobile devices. The bug is now fixed and Facebook reward Kumar with $12,500 for finding this critical vulnerability.

Facebook photo bug allows hackers to delete other's photo without permission.

Facebook photo bug allows hackers to delete other’s photo without permission.

In Kumar’s blog, he reveals a way to remove photos from another user’s account without knowing the victim’s login information. Normally, user can request Facebook to remove a photo. If Facebook doesn’t remove it, the user can then appeal to the user who uploaded the photo to request taking it down. He/She will then receive a link with a one-click button to delete the image.

So where is the problem?

According to Kumar, the breach resides in the Support Dashboard on Facebook’s mobile domain. Kumar created two real Facebook IDs and logged in both account at the same time. On one end, he called it the “sender”; while the other called the “receiver.” He reported a photo as the “sender,” in the URL he inserted the photo ID value (a.k.a “cid” parameter) that he would like to remove, and the profile ID value (a.k.a “rid” parameter) of the person that the report supposed to go to (the “sender,” which in this case is also controlled by Kumar).

On Kumar’s blog, he described how to delete other user’s photo with him/her knowledge.

Microsoft is not the only tech giant who encourages hackers to resolve any vulnerability with bounty rewards. Facebook’s White Hat Program offers financial reward to experts who can locate any bug of their site. The minimum reward is $500, while there is no ceiling for the prize amount. It all depends on the severity of the bug.

However, as a reminder, Facebook strongly forbids researchers from testing their exploits on any real accounts. Couple weeks ago, an IT expert, Khalil Shreateh hacked Mark Zuckerberg’s timeline to prove his finding of a bug. As a result, he was disqualified to claim the reward. However, in Kumar’s case, he never actually tested on Mark’s account. The delete button has never been clicked.

Advertisements

Turn on 2-step authentication to enhance your social media security

Do you still remember the article about “2-step authentication” we shared on Facebook? Today, we are going to walk you through the process of setting up 2-step authentication on your social media step-by-step.  2-step authentication is not a cure-it-all for your internet security. However, it certainly makes it more difficult for hackers to break through your security line.

What is 2-step authentication?

2-step authentication (a.k.a. two-factor authentication) is composed of two pieces of authentication factors: the knowledge factor, something you know, and the possession factor, something you have. It’s similar to the idea of requiring 2 keys to open a treasure chest. In addition to the password you originally created for emails, social media or even online banking accounts (knowledge factor), you will need another key (possession factor) to access to your accounts. Your phone is one of the most popular options nowadays. By activating such security feature on your social media, you will receive a set of codes on your phone. Use this code to access your account after typing in the password you normally use.

How to set up?

  1. Click on the setting button on the upper right corner and choose the account setting option.

    Facebook login approval

    Facebook login approval

  2. On the navigation panel on your left, choose “security”; it will take you to the screen below.
  3. Enable the “Login Approval” security feature then Facebook will walk you through
    FB login approval2
  4. Facebook will send you a set of codes via SMS. Type the code in the box, then click next. As you enter the security code, you will have the option to save your device to your account so that you don’t have to generate a code for the device every time you log in
    FB login approval3
  5. If you ever login via a device unrecognized by Facebook, you will need to enter the code again. 계속 읽기

10 Common Facebook scams 2013 -Part 2.

Have you kept the first 5 common scams on Facebook that we talked about in our last post? If you need a little recap, check out 10 Common Facebook scams 2013 <Part 1>.

Ready? Now, let’s get into the next 5!

6.         Phony message on Facebook

  • Scammer from Facebook team: A phishing scam spotted by GFI Lab early this year. You will go through 5 pages of question for a security check after clicking on the link. Once the scammer has your information, it will start to spam your friends or use your identity and card information to purchase things you will never receive.
Phony message from Facebook Team spotted by GFI Lab

Phony message from Facebook Team spotted by GFI Lab

  • Check out my new Camera: I’ve seen too many times that my friends try to show me their new shopping trophy through Facebook chat; while we all know the link of the pictures will not take you to their new camera or new clothes,  but some spams or malware.
  • I need your help (and money!): Your friend won’t ask for your help by just leaving a Facebook message, especially when s/he needs your financial support. A tip to keep in mind, they usually ask you to transfer money via Western Union or other uncommon financial institute. Be cautious!

7.        Customize you Facebook:  Apps to find out who unfriend you, to change your Facebook color or getting “Dislike” button are just a few tricks of the scammers. Scammers usually insert adware, malware into the browser extension or plugins.

Red Facebook Hoax

Red Facebook Hoax

One of the most popular scam on Facebook early this year is the make-your-Facebook-red scam. After clicking the link 계속 읽기

10 Common Facebook scams 2013 -part 1.

By March 2013, Facebook just reached 1.11 billion active users; I believe you or your friends are one of the 1.11 billion users. However the fast growing numbers of Facebook users indeed greatly raise the concerns of spamming on social network.  We list out 10 common Facebook scams for you to prevent from being fooled! We will share the first 5 today and the rest on Friday so stay tuned!

1.       See who’s looking at your Facebook?

You may have seen posts in your timeline like this. Telling you to click on the link and follow the steps to find out who is stalking your Facebook or blocking you. Well, it just won’t work because Facebook didn’t give any apps developer the permission to access such user data they need.

2.       Too good to be true

There’s no such thing as a free lunch! People always fall for the scam of getting free stuff. Here are some common freebie traps for you to keep in mind:

  • Free Facebook credit: gamers on Facebook! It costs real money by using credits to plant corns or raise pets on Facebook. There is no way they will be given out for free!
  • Freebies: such as “2 Free Southwest airline tickets by clicking the button” or “Take the survey to get free subway.”2 free tickets and a free subway sound like a good deal! Unfortunately they are not real deal. This scam can also be seen on Instagram and spam email. In some cases, people took the survey and were expecting a free subway coupon to come to their mail; but instead, they received a charge fee on their phone bill.
2 free SW ticket

2 Free Southwest tickets scam

  • Free iPad & iPod: Don’t be silly. This  is definitely just another marketing trick!
  • Limited time offer of free app goodies: Take LINE as an example, a popular messaging app available on Android and iPhone. Occasionally you will see some promotion like this ”Leave your LINE ID and your phone number in the comment in 24 hours to get this stickers for free.” Follow the instruction then you will never get the free sticker but the complaint from your friends of you spamming their Facebook!

3.       OMG headline 계속 읽기