Vulnerability in Facebook discloses Primary Email Address of any account

When you sign up on Facebook, you have to enter an email address and that email address becomes your primary email address on Facebook.
In a recent disclosure by a Security researcher, Stephen Sclafani - The Social Networking site Facebook was  vulnerable to disclosure of primary email address of any Facebook user to hackers and spammers.

            

Hack Facebook Accounts Using OAuth Vulnerability

In recent few months White hat hacker Nir Goldshlager reported many critical bugs in Facebook OAuth mechanism, that allowed an attacker to hijack any Facebook account without user's interaction.

Another hacker 'Amine Cherrai' reported a new Facebook OAuth flaw, whose explotation is actually very similar to Nir Goldshlager's findings but with a new un-patched way.

Now, if you are aware about the vulnerability used against Facebook OAuth in redirect_url parameter in the URL, there is another way that Amine Cherrai found, to bypass the patch applied by Facebook security team.

He found another file on Facebook, that allow redirection to steal access_token of victim's accounts.
i.e http://facebook.com/connect/xd_arbiter.php?#&origin=http://facebook.com/”
Successful explotation once again allowed hacker to hijack Facebook accounts using OAuth Flaw.
Proof of concept:

http://facebook.com/dialog/oauth?client_id=350685531728&response_type=token&display=page&redirect_uri=http%3A%2F%2Ftouch.facebook.com%2Fconnect%2Fxd_arbiter.php%3F%23%21%2Fapps%2Fmidnighthack%2F%3F%26origin%3Dhttp%3A%2F%2Ffacebook.com%2F

 

Hope you guys found it useful.

If you have any doubts regarding the above 0day, please do mention it below in comments.

I will try to answer you as soon as possible.

Thanks

Facebook to influence 2014 LS poll results; social media to be taken seriously?

With youth playing a major role in the coming Lok Sabha elections, a study says Facebook could influence the results, and could be the new vote bank for the Indian politicians.

 

have often been questioned. While critics have played down the impact of social media saying it's only limited to few people, supporters believe social networking websites is rapidly evolving as a serious platform to express views as well spread the word.

Microsoft - Victim of Cyber Attack like facebook and Apple

On Friday evening, Microsoft announced via its security blog that it, too, had been the victim of a cyber attack, comparing its situation to the likes of Facebook’s and Apple’s recentsecurity breaches.“During our investigation, wefound a small number ofcomputers, including some in ourMac business unit, that wereinfected by malicious softwareusing techniques similar to those documented by other organizations,” - wrote MattThomlinson, General Manager ofTrustworthy Computing Security,in a company post.Microsoft claims no evidence ofcustomer data beingcompromised.The security breach of theRedmond-based softwarecompany is just one in a series of high-profile tech company hacks,starting earlier this month withTwitter’s announcement that the data of some 250,000 user accounts could potentially havebeen compromised.As we reported earlier in the week, laptops belonging toemployees at Facebook, Apple andpossibly Twitter were infected with malware after visiting any Phone-focused software developer site. Sources have told All Things that many other companies could have been infected by the malware-spreading site, and perhaps many more will disclose similar instances of hacking in the coming weeks.And just yesterday, customer service management provider ZenDesk announced that it had been hacked as well. The fall out from that hack affected some of the companies ZenDesk provides its services to, including Pinterest,Twitter and Tumblr. Microsoft did not respond to a request for further comment !!!

Hacking Facebook Accounts using keylogging

Hi friends,
I am back with another post on " Hacking facebook accounts ". But this time, with another method, than Phishing, Keylogging.
Hope you guys might be well aware about what keylogging is? 


                                                             


For my last post on Hacking Facebook Accounts,
Visit : Read post

If yes, i wish to skip this part, even its not bad to read it once again.
Well, now for those who doesn't know, What keylogging is?

Colorful Chat In Facebook

Colorful Chat In Facebook

[[f9.cha]] = A
[[f9.chb]] = B
[[f9.chc]] = C
[[f9.chd]] = D

Latest facebook chat Smilies

 Some Latest facebook smilies

Here are some of the latest facebook chat smilies...

Check out -

How To Get Lots Of Like For Your Facebook Page?

Get Lots Of Like For Your Facebook Page

                                               


(More Than 100 Like Per Day)

Hello friends, Today I'm going to offer you most important facebook tip. It's about facebook fan page "LIKE". Most of the people using facebook fan page to grow their business & as a hobby.

How to Hack a facebook Account? [Updated]

I am back with the HOTTEST Topic "How to hack a facebook account?" 

So, in this post, I will explain you the way how to get an unauthorized access over a facebook account by phishing.

 

To get a brief info on Various Methods of Hacking Email Account, Read Post

 

Many of you might know about this way but this is for those who are unable to get through phishing. 
This way of hacking an account, according to me, is the easiest but at some steps, you need to be tricky. So that might be a stage of tense but we’ll get through it.