Tuesday, 6 October 2015

How Facebook Protects Its Ever-Changing Data From Hackers

there are many potential avenues for hackers to attack. And thanks to its tremendous global reach, there are also many well-funded bad guys who would take advantage of any chinks in Facebook's armour. Given that Facebook has a well-known mandate to "move fast and break things", this presents a dilemma.

"Security" and "moving fast" are usually exact opposites. Developers want to move fast, but the security team needs to make sure that the code they're writing isn't introducing new risks into the system. So Facebook turned the usual security process on its head, so its developers can keep moving fast without breaking anything too serious.

"You still have to move fast, there's now just a cost to moving fast," says Facebook open source software engineer Christine Abernathy.

A CRACK TEAM 

Facebook software and security engineer Ted Reed says that the goal is to make security part of the normal workflow. If every developer at Facebook came to him whenever they got a suspicious email, that would be ideal. But the next best thing is to lock everything down behind the scenes.

"We put the burden on ourselves," Reed says.

Facebook's sheer size and scale makes it a target. There's a team of security pros at Facebook, Reed says, whose main job is to stand by until a call comes in.

When a developer flags a piece of the code they're working on as requiring review in Facebook's project management tracking tools, a security engineer rushes off to do a review as soon as they possibly can while the developer is free to keep on hacking away at the code. In a more proactive sense, Facebook's security squad is always working to protect the underlying infrastructure, making sure that the data that developers are working with is secured on every level.

The goal is to make the underlying security completely unnoticeable to the developer. "It becomes very hard to build insecure things," Reed says.

The security team also has to build a strong relationship with Facebook's developers. Often, Reed says, a member of the infrastructure security team will join a Facebook project team to help them solve a problem and end up joining that team permanently. Facebook encourages that kind of team-jumping flexibility, and the security team loves it it means that the product team in question now has someone devoted to preventing hacks.

Another big way that the secu- rity team wins over Facebook developers is by giving them something that they can't get enough of: Data.

After the notorious Hacking Team cybersecurity startup data breach incident, Facebook used Osquery to make sure they weren't compromised the same way. Reed's claim to fame at Facebook is leading the development of a tool called "Osquery"
Posted by at 1 comment:

Saturday, 18 October 2014

The Best Free Wi-Fi Hacking Apps for Iphone

Cydia allows you to download Wi-Fi Hacking Apps compared to the Apple App Store. After jailbreaking your iPhone, you can use Cydia to download third party applications that are capable of taking advantage of security flaws in household routers to get free Wi-Fi. While there are a number of applications out there that fulfill this purpose, there are a handful that have stood the test of time.
Many of these applications exploit a common security vulnerability with WEP and WPA/WPA2 passwords that are found on household routers. In short, the applications listed below attempt to access the router with the router’s default password to gain administrative access and allow the iPhone/iPad to join the network without having the authorized WEP or WPA key.
Also worth noting is that some of these applications are only capable of hacking into routers within certain countries or routers issued by certain ISPs. Because all routers are manufactured differently, the security flaws found in some routers may not be applicable across the board. Check within each individual application to see which routers and internet service providers are supported.
IWep Pro - This is probably the best one currently available. After downloading and installing the application through Cydia, you’ll be greeted with a simple user interface that scans local wireless networks and tells you which ones can and can’t be hacked. After selecting the network you’d like to join, IWep quickly goes to work and finds the right password to access the router.
In order to utilize IWep Pro properly, you’ll have to download a “dictionary” for the application. Use Cydia to find IWep Pro dictionaries to use to try and discover the router’s default password.
ISpeedTouched - Just like with the other applications listed, ISpeedTouched scans the area for networks that are connectable and using a downloadable “rainbow table” via the application, you’ll be able to find and take advantage of unsecure wireless networks.
WPA Tester - This one doesn’t necessarily require Cydia, as it’s currently available in the official App store. It works almost identically to the other programs listed and is capable of trying default passwords for most wireless routers available from internet providers worldwide.
iWPA Finder - In Italy and other parts of Europe there are routers issued by the ISPs, Alice and Fastweb. iWPA is capable of finding security vulnerabilities in these routers only. While it’s possible to use one of the more universal applications, since iWPA is designed to work specifically with certain router models, it may be easier to use than a larger program.
- See more at: http://www.latesthackingnews.com/2014/10/17/best-free-wi-fi-hacking-apps-iphone/#sthash.79i1Aj0o.dpuf

Posted by at No comments:

Sunday, 5 October 2014

Must have Firefox Addons for Geeks

Firefox, No doubt one of the best and popular internet browser . but many of us don’t know a lot of thing which can make it perfect browser for computer geeks. So now i’m going to tell you some important firefox addons we must have.
 
1. FOX TAB:
 
3D in your browser! FoxTab brings innovative 3D functionality to your Firefox.


New! Top Sites for FoxTab (aka Speed Dial).
Now you can access your most favorite sites from the familiar FoxTab interface. 

FoxTab is a popular 3D tab management extension.
FoxTab powers Firefox with the following main features:
  ✔ Top Sites (aka Speed Dial) for quickly accessing your favorite web sites.
  ✔ Tab Flipper – to easily flip between opened tabs using mouse or keyboard gestures.
  ✔ Recently Closed Tabs – for reopening a tab that was recently closed.

Choose between 6 attractive 3D layouts.

Download Link:
https://addons.mozilla.org/en-US/firefox/addon/8879/

2. GREASE MONKEY:
 Allows you to customize the way a webpage displays using small bits of JavaScript. …!!


3. TAMPER DATA: 
Use tamperdata to view and modify HTTP/HTTPS headers and post parameters.
Trace and time http response/requests.
Security test web applications by modifying POST parameters.
FYI current version of Google Web Accelerator is incompatible with the tampering function of TamperData. Your browser will crash.


4. XSS ME:
Cross-Site Scripting (XSS) is a common flaw found in todays web applications. XSS flaws can cause serious damage to a web application. Detecting XSS vulnerabilities early in the development process will help protect a web application from unnecessary flaws. XSS-Me is the Exploit-Me tool used to test for reflected XSS vulnerabilities.

Download Link:
https://addons.mozilla.org/en-US/firefox/addon/7598/


5. ALEXA SPARKY:       
 Sparky is Alexa Internet’s free Firefox status bar plugin. Sparky accompanies you as you surf, providing you with Alexa data about the sites you visit without interrupting your browsing.
Discover website traffic trends — Is this site getting more popular, or less?
Get detailed traffic information including Reach and Rank — How does this site’s traffic compare to other sites on the Web?
Surf more efficiently with Related Links for each page — If I like this site, are there others that I might want to visit?
Gracefully navigate past dead end error pages — Enable Sparky’s optional custom error handling to get relevant alternative links when your browser encounters a network error.
Plus, as you browse with Sparky, you’re helping to make the Web a better place for everybody by contributing to the traffic information that Alexa provides.

Download Link: 
https://addons.mozilla.org/en-US/firefox/addon/5362/


6. SQL INJECT ME:
                                     
SQL Injection vulnerabilites can cause a lot of damage to a web application. A malicious user can possibly view records, delete records, drop tables or gain access to your server. SQL Inject-Me is Firefox Extension used to test for SQL Injection vulnerabilities.
SQL Inject Me is the Exploit-Me tool used to test for SQL Injection vulnerabilities.
The tool works by submitting your HTML forms and substituting the form value with strings that are representative of an SQL Injection attack.
The tool works by sending database escape strings through the form fields. It then looks for database error messages that are output into the rendered HTML of the page.

The tool does not attempting to compromise the security of the given system. It looks for possible entry points for an attack against the system. There is no port scanning, packet sniffing, password hacking or firewall attacks done by the tool.

Download Link:
https://addons.mozilla.org/en-US/firefox/addon/7597/

7. HACKBAR:
This toolbar will help you in testing sql injections, XSS holes and site security. It is NOT a tool for executing standard exploits and it will NOT teach you how to hack a site. Its main purpose is to help a developer do security audits on his code. If you know what your doing, this toolbar will help you do it faster. If you want to learn to find security holes, you can also use this toolbar, but you will probably also need a book, a lot of Google and a brain :)
# The advantages are:
– Even the most complicated urls will be readable
– The focus will stay on the textarea, so after executing the url (Ctrl+Enter) you can just go on typing / testing
– The url in textarea is not affected by redirects.
– I tend to use it as a notepad :)
– Useful tools like on the fly uu/url decoding etc.
– All functions work on the currently selected text.
– MD5/SHA1/SHA256 hashing
– MySQL/MS SQL Server/Oracle shortcuts
– XSS useful functions
– And lots more ;) Go test it!
# Shortcuts
– Load url ( Alt + A )
– Split url ( Alt + S )
– Execute ( Alt + X, Ctrl + Enter )
– INT -1 ( Alt – )
– INT +1 ( Alt + )
– HEX -1 ( Ctrl Alt – )
– HEX +1 ( Ctrl + Alt + )
– MD5 Hash ( Alt + M )
– MySQL CHAR() ( Alt + Y )
– MS SQL Server CHAR() ( Alt + Q )
Posted by at No comments:

5 Ways to use linux in windows

Linux is one of the most powerful operating systems available today. It is so because it provides numerous applications that gives amazing functionality which windows softwares can not simply do , but we all have our own reasons to use windows as our main operating system
But how if you get to run the linux application on your windows OS ?
Several Tricks for using linux applications on windows.

1. Wubi

Wubi is an official installer for Windows users that allows Ubuntu to be installed and uninstalled in a safe, easy way as any other Windows application.
 Wubi installs the latest stable release of Ubuntu on your Windows system.
Wubi does not work on any new PC with the Windows 8 logo or using UEFI firmware.
Use a 64-bit version of Ubuntu, installed directly to its own partition instead.
Downloading and Installation of Wubi :
Download Wubi from the Ubuntu Windows Installer Download page; this will provide you the latest version.
You can download other versions of the Ubuntu from pages on releases.ubuntu.com look for wubi.exe at the bottom of the page.
Installation :
  1. Run Wubi.
  2. Insert a password for the new account, adjust the disk space and click on ”install” button
  3. The installation process from this point on is fully automatic.
  4. The installation files (approximately 700MB) will be downloaded and checked.
  5. Now you will be asked to reboot your system.
  6. Do so and select Ubuntu at the boot screen. The installation will continue for more 10 to 15 minutes and the system will reboot again.
  7. Now select Ubuntu at the boot screen and start using it.

2. Cygwin

 Cygwin provides many tools that gives look and feeling of linux system interface on your windows machine.
Downloading and Installation of Cygwin :
I. For 32-bit versions of Windows:
Run setup-x86.exe of Cygwin package for 32-bit windows. The signature for setup-x86.exe can be used to verify the validity of this binary using this public key.
II. For 64-bit versions of Windows:
Run setup-x86_64.exe of Cygwin package for 64-bit windows. The signature for setup-x86_64.exe can be used to verify the validity of binary using this public key.
  1. On the first time, setup.exe does not install every package only base packages of Cygwin distribution will be installed.
  2. You can control what you want to install by Clicking on categories and packages in the setup.exe.
  3. If you Click on “Default” field next to the “All” category, it will install every Cygwin package but this could be of hundreds of MBs.
I recommend you to select only those Packages which you actually need.
 3. Ulteo Virtual Desktop
Ulteo Open Virtual Desktop is an Open Source virtual desktop. It works in both a Windows and Linux environment. By using Virtual Desktop, you just have to run the application you wish to use from the Ulteo panel and its window will seem like any other Windows application.  The Ulteo Open Virtual Desktop is very easy and fast to install.
Here I am providing you the link to its official site.
Follow the steps and get installation in a few minutes only.
  1. Download The Ulteo Open Virtual Desktop.
  2. Read the Installation Guide and follow instructions to complete installation.

4. AndLinux

AndLinux is a Ubuntu Linux operating system that can run in Windows based systems i.e. 2000, XP, 2003, Windows Vista, Windows 7( 32-bit versions only). AndLinux uses coLinux as its core which is confuses many people. coLinux is a port of the Linux kernel on Windows. This is like running Linux in a virtual machine. AndLinux is not just for development and it runs almost all Linux applications without any need of modification.
Downloading and Installation of AndLinux:
There are instructions given at the official website along with the screen shots about Installation .
You can Download Andlinux Latest Version From Here.
After installation completes you will get some right-click context menus in Windows to open files in Linux applications.
 5. By Installing Linux Virtually
 You can also install a complete version of linux on your windows operating system by using softwares like Vmware ,Virtual Box , Xen Hypervisor , QEMU etc. The best part is that all of above are freewares and are easily available on internet. These allows you to install any of the Linux version portably on your machine without any need to Uninstall your previous OS.
You can simply power on and power off Linux whenever you need while using windows.
Advantage of using such virtual software is that it doesn’t require a fixed space for operating system in your system’s memory , neither in RAM or HDD.
It is loaded only when it is running while rest of the time it is kept out of memory.
Posted by at No comments:
Subscribe to: Comments (Atom)