Securing Friendster Profiles - Explained

-

NOTE : This article is intended for EDUCATIONAL PURPOSES only. Do not attempt to perform your own 'phishing' method learned from this article. The purpose of this article is to expose the real methods behind the popular phishing method and alerting Friendster users pertaining to it.

Nowadays, even social networking sites can be easily injected with XSS codes, thus performing some malicious operations, and the two utmost techniques would be cookie grabber and phishing method.

In this article, I shall be explaining the methods used by phishers in hijacking one's Friendster account easily, and efficiently. Even though Friendster is trying their level best to update their filtration system, but XSS geeks won't be giving up their desire to inject some XSS craps in a Friendster profile. Recently, there has been too many cases of Friendster phishers going around and hijacking profiles, hence I wrote this article.

Previously, I had posted a new method to execute javascripts externally via XSS and based on that method, many other 'evil' operations could be done.

First and foremost, phishers would usually register an account under a free host, which supports mainly PHP and without any advertisements. This is to ensure that the 'Friendster Re-login' page they are about to make would be 'as real as it is'. Next, they would create a page, similar to that of Friendster's 'Your cookies had expired, please re-login!' page. Some might had encountered this before while some had not. Personally, I had encountered this many times due to my sucky web browser and its bloody settings.

Then, in that 'Friendster Re-login' page, there would be a portion which requires you to enter your email and password in order to 'continue'. Statistically, 90% of normal Friendster users would enter their details and hit the login button. It depends on the phisher himself on where he wants to redirect the user once their details had been logged/submitted. Some might redirect them to the Friendster homepage, some might redirect them to another profile and so on.

So, what actually happens when the user hit the Login button? There could be two options to be exact, one is to store the details in a text file, and another sending those details to the phisher's email. All this is done via the form action, which is controlled by a PHP file. Advanced phishers would prefer to see their victim's IP address, browser, date, time and etc, so, all this information could even be retrieved with a single line of code in that PHP file.

I don't want to explain any further as it might be a 'tutorial' for some in learning to phish Friendster accounts. Anyway, to all the Friendster users out there, kindly open your eyes and keep staring at the URL field located at the top of your browser and make sure it starts with http://www.friendster.com/………..

And, keep changing your passwords from time to time. Beware!

 

Comments

Post a Comment

Popular posts from this blog

prediksi bencana alam

-
Ramalan Besar yang Mengejutkan Dunia (1) : Bencana Tsunami Aceh Telah di Prediksi Sebelumnya Jucelino Noberga da Luz ( Erabaru.or.id ) - Jucelino Nobrega da Luz adalah orang Brasil, lahir tahun 1960, profesinya saat ini ialah guru sekolah, dan dengan istri serta kedua anaknya menjalani hidup yang sederhana, ia adalah penduduk kota yang sangat biasa. Peristiwa yang ia ramalkan disertai tanggal, bulan, tahun kejadian bencana besar dan dilengkapi dengan petunjuk yang jelas, selain itu agar di kemudian hari jikalau terdapat pihak ketiga yang meragukan kesahihan ramalannya, Jucelino selalu mempublikasikan ramalan dengan tanggal dan peristiwa kejadian, meminta untuk disahkan biro notaris atau jawatan pos negara, sehingga memudahkan pihak lain melakukan pemeriksaan. Ramalan Jucelino secara beruntun terbukti Apabila orang atau makna yang ditemuinya di dalam mimpi termasuk urusan pribadi, ia hanya memberitahukan kepada yang bersangkutan, tetapi jika yang bersangkutan adalah seorang kepala nega...
Read more

Best Free Software

-
Image
PCMag as a leading PC magazine, has a lot of and up to date review for software and hardware, satisfied more newly curiosity about new hardware and software. Have latest information about new software update and more. At the end of this 2008 year PCMag give information about the best free software this year, please use the free software if you can't buy bundled of expensive software. Below the 157 list of free and good software, that had no license, expiration, problem nor fees, and no kidding -Says PC Mag, thanks for the information and list - Adobe Reader www.adobe.com Windows | MacOS | Linux | Mobile This simplest of Adobe's PDF programs lets you do just about anything PDF-related (besides create new ones), including online collaboration. It includes a host of features to aid users with disabilities. AIM www.aim.com Windows | MacOS | Linux | Web One of the most widely used pieces of free software ever, AOL Instant Messenger offers a ton of capabilities. Read our full ...
Read more

not about us

-
A little piece of something Falling gently down down down No one understands you like I do I'd rather be beside you Everything we know so well Tell me what you feel now Show me what you think of it
Read more