Facebook Clickjacking/Likejacking Removal

Clickjacking or Likejacking..

In Clickjacking once the link is clicked, the attack then tricks victims into making a series of additional clicks, which give the attackers the ability to spam the malicious content on the victims wall and then starts the same cycle with your Friends & Friends of Friends.

Clickjacking may start it attacks in many ways through social networking sites specially Facebook. It'll either try to attract the user with appealing one liners like 

"I have never seen someone like this", 

"OMG The World's Worst Mcdonald Customer (Shocking Video and music..see more..)" followed by a shortened link, 

"10 things a girl does before going on her first date" 

"This Girl Has An Interesting Way Of Eating A Banana, Check It Out!"

"OMG This Guy Went A Little Too Far With His Revenge On His GirlFriend"

 " 101 Hottest Women in the World" with an image of Jessica Alba.....and many more...

If the message in a form of a facebook application then it'll try to trick you to click the Four letter Word "LIKE"..The danger starts after you click on the Like button and continue. These attackers usually create these facebook apps with an iframe which they layer invisible over the facebook site. Thats why it is also sometimes called iFraming or LikeJacking

These Clickjacker haven't done anything very dangerous but they can easily open backdoors for password stealing Trojans and other malwares. 

How to Know if i am Clickjacked

Keep checking your profile wall. If you see that messages with links are being sent out automatically from your profile to your friends then you can be sure that you are Clickjacked. Also check your "like" pages for applications and fanpages that you never joined. If not removed this Clickjacking may start collecting your personal and private information which leads to identity thefts.  

Clickjacks succeed because people tend to trust information given to them on social networking sites, especially if it appears to have won the approval of several friends. 

So the one and only advise to prevent this from happening: 

- Don't click on suspicious links, even if they've been sent or posted by friends," 

 - Users should  ignore requests from people they don't know. 

 - You should stay informed of Facebook's privacy settings and the changes they undergo

How to Remove Clickjacking Attacks

Step1: If you have already clicked on a link resulting in an addition to your "Likes and Interests" section of your profile, you can edit your "Likes and Interests" field by clicking "Edit My Profile" underneath your profile picture. Then, select "Likes and Interests" from the left column menu.

Step2: Delete the Page from NewsFeed..usually under Recent Activity.

Step3: Report it in Facebook Security Page: http://www.facebook.com/help/?page=420 

Step4: Search for Defensio Social Web Security in Facebook and join Defensio Fanpage. (You will have to Trust these applications and allow to access your private data.:-) Dont worry these are genuine apps)

The advantage of joining The Defensio Social Web Security is that everytime you make a mistake and click on an unwanted link it'll warn you and will ask you to remove it.

Step5: Run a scan using your anti-virus or download this tool and run a full scan.

http://fileforum.betanews.com/download/Malwarebytes-AntiMalware/1186760019/1

Step6: After running the scan follow the instructions and then restart the computer. Logon to your Facebook profile and send messages to your friends to avoid the mistake you did.

How to hide your Facebook friends list

Hide your Facebook Friend's List

Recently Chloe, a commenter on “How to Save Face: 6 Tips for Safer Facebooking“, asked, “How do I hide my friends to everyone?”

To hide your friends list on Facebook, you’ll need to do the following:

1. Go to the “Account” tab and select “Privacy Settings”

2. Under “Basic Directory Information” click “View Settings”

3. In the “See my friends” setting select “Customize”

4.Below “Make this visible to” select “Only Me”

You can also go to your “Profile” and click on the little pencil above your friends. You can select how many friends to show. But you can’t select 0.

To hide your list entirely you have to click “Change Visibility Settings” and end up at step 3 above.

Facebook makes it far too difficult to hide your friends. In the site’s defense, it’s not as hard to find as some of the site’s other opt-in features. And you’re probably not going on a social network to be anti-social. And if you need to hide your friends from even your friends, you’re adding the wrong people as friends.

But still, Facebook, c’mon! Put 0 as an option right on my profile. I may want to be social in different ways than the 550,000,000 other people on your site. Or maybe I want to protect my friends with intriguing politics. Or maybe I’m neurotic about the karma in connecting the wrong people. But give me the choice.

I admit it: I just can’t quit you, Facebook. But if you keep pushing me away, you’re eventually going to succeed. So every once in a while, surprise me! Error on the side of making it easy to control my privacy.

Read more @  http://safeandsavvy.f-secure.com/2010/10/27/how-to-hide-your-friends-list

How to Unlock any Blackberry Phone including New Security MEP4 9700 Bell...

Unlocking the Blackberry

Firefox Updates Fix 12 Vulnerabilities

Mozilla has released versions 3.6.11 and 3.5.14 of Firefox to address 12 vulnerabilities in nine updates.

Five of the updates are rated Critical, two High, one Moderate and one Low.

October 19, 2010

MFSA 2010-72 Insecure Diffie-Hellman key exchange
MFSA 2010-71 Unsafe library loading vulnerabilities
MFSA 2010-70 SSL wildcard certificate matching IP addresses
MFSA 2010-69 Cross-site information disclosure via modal calls
MFSA 2010-68 XSS in gopher parser when parsing hrefs
MFSA 2010-67 Dangling pointer vulnerability in LookupGetterOrSetter
MFSA 2010-66 Use-after-free error in nsBarProp
MFSA 2010-65 Buffer overflow and memory corruption using document.write
MFSA 2010-64 Miscellaneous memory safety hazards (rv:1.9.2.11/ 1.9.1.14)

Microsoft Issues Mega-Patch Batch

Another Mega-patch from Microsoft

Microsoft has released a very large set of updates to Windows, IE, Office. the .NET Framework and Microsoft server software.






16 updates address a total of 49 vulnerabilities, but only 5 of the vulnerabilities are rated Critical on any specific platform. Several of the vulnerabilities have already been publicly disclosed.
The four updates addressing a Critical vulnerability are as follows.

• MS10-071: Cumulative Security Update for Internet Explorer —10 vulnerabilities affecting all shipping versions of Internet Explorer are fixed in this update. The public beta of Internet Explorer 9 is not mentioned. Only two of the vulnerabilities are rated Critical on any configuration and one of those only on IE6 on Windows XP. The other Critical affects most versions of Windows critically and Microsoft's exploitability index rates it as likely to result in consistent exploit code. The other 8 vulnerabilities tend to have important mitigating factors. Two of them have already been disclosed publicly, but Microsoft rates those as unlikely to result in functioning exploit code.
• MS10-075: Vulnerability in Media Player Network Sharing Service Could Allow Remote Code Execution —The Microsoft Windows Media Player Network Sharing Service in Windows Vista and Windows 7 is vulnerable to a critical vulnerability which could be triggered across the network through a malicious packet. Interestingly, it is rated Critical on Windows 7 and only Important on Vista. The Media Player Network Sharing Service is not enabled by default in either version and—by default—access to home media devices is limited to the local subnet, so it shouldn't be remotely exploitable from the Internet.
• MS10-076: Vulnerability in the Embedded OpenType Font Engine Could Allow Remote Code Execution —The Embedded OpenType Font Engine on all versions of Windows (other than Server Core) is vulnerable to a remote code execution bug using a maliciously-crafted font. Microsoft says that ASLR makes the exploit much more difficult, if still possible.
• MS10-077: Vulnerability in .NET Framework Could Allow Remote Code Execution—On 64-bit systems the .NET Framework is vulnerable to a remote code execution vulnerability. It can allow a specially crafted .NET application to access memory in an unsafe manner.

The 10 updates with a maximum rating of Important are as follows:

• MS10-072: Vulnerabilities in SafeHTML Could Allow Information Disclosure—Windows SharePoint Services, Microsoft SharePoint Foundation, Microsoft SharePoint Server Microsoft Groove Server, and Microsoft Office Web Apps are vulnerable to two HTML sanitization vulnerabilities. These could result in information disclosure or cross-site scripting, but Microsoft says that functioning exploit code is unlikely.
• MS10-073: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege—All versions of Windows are affected by at least 2 of 3 vulnerabilities, all of which have been publicly exposed already and one of which is being exploited in the wild. All 3 require that the attacker have valid logon credentials and be able to log on locally, making this a difficult problem to exploit.
• MS10-078: Vulnerabilities in the OpenType Font (OTF) Format Driver Could Allow Elevation of Privilege—Two vulnerabilities in Windows XP and Server 2003 could allow code execution in kernel mode, but the attacker must have valid logon credentials and be able to log on locally.
• MS10-079: Vulnerabilities in Microsoft Word Could Allow Remote Code Execution—11 vulnerabilities affect Microsoft Word. Only Word 2002 is affected by all and only one - CVE-2010-3214 - affects more than a couple versions. But this one is a doozie. A stack overflow when handling a malicious Word document could lead to remote code execution.
• MS10-080: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution—Not to be outdone by Word, Excel gets 13 vulnerabilities disclosed in this update, affecting many versions including the Mac versions and viewers, but not Excel 2010.
• MS10-081: Vulnerability in Windows Common Control Library Could Allow Remote Code Execution—Almost all versions of Windows are affected by a heap overflow in the Common Control Library. The attack is committed through a 3rd party SVG (scalable vector graphics) viewer which must be installed on the system.
MS10-082: Vulnerability in Windows Media Player Could Allow Remote Code Execution—A specially-crafted web page could trigger a vulnerability in all versions of Windows Media Player.
• MS10-083: Vulnerability in COM Validation in Windows Shell and WordPad Could Allow Remote Code Execution —An error in how the Windows Shell and Wordpad validate COM object instantiation could lead to remote code execution.
• MS10-084: Vulnerability in Windows Local Procedure Call Could Cause Elevation of Privilege—Windows XP and Server 2003 are vulnerable to an elevation of privilege vulnerability exists in the Remote Procedure Call Subsystem (RPCSS).
• MS10-085: Vulnerability in SChannel Could Allow Denial of Service —Windows Vista, Windows 7 and Windows Server 2008 are vulnerable to a denial of service vulnerability in the processing of IIS client certificates.

2 vulnerabilities have a maximum rating of Moderate:

• MS10-074: Vulnerability in Microsoft Foundation Classes Could Allow Remote Code Execution—MFC has an error in the processing of Window titles.
• MS10-086: Vulnerability in Windows Shared Cluster Disks Could Allow Tampering—The Failover Cluster Manager user interface in Windows Server 2008 R2 has a tampering vulnerability in the handling of permissions on shared cluster disks.

Oracle Updates Java to Fix 29 Vulnerabilities

An update to Java from Oracle patches an ominous-looking set of vulnerabilities.

The new version Java 6 Update 22 (updates are also available for the 5.0 version of Java) fixes 29 vulnerabilities, 15 of which have a severity rating of 10.0 on the CVSSv2 scale, the highest possible score. This means that it doesn't get any more severe than these 15.

Beware the usual default selection of some other software you don't need or want, such as the Bing Toolbar or free McAfee scanner.

Take a look at the list of individual vulnerabilities on the list if you want to get a sense of just how serious this update is. CVSSv2 is a standard for rating characteristics and severity of vulnerabilities and it goes, in a sense, into too much detail.

Brian Krebs recently reported on how Java has become the top target for exploit writers, surpassing even Adobe products. Java is widely deployed on systems where the user has little or no knowledge that it's even there. Vulnerabilities in old versions allow drive-by compromise of the computer.

This latest set of vulnerabilities fits right in that tradition. Take CVE-2010-3563, called Sun Java Web Start BasicServiceImpl Remote Code Execution Vulnerability by TippingPoint's Zero Day Initiative.

'This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Sun Java Runtime. User interaction is required in that a target must visit a malicious page.' 

The description should say 'or a legitimate page that has been compromised by cross-site scripting or SQL injection or a compromised advertisement so as to include malicious script.

Patch now, or maybe just get rid of Java. I did this a while on one of my systems and it's mostly been OK, but there have been several instances where I have been seriously inconvenienced. Usually it's a site with some custom uploader written in Java.