HACKING MADE EASY

LEARN ETHICAL HACKING TO PREVENT BEING HACKED

 

  HOME                                                            WELCOME TO YOU                                          YOUR COMMENTS        CONTACT US

                  FOR MORE INFO CONTACT at   info@hackingmadeeasy.com or call at +91-8800646642                                  

ABOUT US           OUR BOOKS           HOW TO ORDER            SERVICES           HACKING OVERVIEW        HACKING TRICKS

 

 

 

   

Some Guy Figured Out How to Hack Into Any Facebook Profile

 

A white hat hacker in India says he found a way to hack into any Facebook user’s profile. Don’t freak out though! Like a good white hat, the hacker alerted Facebook to the disastrous loophole. Facebook paid him a $15,000 bug bounty. Seems small.

 

Anand Prakash is the aforementioned security engineer from India. In a blog post tauntingly titled “How I could have hacked all Facebook accounts,” Prakash explains how he discovered a way of exploiting Facebook’s “Forgot Password?” algorithm to force his way into anybody’s account and uploaded a proof-of-concept video that shows the exploit. Prakash also provided a screenshot of his bug bounty payment from Facebook.

Facebook, who’s worked with Prakash before to sniff out bugs, released the following statement to Gizmodo: “One of the most valuable benefits of bug bounty programs is the ability to find problems even before they reach production. We’re happy to recognize and reward Anand for his excellent report.”

 

As you probably know, if you’ve forgotten your password, Facebook will text or emailed a six-digit confirmation code to plug into the site so that you can reset the password and access your profile. Facebook allows people several attempts to enter the code correctly before they get locked out. It’s a technique called rate-limiting, which essentially prevents identity thieves from simply going down the list of all possible number combinations in order to eventually crack the code. This hacker technique is called brute forcing.

The problem is that Facebook’s beta sites (like beta.facebook.com) didn’t have that rate-limiting function in place. And so Prakash brute-forced his way into someone’s account since the beta site gave him an unlimited number of attempts to enter that six-digit confirmation code. Check out Prakash’s YouTube video for the whole play-by-play.

After successfully resetting the user’s password, Prakash says he was “able to view messages, his credit/debit cards stored under payment section, personal photos, etc.” This is exactly the type of data you wouldn’t want a hacker to steal.
 

Melanie Ensign, Security Communications rep at Facebook, told me in a phone interview that the bug was actually only in the wild for 72 hours—the beta site, too, is usually protected by brute force hacks that bypass rate-limiting. But the error appeared when Facebook was performing a system change on the back end, leaving the beta site temporarily vulnerable.

Prakash says he discovered the vulnerability and reported it to Facebook on February 22. By March 2, Facebook awarded him $15,000. Without confirmation from Facebook, there’s always the chance that this is some very elaborate hoax. However, Facebook does indeed have serious vulnerabilities and pays hackers a bounty for discovering them. A year ago, Gizmodo reported on a very similar sort of story about a white hat hacker and a bug that allowed him to delete any photo on the social network. Facebook confirmed that exploit and the resultant bounty after we published our story, so we’ll see what Zuck and company decide to do this time around.

 
 
 

 -----------------------------------------------------------------------------------------------------------------------------------------------------------   

Disclaimer : The information provided on this web pages are for educational purposes only. The author of this book or the CEO of this website is in no way responsible for any kind of damage resulted by the information given on this site or book. This does not have any hacking or cracking software on it. The soul purpose of this site and book is to make impart knowledge and make people aware of the security concern and make themselves ready towards safe computing.

 -----------------------------------------------------------------------------------------------------------------------------------------------------------   

HOME  |  ABOUT US   |  OUR BOOKS  | HOW TO ORDER | SERVICES | HACKING OVERVIEW | HACKING TRICKS | CONTACT US

Copyright © 2014-2015. www.hackingmadeeasy.com  Reproduction Strictly Prohibited. All Rights Reserved 

 

Clicky