WARLOCK

Facebook : Threats and Opportunities

February 19, 2008 | Author: warlock | Filed under: Exploits,General,Security

Hi Everyone.. greetings.. from warlock.. Over the last week, another blogger buddy on our side : alchemist , finally managed to get me and doro, to get active on , the current craze on the cyberworld : Facebook. While , personally , I am not a fan of social networking, for obvious reasons as this [...]

Hi Everyone.. greetings.. from warlock..

Over the last week, another blogger buddy on our side : alchemist , finally managed to get me and doro, to get active on , the current craze on the cyberworld : Facebook.

facebook-warlock

While , personally , I am not a fan of social networking, for obvious reasons as this woman who denied her degree , In many cases, “dirt” from the cyberworld is often used against you , especially , when being called as an Expert Witness, I strongly urge everyone , to carefully “manage” their online “life” , especially when it comes to Social Networking Sites.

Before i get on to the actual core of this post, please allow me to rant on the following topic : Social Networks.

Well, In many parts of the world , Social Networks have become a craze, for some weird reason.. Well, perhaps its the avenue for some to meet friends they would not have been able to , in their normal course of lives, and for some it is a ‘hiding ground’ for unhealthy behaviors , such as “child molestation” “rape” “fake identities” “flirting especially when you’re married with three lovely kids”, and the list goes on and on…

Well, warlock, if you are so against , social networks , why did you guys register on facebook, you may ask…

Simple.. alchemist , actually “convinced” us , that facebook could be used as a corporate tool, to disseminate information, news, and to keep your “fans” together in one cohesive unit. Now , that sounds like a deal.. Well if its checking out a chic… warlock aint interested, buddy !

So anyway, we went on, registered a group on Facebook, and started messaging each other, and it seems the fun has just began … while i consider alchemist to be our Facebook Guru.. He has to advice, us lil Facebook newbies… on what’s cool and what’s not..

Now.. then of course doro, discovered you could actually upload pictures to Facebook ! Yeyy ! *wink* *ouch!* And better still, there are numerous Facebook Uploaders on Windows, Mac, etc…

“It works ! It works !” doro exclaimed !

“Yes , it does !” said another facebook newbie..

*okay..okay…that newbie is me..*

Now , here is the bitter truth.. While everything seems to blossom and it’s all rosy on the world of Facebook … there lies a bitter , sour, truth. Facebook Security.

From this post , on, I’d also start posting on various Facebook Exploits , as it blossoms. And here is something to start with..

On Window, Facebook, provides you with a Uploader that consists of the file : ImageUploader4.ocx 4.5.57.0 which is a part FaceBookPhotoUploader2.cab.

It is this file, that has a Remote Buffer Overflow Exploit, out in the wild.

Ton’s of Facebook users who consider themselves to be “safe” are being raped, relentlessly on the Net, with this exploit, and the word is , the variants of this exploits are yet to come !

Here is the Proof of Concept Code.


(0) Comments     Permalink farfromfearless

No comments as yet.

Anonymous - Gravatar

No comments have yet been made to this posting.

Leave A Comment

All fields marked with "*" are required.