magro - Slashdot User

Submission + - facebook clickjacking that still works (fernandomagro.com)

Submitted by

magro

on Saturday February 19, 2011 @08:13AM

magro writes: "It's still possible to visit a website and be a victim of facebook clickjacking (STEALING facebook likes) just by clicking links in a page. The malicious website may hide a very low opacity facebook button that follows the mouse when the user hovers a link. When warez hits the social networks we should expect to see this technique used in such things as huge image galleries or fake file downloads (where a lot of clicking takes place). At the end of the day, we'll have a facebook like in our account for each click we did on those websites."

Comment Re:chatroulette espionage (Score 1) 194

by magro on Wednesday July 28, 2010 @04:59AM (#33054238) Attached to: Chatroulette To Log IP Addresses, Take Screenshots

Yeah, that too! The problem is not capturing the streams because that can be done like you said with screen recording or even webcam recording, the most difficult part is injecting a stream as if it were your webcam and then synchronizing the streams so that when you're "nexted" you immediately find another chatroulette user so it seems transparent to the users being eavesdropped. Anyway, you're absolutely right, chatroulette is not private at all.

Comment chatroulette espionage (Score 5, Interesting) 194

by magro on Tuesday July 27, 2010 @11:57AM (#33046156) Attached to: Chatroulette To Log IP Addresses, Take Screenshots

You might not be aware of this but any user can collect IP addresses and record ENTIRE video footage from random chatroulette users. I explained how in my blog http://fernandomagro.com/security/chatroulette-espionage/ . Anyway the concept is really simple because an attacker can open an even number of connections to chatroulette (2,4,6,etc) and then redirect the streams to each other. Say, I open connection1 and connection2 then I capture stream from connection2 and dump it as my primary webcam to connection1 and I capture connection1 and dump it as my secondary webcam to connection2. Only a tiny bit of linux hacking is needed.

Submission + - Chatroulette espionage is possible

Submitted by magro on Wednesday June 02, 2010 @05:18PM

magro writes: chatroulette espionage is possible due to a design error of the whole concept of pairing random video streams without any verification. As such, chatroulette is prone to a man-in-the-middle attack in which there is no obvious programming flaw, but the concept itself is flawed! Hence, it’s possible to open two chatroulette connections and transparently share data between them without both peers ever knowing. The actual vulnerability relies in the fact that everything is anonymous and there's no way to verify if the video/audio/text you're seeing is actually coming from a specific computer. Thus, the only thing needed is tunneling streams! Now, this also opens the door to a much bigger problem, because it's also possible to apply this concept to thousands of computers engaging in MILLIONS of connections to chatroulette and thereby eavesdropping almost every connection going on in chatroulette.

Bookmark slashdot - mapyourinfo.com (mapyourinfo.com)

by magro on Monday March 08, 2010 @01:50PM

Time To Take the Internet Seriously 175

Posted by kdawson on Sunday March 07, 2010 @11:39PM from the weather-eye dept.

santosh maharshi passes along an article on Edge by David Gelernter, the man who (according to the introduction) predicted the Web and first described cloud computing; he's also a Unabomber survivor. Gelernter makes 35 predictions and assertions, some brilliant, some dubious. "6. We know that the Internet creates 'information overload,' a problem with two parts: increasing number of information sources and increasing information flow per source. The first part is harder: it's more difficult to understand five people speaking simultaneously than one person talking fast — especially if you can tell the one person to stop temporarily, or go back and repeat. Integrating multiple information sources is crucial to solving information overload. Blogs and other anthology-sites integrate information from many sources. But we won't be able to solve the overload problem until each Internet user can choose for himself what sources to integrate, and can add to this mix the most important source of all: his own personal information — his email and other messages, reminders and documents of all sorts. To accomplish this, we merely need to turn the whole Cybersphere on its side, so that time instead of space is the main axis. ... 14. The structure called a cyberstream or lifestream is better suited to the Internet than a conventional website because it shows information-in-motion, a rushing flow of fresh information instead of a stagnant pool."

Facebook Founder Accused of Hacking Into Rivals' Email 261

Posted by kdawson on Sunday March 07, 2010 @09:28PM from the what-we-in-bitter-tears-did-sow dept.

An anonymous reader notes a long piece up at BusinessInsider.com accusing Facebook founder Mark Zuckerberg of hacking into the email accounts of rivals and journalists. The CEO of the world's most successful social networking website was accused of at least two breaches of privacy. In a two-year investigation detailing the founding of Facebook, Nicholas Carlson, a senior editor at Silicon Alley Insider, uncovered what he claimed was evidence of the hackings in 2004. "New information uncovered by Silicon Alley Insider suggests that some of the complaints [in a court case ongong since 2007] against Mark Zuckerberg are valid. It also suggests that, on at least one occasion in 2004, Mark used private login data taken from Facebook's servers to break into Facebook members' private email accounts and read their emails — at best, a gross misuse of private information. Lastly, it suggests that Mark hacked into the competing company's systems and changed some user information with the aim of making the site less useful. ... Over the past two years, we have interviewed more than a dozen sources familiar with aspects of this story — including people involved in the founding year of the company. We have also reviewed what we believe to be some relevant IMs and emails from the period. Much of this information has never before been made public. None of it has been confirmed or authenticated by Mark or the company." The single-page view doesn't have its own URL; click on "View as one page" near the bottom.

Submission + - New way to interact with wikipedia (mapyourinfo)

Submitted by magro on Sunday March 07, 2010 @10:28AM

magro writes: IC21 recently launched a free product that can change the way we look at information — mapyourinfo. It's focused on data visualization and allows us to browse wikipedia with the content displayed in a mindmap! Although the technology already existed and they didn't actually bring something completely new, mapyourinfo allows browsing wikipedia and translating everything as we go, from content to search keywords. This being, we can write something in english and search chinese content which is displayed also in english. For example, you can see the slashdot wikipedia page in a mindmap, but if we were chinese, we would like to translate it to slashdot chinese or any other language!

Slashdot Top Deals