Why register? ...To Enhance Your Experience
+ Reply to Thread
Page 2 of 3 FirstFirst 123 LastLast
Results 21 to 40 of 52

Thread: Facebook

  1. #21
    Forum Member nmfire's Avatar
    Join Date
    Nov 2002
    Location
    Maryland (DC Suburb)
    Posts
    5,738

    Default

    A huge number of people in your community have facebook. By establishing a presence on facebook, your department becomes visible and popular with the people you protect. You can show who you are and what you do. It's free PR. Websites are only good if the people want to search for it. With facebook, it lands in their lap with suggestions and news feeds. If you do it officially and in an intelligent controlled manner, it is excellent PR.

    The Explorers in our department use it as well, since nobody actually communicates by phone or in person anymore.
    Even the burger-flippers at McDonald's probably have some McWackers.


  2. #22
    Forum Member DeputyMarshal's Avatar
    Join Date
    Apr 2005
    Location
    Connecticut, USA
    Posts
    2,638

    Default

    Quote Originally Posted by ScareCrow57 View Post
    And as an after thought- Here is a link discussing this very issue Facebook security issues
    That article hardly raises to the level of "afterthought" since it's totally irrelevant to the subject at hand. It's about user issues with FB; predominantly posting private information that shouldn't be posted anywhere. About the only vaild secority advice on that site is to run current anti-virus and anti-malware software on your computer,
    "Nemo Plus Voluptatis Quam Nos Habant"

    The Code is more what you'd call "guidelines" than actual rules.

  3. #23
    Forum Member DeputyMarshal's Avatar
    Join Date
    Apr 2005
    Location
    Connecticut, USA
    Posts
    2,638

    Default

    Quote Originally Posted by ScareCrow57 View Post
    None taken. However I am a cyber security consultant with the number security company in the world, in addition I am a CISSP.

    Good for you. It's your job to make your customers unnecessarily paranoid. Some of us know better.

    Quote Originally Posted by ScareCrow57 View Post
    If you would like to give me your IP address I can take over your machine relatively easily.
    130.215.36.61

    Let me know how that works out for you.
    Last edited by DeputyMarshal; 07-12-2010 at 10:13 PM.
    "Nemo Plus Voluptatis Quam Nos Habant"

    The Code is more what you'd call "guidelines" than actual rules.

  4. #24
    Banned
    Join Date
    Jan 2008
    Posts
    8,677

    Default

    Quote Originally Posted by MarcusKspn View Post
    So since you are such a security hero, please explain this:



    Either you left your computer running without being physically present next to it, or you are simply lying. If someone in Africa was hacking your account and scamming people, you would not find yourself physically logged in to your computer. Unless of course somebody somehow got remote access to your computer, but that would never happen to a smart security guy like you. Of course leaving your computer running and having someone use it while you are gone would also never happen to a smart guy like you.

    Actually, the person who hacked the account did it remotely, I was actually watching the chat sessions as this person typed.

    Here is a URL that talks about it Facebook Scam: I'm Stranded In London. Send Money! And yes, I ALWAYS lock my computer when not at the keyboard, it's just a good practice.

    It was in fact a Face Book issue, I verified this by doing a Netstat and looking at who was connected to my machine.

    But stealing a well know scam that has been covered by every major and minor news outlet, and passing it off as some "personal experience", now that I could see happen....
    You apparently don't know anything about social engineering and the wealth of information about you that is freely available. There are tools, techniques, and methods that people use all the time to steal an identity.

    You don't have to take my word for it. Contact your local Information Security Officer (ISO). Most laypeople are quite clueless as to just how vulnerable they really are.
    Last edited by ScareCrow57; 07-13-2010 at 02:59 AM.

  5. #25
    Forum Member DeputyMarshal's Avatar
    Join Date
    Apr 2005
    Location
    Connecticut, USA
    Posts
    2,638

    Default

    Quote Originally Posted by ScareCrow57 View Post
    Actually, the person who hacked the account did it remotely, I was actually watching the chat sessions as this person typed.
    IOW, they probably didn't "hack" your facebook account at all. They used remote access software, which could have entered your system through any number of means other than facebook, to compromise your poorly secured laptop and then accessed facebook normally from there.

    Odds are you left facebook logged in with a persistant cookie so they didn't need your account nor password to access your account; you thoughtfully supplied it for them. (If they actually hacked your facebook account -- far more difficult to do -- they would most likely have logged into it from somewhere else and you wouldn't have witnessed the chat at all.)

    BTW, how are you making out with my IP? No nibbles at this end yet.
    "Nemo Plus Voluptatis Quam Nos Habant"

    The Code is more what you'd call "guidelines" than actual rules.

  6. #26
    MembersZone Subscriber voyager9's Avatar
    Join Date
    Jun 2004
    Location
    Southern NJ
    Posts
    2,007

    Default

    Quote Originally Posted by ScareCrow57 View Post
    And I use a strong password - 12 characters, Upper case and Lower case, numbers, and special characters.
    I'll go out on a limb and take a guess: #1ForumTroll

    I call BS on the rest of your diatribe as well. Unless someone was using a RDP/VNC vulnerability you wouldn't just see them using your computer.

    Besides, if they knew enough about you to get your FB credentials they'd know you don't have any friends.. or money..
    So you call this your free country
    Tell me why it costs so much to live
    -3dd

  7. #27
    MembersZone Subscriber
    Join Date
    Jan 2006
    Posts
    2,439

    Default

    Quote Originally Posted by ScareCrow57 View Post
    Actually, the person who hacked the account did it remotely, I was actually watching the chat sessions as this person typed.
    So somebody was able to gain access to your computer while you were logged off? Then guess the password to your computer, log on remotely using your credentials?

    IF the scenario is true the first thing that comes to my layperson mind is that you are leaving your computer logged on unattended, which even at home is a bad idea. That you leave your email, Facebook, and Firehouse account on the "remember me" setting, so when somebody does gain remote access to your machine they can just browse through your history and have access to all your personal data since you are already logged in. Why hack into your Facebook account using remote access, unless you are always logged on. Of course there is the question of how they got remote access in the first place. Downloading browser "tool-bars" or other programs, or playing those Flash and Facebook games that are evil. I am sure you have some awesome firewall and network security settings that prevented something like this in the first place. Let me guess, you are using Windows as well. I know quite a lot of IT guys, and almost none of them would get caught dead using one of the most hacked OS out there.

    Quote Originally Posted by ScareCrow57 View Post
    Here is a URL that talks about it Facebook Scam: I'm Stranded In London. Send Money! And yes, I ALWAYS lock my computer when not at the keyboard, it's just a good practice.
    I already know that it is a valid Facebook scam. I just stand by my opinion that you are trying to pass it off as an "it happened to me" story.

    Quote Originally Posted by ScareCrow57 View Post
    You apparently don't know anything about social engineering and the wealth of information about you that is freely available. There are tools, techniques, and methods that people use all the time to steal an identity.

    You don't have to take my word for it. Contact your local Information Security Officer (ISO). Most laypeople are quite clueless as to just how vulnerable they really are.
    I think most laypeople would be shocked that the Government is paying some contractor to protect it's IT network, when said contractor cannot even keep his own computer from getting hacked.
    "They who can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety." -- Benjamin Franklin

  8. #28
    Banned
    Join Date
    Jan 2008
    Posts
    8,677

    Default

    Quote Originally Posted by DeputyMarshal View Post
    IOW, they probably didn't "hack" your facebook account at all. They used remote access software, which could have entered your system through any number of means other than facebook, to compromise your poorly secured laptop and then accessed facebook normally from there.

    Odds are you left facebook logged in with a persistant cookie so they didn't need your account nor password to access your account; you thoughtfully supplied it for them. (If they actually hacked your facebook account -- far more difficult to do -- they would most likely have logged into it from somewhere else and you wouldn't have witnessed the chat at all.)

    BTW, how are you making out with my IP? No nibbles at this end yet.
    You didn't read. I did a netstat to see who was connected. No one was connected. It is a common facebook hack and facebook knows about it, they in fact disabled the account and I had to create a new password.

  9. #29
    Banned
    Join Date
    Jan 2008
    Posts
    8,677

    Default

    Quote Originally Posted by voyager9 View Post
    I'll go out on a limb and take a guess: #1ForumTroll

    I call BS on the rest of your diatribe as well. Unless someone was using a RDP/VNC vulnerability you wouldn't just see them using your computer.
    Actually there are numerous backdoors and trojans that take advantage of many vulnerabilities. The netstat command shows all active connections and it would reveal any connections that appeared suspicious.

    Besides, if they knew enough about you to get your FB credentials they'd know you don't have any friends.. or money..
    On that point you are correct.

  10. #30
    Banned
    Join Date
    Jan 2008
    Posts
    8,677

    Default

    Quote Originally Posted by MarcusKspn View Post
    So somebody was able to gain access to your computer while you were logged off? Then guess the password to your computer, log on remotely using your credentials?
    NOPE!!! They never accessed my computer. They accessed the facebook account.

    IF the scenario is true the first thing that comes to my layperson mind is that you are leaving your computer logged on unattended, which even at home is a bad idea. That you leave your email, Facebook, and Firehouse account on the "remember me" setting, so when somebody does gain remote access to your machine they can just browse through your history and have access to all your personal data since you are already logged in. Why hack into your Facebook account using remote access, unless you are always logged on. Of course there is the question of how they got remote access in the first place. Downloading browser "tool-bars" or other programs, or playing those Flash and Facebook games that are evil. I am sure you have some awesome firewall and network security settings that prevented something like this in the first place. Let me guess, you are using Windows as well. I know quite a lot of IT guys, and almost none of them would get caught dead using one of the most hacked OS out there.



    I already know that it is a valid Facebook scam. I just stand by my opinion that you are trying to pass it off as an "it happened to me" story.



    I think most laypeople would be shocked that the Government is paying some contractor to protect it's IT network, when said contractor cannot even keep his own computer from getting hacked.

    Again, my computer was not hacked. It is behind a Cisco firewall, then a router, then there is the Syamntec Internet Security on the local host.

    The point is these social networking sites are very dangerous. In fact, the very forum boards used at firehouse are susceptible to a few exploits.

  11. #31
    MembersZone Subscriber
    Join Date
    Jan 2006
    Posts
    2,439

    Default

    And how the story changes:

    Quote Originally Posted by ScareCrow57 View Post
    I got up one morning around 7, logged not my system, and my facebook page was up. Some body was chatting with my friends who were online telling them I was in London and needed money.
    Unless the Facebook page got accessed via your computer, it would not be "up" on your computer. But just to clarify here is your next reply.

    Quote Originally Posted by ScareCrow57 View Post
    Actually, the person who hacked the account did it remotely, I was actually watching the chat sessions as this person typed.
    Even if I connect to my facebook on my Laptop and my Desktop, running both from behind the same firewall, I will not be able to see the actions from one computer on the other. The only way you were "watching" the chat sessions was if that person typed while using your computer remotely.

    But then you did a 180 when I pointed out that it must make you a pretty bad IT Security Expert if you can't even keep your own computer from getting hacked.

    Quote Originally Posted by ScareCrow57 View Post
    NOPE!!! They never accessed my computer. They accessed the facebook account.
    So I stand with my original two scenarios:

    1. You never got hacked, you only regurgitated a well known Facebook exploit trying to pass it off as a personal experience, but were unable to keep your story straight on how it happened, and are now backtracking while getting tangled up more in your little web of lies.

    2. You truly are a crappy IT Security Wanna-be and really did manage to get your computer hacked. In that case you should get a refund on your Diploma-Mill IT Degree
    "They who can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety." -- Benjamin Franklin

  12. #32
    Forum Member DeputyMarshal's Avatar
    Join Date
    Apr 2005
    Location
    Connecticut, USA
    Posts
    2,638

    Default

    Quote Originally Posted by ScareCrow57 View Post
    You didn't read. I did a netstat to see who was connected. No one was connected. It is a common facebook hack and facebook knows about it, they in fact disabled the account and I had to create a new password.
    Of course they disabled the account and you had to change passwords. That's standard for any account that's been compromised. The problem is that you're the only one who seems to think this was a facebook hack rather than a good old fashioned back door trojan hitting a poorly secured system.

    Netstat is a nice quick and dirty check but it's hardly an exhaustive check on every open port on the PC. You got backdoored and lost control of your PC. That's far more likely to be a non-facebook breach than a facebook hack.
    "Nemo Plus Voluptatis Quam Nos Habant"

    The Code is more what you'd call "guidelines" than actual rules.

  13. #33
    Forum Member DeputyMarshal's Avatar
    Join Date
    Apr 2005
    Location
    Connecticut, USA
    Posts
    2,638

    Default

    Quote Originally Posted by ScareCrow57 View Post
    NOPE!!! They never accessed my computer. They accessed the facebook account.
    If you were watching it in chat on your computer, your computer was compromised.

    Quote Originally Posted by ScareCrow57 View Post
    The point is these social networking sites are very dangerous.
    The fact is that the top tier social networking sites have better security in place than many other websites. They can't afford not to. To date, one serious security hole has been identified on facebook. It was patched within hours.
    "Nemo Plus Voluptatis Quam Nos Habant"

    The Code is more what you'd call "guidelines" than actual rules.

  14. #34
    MembersZone Subscriber voyager9's Avatar
    Join Date
    Jun 2004
    Location
    Southern NJ
    Posts
    2,007

    Default

    Quote Originally Posted by DeputyMarshal View Post
    The fact is that the top tier social networking sites have better security in place than many other websites. They can't afford not to. To date, one serious security hole has been identified on facebook. It was patched within hours.
    Not that I disagree with you about our resident IT expert but FaceBook isn't exactly very high on the security pedestal. Even if you ignore some of their latent security vulnerabilities (some they have patched, some they haven't), all of it is trumped by their acknowledged privacy policies. Who cares if someone can "hack" your account to access your data when FB will sell it to them for cheap?
    So you call this your free country
    Tell me why it costs so much to live
    -3dd

  15. #35
    Forum Member DeputyMarshal's Avatar
    Join Date
    Apr 2005
    Location
    Connecticut, USA
    Posts
    2,638

    Default

    Quote Originally Posted by voyager9 View Post
    FaceBook isn't exactly very high on the security pedestal.
    I don't disagree but then it doesn't really need to be an uber-high security site anyway, IMHO. The biggest "security" problem facebook has is that some of its users tend to naively "overshare" and post information that they shouldn't. On top of that most fail to use the extensive privacy settings that are available to limit who sees what...

    If would be wrong to assume that facebook insures total privacy of what you post there or that it's 100% secure against a determined hacker. But it's no pushover either.
    "Nemo Plus Voluptatis Quam Nos Habant"

    The Code is more what you'd call "guidelines" than actual rules.

  16. #36
    MembersZone Subscriber voyager9's Avatar
    Join Date
    Jun 2004
    Location
    Southern NJ
    Posts
    2,007

    Default

    Quote Originally Posted by DeputyMarshal View Post
    I don't disagree but then it doesn't really need to be an uber-high security site anyway, IMHO. The biggest "security" problem facebook has is that some of its users tend to naively "overshare" and post information that they shouldn't. On top of that most fail to use the extensive privacy settings that are available to limit who sees what...
    Case in point: Robin Sage
    Social networking experiment of phony female military intelligence profile fooled even the most security-savvy on LinkedIn, Facebook, Twitter -- and also led to the leakage of sensitive military information
    In this case a Ranger in AFG accepted the friend request and had photos that were geotagged. Of course the actual "leak" was allowing the photos to be geotagged in the first place and posted online (anywhere).
    So you call this your free country
    Tell me why it costs so much to live
    -3dd

  17. #37
    Forum Member adamifrd's Avatar
    Join Date
    Jul 2010
    Location
    San Diego County
    Posts
    12

    Default

    Getting back to the Facebook topic instead of internet security and hacking:

    Facebook is a great additional tool, probably more so for VFDs. Allows you to reach out to more people and on a more regular basis compared to just a website. People check FB daily but would rarely visit your dept site that frequently.

    If you're paranoid about security, then don't use it. All the info posted on FB should obviously be for public release.

    Here's our Dept FB:
    http://www.facebook.com/pages/Ramona...04431256263704

    Using it primarily to share pictures & videos of community and PR events, as well as share our recent calls.

    ______
    Regards


    - Adam



    Fire Service Web Design - Video Production - Photography

    --------------------------------------------------------------------------------

  18. #38
    Banned
    Join Date
    Jan 2008
    Posts
    8,677

    Default

    Quote Originally Posted by MarcusKspn View Post
    And how the story changes:



    Unless the Facebook page got accessed via your computer, it would not be "up" on your computer. But just to clarify here is your next reply.



    Even if I connect to my facebook on my Laptop and my Desktop, running both from behind the same firewall, I will not be able to see the actions from one computer on the other. The only way you were "watching" the chat sessions was if that person typed while using your computer remotely.

    But then you did a 180 when I pointed out that it must make you a pretty bad IT Security Expert if you can't even keep your own computer from getting hacked.



    So I stand with my original two scenarios:

    1. You never got hacked, you only regurgitated a well known Facebook exploit trying to pass it off as a personal experience, but were unable to keep your story straight on how it happened, and are now backtracking while getting tangled up more in your little web of lies.

    2. You truly are a crappy IT Security Wanna-be and really did manage to get your computer hacked. In that case you should get a refund on your Diploma-Mill IT Degree
    Well you are wrong. I am not sure how facebook chat works but I assume it is similar to IRC chat. Either way, I used netstat which shows the incoming and outgoing connections. There were no unusual connections. I am only telling you what I saw. And if you don't believe me Google it, you will see it has happened to many folks. The only thing affected was my facebook account.

  19. #39
    Banned
    Join Date
    Jan 2008
    Posts
    8,677

    Default

    Quote Originally Posted by DeputyMarshal View Post
    If you were watching it in chat on your computer, your computer was compromised.



    The fact is that the top tier social networking sites have better security in place than many other websites. They can't afford not to. To date, one serious security hole has been identified on facebook. It was patched within hours.
    Tell you what. Since you are too lazy to look yourself.

    Five hidden dangers of Facebook (Q&A)
    Facebook Security Flaw Publicizes Private Chats
    Report: Bad guys go social; Facebook tops security risk list
    Security Issues Could Force Facebook to Slow Down Product Development

    There are many more but these should keep you busy for a couple of days.

    My suspicion is that there was some sort of cross site scripting (XSS) or perhaps a Man in the Middle attack.

  20. #40
    Forum Member DeputyMarshal's Avatar
    Join Date
    Apr 2005
    Location
    Connecticut, USA
    Posts
    2,638

    Default

    Quote Originally Posted by ScareCrow57 View Post
    There are many more but these should keep you busy for a couple of days.
    Apparently I read quite a bit faster than you do. It only took a few minutes. The vast majority of the problems related in those articles are privacy concerns which no senseible user would have -- not site/software security issues. (With the exception of the single issue I already alluded to.) You really ought to have read the articles before you selected them since they don't support your position very well.

    Quote Originally Posted by ScareCrow57 View Post
    My suspicion is that there was some sort of cross site scripting (XSS) or perhaps a Man in the Middle attack.
    It clearly wasn't a MITM since the chat was visibly active on your PC. The only way that would happen would be for someone to be actively controlling your poorly secured laptop. The number one suspect would be a backdoor trojan that you could have picked up anywhere.

    Give it up. You aren't winning any converts.

    BTW, I'm still waiting for you to "take over my machine." Did you need my IP again?
    "Nemo Plus Voluptatis Quam Nos Habant"

    The Code is more what you'd call "guidelines" than actual rules.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Facebook Page
    By FirehouseEvents in forum Firehouse Expo
    Replies: 0
    Last Post: 05-26-2010, 09:36 AM
  2. Dive Rescue International on FACEBOOK and TWITTER
    By BladesRobinson in forum Underwater Rescue and Recovery
    Replies: 0
    Last Post: 01-18-2010, 01:24 PM
  3. Rescue Divers rescue woman from submerged vehicle in Evansville, IN
    By BladesRobinson in forum Underwater Rescue and Recovery
    Replies: 5
    Last Post: 01-18-2010, 12:54 PM
  4. Facebook
    By rmhinkle in forum Emergency (& Non) Entertainment
    Replies: 29
    Last Post: 08-02-2006, 01:02 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts