Thread: Facebook

  1. #26
    MembersZone Subscriber
    voyager9's Avatar
    Join Date
    Jun 2004
    Location
    Southern NJ
    Posts
    2,007

    Default

    Quote Originally Posted by ScareCrow57 View Post
    And I use a strong password - 12 characters, Upper case and Lower case, numbers, and special characters.
    I'll go out on a limb and take a guess: #1ForumTroll

    I call BS on the rest of your diatribe as well. Unless someone was using a RDP/VNC vulnerability you wouldn't just see them using your computer.

    Besides, if they knew enough about you to get your FB credentials they'd know you don't have any friends.. or money..
    So you call this your free country
    Tell me why it costs so much to live
    -3dd

  2. #27
    MembersZone Subscriber

    Join Date
    Jan 2006
    Posts
    2,439

    Default

    Quote Originally Posted by ScareCrow57 View Post
    Actually, the person who hacked the account did it remotely, I was actually watching the chat sessions as this person typed.
    So somebody was able to gain access to your computer while you were logged off? Then guess the password to your computer, log on remotely using your credentials?

    IF the scenario is true the first thing that comes to my layperson mind is that you are leaving your computer logged on unattended, which even at home is a bad idea. That you leave your email, Facebook, and Firehouse account on the "remember me" setting, so when somebody does gain remote access to your machine they can just browse through your history and have access to all your personal data since you are already logged in. Why hack into your Facebook account using remote access, unless you are always logged on. Of course there is the question of how they got remote access in the first place. Downloading browser "tool-bars" or other programs, or playing those Flash and Facebook games that are evil. I am sure you have some awesome firewall and network security settings that prevented something like this in the first place. Let me guess, you are using Windows as well. I know quite a lot of IT guys, and almost none of them would get caught dead using one of the most hacked OS out there.

    Quote Originally Posted by ScareCrow57 View Post
    Here is a URL that talks about it Facebook Scam: I'm Stranded In London. Send Money! And yes, I ALWAYS lock my computer when not at the keyboard, it's just a good practice.
    I already know that it is a valid Facebook scam. I just stand by my opinion that you are trying to pass it off as an "it happened to me" story.

    Quote Originally Posted by ScareCrow57 View Post
    You apparently don't know anything about social engineering and the wealth of information about you that is freely available. There are tools, techniques, and methods that people use all the time to steal an identity.

    You don't have to take my word for it. Contact your local Information Security Officer (ISO). Most laypeople are quite clueless as to just how vulnerable they really are.
    I think most laypeople would be shocked that the Government is paying some contractor to protect it's IT network, when said contractor cannot even keep his own computer from getting hacked.
    "They who can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety." -- Benjamin Franklin

  3. #28
    Banned

    Join Date
    Jan 2008
    Posts
    8,677

    Default

    Quote Originally Posted by DeputyMarshal View Post
    IOW, they probably didn't "hack" your facebook account at all. They used remote access software, which could have entered your system through any number of means other than facebook, to compromise your poorly secured laptop and then accessed facebook normally from there.

    Odds are you left facebook logged in with a persistant cookie so they didn't need your account nor password to access your account; you thoughtfully supplied it for them. (If they actually hacked your facebook account -- far more difficult to do -- they would most likely have logged into it from somewhere else and you wouldn't have witnessed the chat at all.)

    BTW, how are you making out with my IP? No nibbles at this end yet.
    You didn't read. I did a netstat to see who was connected. No one was connected. It is a common facebook hack and facebook knows about it, they in fact disabled the account and I had to create a new password.

  4. #29
    Banned

    Join Date
    Jan 2008
    Posts
    8,677

    Default

    Quote Originally Posted by voyager9 View Post
    I'll go out on a limb and take a guess: #1ForumTroll

    I call BS on the rest of your diatribe as well. Unless someone was using a RDP/VNC vulnerability you wouldn't just see them using your computer.
    Actually there are numerous backdoors and trojans that take advantage of many vulnerabilities. The netstat command shows all active connections and it would reveal any connections that appeared suspicious.

    Besides, if they knew enough about you to get your FB credentials they'd know you don't have any friends.. or money..
    On that point you are correct.

  5. #30
    Banned

    Join Date
    Jan 2008
    Posts
    8,677

    Default

    Quote Originally Posted by MarcusKspn View Post
    So somebody was able to gain access to your computer while you were logged off? Then guess the password to your computer, log on remotely using your credentials?
    NOPE!!! They never accessed my computer. They accessed the facebook account.

    IF the scenario is true the first thing that comes to my layperson mind is that you are leaving your computer logged on unattended, which even at home is a bad idea. That you leave your email, Facebook, and Firehouse account on the "remember me" setting, so when somebody does gain remote access to your machine they can just browse through your history and have access to all your personal data since you are already logged in. Why hack into your Facebook account using remote access, unless you are always logged on. Of course there is the question of how they got remote access in the first place. Downloading browser "tool-bars" or other programs, or playing those Flash and Facebook games that are evil. I am sure you have some awesome firewall and network security settings that prevented something like this in the first place. Let me guess, you are using Windows as well. I know quite a lot of IT guys, and almost none of them would get caught dead using one of the most hacked OS out there.



    I already know that it is a valid Facebook scam. I just stand by my opinion that you are trying to pass it off as an "it happened to me" story.



    I think most laypeople would be shocked that the Government is paying some contractor to protect it's IT network, when said contractor cannot even keep his own computer from getting hacked.

    Again, my computer was not hacked. It is behind a Cisco firewall, then a router, then there is the Syamntec Internet Security on the local host.

    The point is these social networking sites are very dangerous. In fact, the very forum boards used at firehouse are susceptible to a few exploits.

  6. #31
    MembersZone Subscriber

    Join Date
    Jan 2006
    Posts
    2,439

    Default

    And how the story changes:

    Quote Originally Posted by ScareCrow57 View Post
    I got up one morning around 7, logged not my system, and my facebook page was up. Some body was chatting with my friends who were online telling them I was in London and needed money.
    Unless the Facebook page got accessed via your computer, it would not be "up" on your computer. But just to clarify here is your next reply.

    Quote Originally Posted by ScareCrow57 View Post
    Actually, the person who hacked the account did it remotely, I was actually watching the chat sessions as this person typed.
    Even if I connect to my facebook on my Laptop and my Desktop, running both from behind the same firewall, I will not be able to see the actions from one computer on the other. The only way you were "watching" the chat sessions was if that person typed while using your computer remotely.

    But then you did a 180 when I pointed out that it must make you a pretty bad IT Security Expert if you can't even keep your own computer from getting hacked.

    Quote Originally Posted by ScareCrow57 View Post
    NOPE!!! They never accessed my computer. They accessed the facebook account.
    So I stand with my original two scenarios:

    1. You never got hacked, you only regurgitated a well known Facebook exploit trying to pass it off as a personal experience, but were unable to keep your story straight on how it happened, and are now backtracking while getting tangled up more in your little web of lies.

    2. You truly are a crappy IT Security Wanna-be and really did manage to get your computer hacked. In that case you should get a refund on your Diploma-Mill IT Degree
    "They who can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety." -- Benjamin Franklin

  7. #32
    Forum Member
    DeputyMarshal's Avatar
    Join Date
    Apr 2005
    Location
    Connecticut, USA
    Posts
    2,638

    Default

    Quote Originally Posted by ScareCrow57 View Post
    You didn't read. I did a netstat to see who was connected. No one was connected. It is a common facebook hack and facebook knows about it, they in fact disabled the account and I had to create a new password.
    Of course they disabled the account and you had to change passwords. That's standard for any account that's been compromised. The problem is that you're the only one who seems to think this was a facebook hack rather than a good old fashioned back door trojan hitting a poorly secured system.

    Netstat is a nice quick and dirty check but it's hardly an exhaustive check on every open port on the PC. You got backdoored and lost control of your PC. That's far more likely to be a non-facebook breach than a facebook hack.
    "Nemo Plus Voluptatis Quam Nos Habant"

    The Code is more what you'd call "guidelines" than actual rules.

  8. #33
    Forum Member
    DeputyMarshal's Avatar
    Join Date
    Apr 2005
    Location
    Connecticut, USA
    Posts
    2,638

    Default

    Quote Originally Posted by ScareCrow57 View Post
    NOPE!!! They never accessed my computer. They accessed the facebook account.
    If you were watching it in chat on your computer, your computer was compromised.

    Quote Originally Posted by ScareCrow57 View Post
    The point is these social networking sites are very dangerous.
    The fact is that the top tier social networking sites have better security in place than many other websites. They can't afford not to. To date, one serious security hole has been identified on facebook. It was patched within hours.
    "Nemo Plus Voluptatis Quam Nos Habant"

    The Code is more what you'd call "guidelines" than actual rules.

  9. #34
    MembersZone Subscriber
    voyager9's Avatar
    Join Date
    Jun 2004
    Location
    Southern NJ
    Posts
    2,007

    Default

    Quote Originally Posted by DeputyMarshal View Post
    The fact is that the top tier social networking sites have better security in place than many other websites. They can't afford not to. To date, one serious security hole has been identified on facebook. It was patched within hours.
    Not that I disagree with you about our resident IT expert but FaceBook isn't exactly very high on the security pedestal. Even if you ignore some of their latent security vulnerabilities (some they have patched, some they haven't), all of it is trumped by their acknowledged privacy policies. Who cares if someone can "hack" your account to access your data when FB will sell it to them for cheap?
    So you call this your free country
    Tell me why it costs so much to live
    -3dd

  10. #35
    Forum Member
    DeputyMarshal's Avatar
    Join Date
    Apr 2005
    Location
    Connecticut, USA
    Posts
    2,638

    Default

    Quote Originally Posted by voyager9 View Post
    FaceBook isn't exactly very high on the security pedestal.
    I don't disagree but then it doesn't really need to be an uber-high security site anyway, IMHO. The biggest "security" problem facebook has is that some of its users tend to naively "overshare" and post information that they shouldn't. On top of that most fail to use the extensive privacy settings that are available to limit who sees what...

    If would be wrong to assume that facebook insures total privacy of what you post there or that it's 100% secure against a determined hacker. But it's no pushover either.
    "Nemo Plus Voluptatis Quam Nos Habant"

    The Code is more what you'd call "guidelines" than actual rules.

  11. #36
    MembersZone Subscriber
    voyager9's Avatar
    Join Date
    Jun 2004
    Location
    Southern NJ
    Posts
    2,007

    Default

    Quote Originally Posted by DeputyMarshal View Post
    I don't disagree but then it doesn't really need to be an uber-high security site anyway, IMHO. The biggest "security" problem facebook has is that some of its users tend to naively "overshare" and post information that they shouldn't. On top of that most fail to use the extensive privacy settings that are available to limit who sees what...
    Case in point: Robin Sage
    Social networking experiment of phony female military intelligence profile fooled even the most security-savvy on LinkedIn, Facebook, Twitter -- and also led to the leakage of sensitive military information
    In this case a Ranger in AFG accepted the friend request and had photos that were geotagged. Of course the actual "leak" was allowing the photos to be geotagged in the first place and posted online (anywhere).
    So you call this your free country
    Tell me why it costs so much to live
    -3dd

  12. #37
    Forum Member
    adamifrd's Avatar
    Join Date
    Jul 2010
    Location
    San Diego County
    Posts
    12

    Default

    Getting back to the Facebook topic instead of internet security and hacking:

    Facebook is a great additional tool, probably more so for VFDs. Allows you to reach out to more people and on a more regular basis compared to just a website. People check FB daily but would rarely visit your dept site that frequently.

    If you're paranoid about security, then don't use it. All the info posted on FB should obviously be for public release.

    Here's our Dept FB:
    http://www.facebook.com/pages/Ramona...04431256263704

    Using it primarily to share pictures & videos of community and PR events, as well as share our recent calls.

    ______
    Regards


    - Adam



    Fire Service Web Design - Video Production - Photography

    --------------------------------------------------------------------------------

  13. #38
    Banned

    Join Date
    Jan 2008
    Posts
    8,677

    Default

    Quote Originally Posted by MarcusKspn View Post
    And how the story changes:



    Unless the Facebook page got accessed via your computer, it would not be "up" on your computer. But just to clarify here is your next reply.



    Even if I connect to my facebook on my Laptop and my Desktop, running both from behind the same firewall, I will not be able to see the actions from one computer on the other. The only way you were "watching" the chat sessions was if that person typed while using your computer remotely.

    But then you did a 180 when I pointed out that it must make you a pretty bad IT Security Expert if you can't even keep your own computer from getting hacked.



    So I stand with my original two scenarios:

    1. You never got hacked, you only regurgitated a well known Facebook exploit trying to pass it off as a personal experience, but were unable to keep your story straight on how it happened, and are now backtracking while getting tangled up more in your little web of lies.

    2. You truly are a crappy IT Security Wanna-be and really did manage to get your computer hacked. In that case you should get a refund on your Diploma-Mill IT Degree
    Well you are wrong. I am not sure how facebook chat works but I assume it is similar to IRC chat. Either way, I used netstat which shows the incoming and outgoing connections. There were no unusual connections. I am only telling you what I saw. And if you don't believe me Google it, you will see it has happened to many folks. The only thing affected was my facebook account.

  14. #39
    Banned

    Join Date
    Jan 2008
    Posts
    8,677

    Default

    Quote Originally Posted by DeputyMarshal View Post
    If you were watching it in chat on your computer, your computer was compromised.



    The fact is that the top tier social networking sites have better security in place than many other websites. They can't afford not to. To date, one serious security hole has been identified on facebook. It was patched within hours.
    Tell you what. Since you are too lazy to look yourself.

    Five hidden dangers of Facebook (Q&A)
    Facebook Security Flaw Publicizes Private Chats
    Report: Bad guys go social; Facebook tops security risk list
    Security Issues Could Force Facebook to Slow Down Product Development

    There are many more but these should keep you busy for a couple of days.

    My suspicion is that there was some sort of cross site scripting (XSS) or perhaps a Man in the Middle attack.

  15. #40
    Forum Member
    DeputyMarshal's Avatar
    Join Date
    Apr 2005
    Location
    Connecticut, USA
    Posts
    2,638

    Default

    Quote Originally Posted by ScareCrow57 View Post
    There are many more but these should keep you busy for a couple of days.
    Apparently I read quite a bit faster than you do. It only took a few minutes. The vast majority of the problems related in those articles are privacy concerns which no senseible user would have -- not site/software security issues. (With the exception of the single issue I already alluded to.) You really ought to have read the articles before you selected them since they don't support your position very well.

    Quote Originally Posted by ScareCrow57 View Post
    My suspicion is that there was some sort of cross site scripting (XSS) or perhaps a Man in the Middle attack.
    It clearly wasn't a MITM since the chat was visibly active on your PC. The only way that would happen would be for someone to be actively controlling your poorly secured laptop. The number one suspect would be a backdoor trojan that you could have picked up anywhere.

    Give it up. You aren't winning any converts.

    BTW, I'm still waiting for you to "take over my machine." Did you need my IP again?
    "Nemo Plus Voluptatis Quam Nos Habant"

    The Code is more what you'd call "guidelines" than actual rules.

  16. #41
    Banned

    Join Date
    Jan 2008
    Posts
    8,677

    Default

    Quote Originally Posted by DeputyMarshal View Post
    Apparently I read quite a bit faster than you do. It only took a few minutes. The vast majority of the problems related in those articles are privacy concerns which no senseible user would have -- not site/software security issues. (With the exception of the single issue I already alluded to.) You really ought to have read the articles before you selected them since they don't support your position very well.



    It clearly wasn't a MITM since the chat was visibly active on your PC. The only way that would happen would be for someone to be actively controlling your poorly secured laptop. The number one suspect would be a backdoor trojan that you could have picked up anywhere.

    Give it up. You aren't winning any converts.

    BTW, I'm still waiting for you to "take over my machine." Did you need my IP again?
    Then apparently you don't know how a MITM attack works.

    And before I go attacking your machine I will need written permission from the Worcester Polytechnic Institute, from someone with authority to give that permission.

  17. #42
    Forum Member
    DeputyMarshal's Avatar
    Join Date
    Apr 2005
    Location
    Connecticut, USA
    Posts
    2,638

    Default

    Quote Originally Posted by ScareCrow57 View Post
    Then apparently you don't know how a MITM attack works.
    Yeah, actually, I do. I was in IT before the fire service. I don't bluff easily.

    Quote Originally Posted by ScareCrow57 View Post
    And before I go attacking your machine I will need written permission from the Worcester Polytechnic Institute, from someone with authority to give that permission.
    Wow! You figured out how to do a reverse lookup in only two days! I take it all back, you have MaD interWeBz sKiLLz, indeed!

    Puh-leez. Epic fail, poser.
    "Nemo Plus Voluptatis Quam Nos Habant"

    The Code is more what you'd call "guidelines" than actual rules.

  18. #43
    MembersZone Subscriber
    voyager9's Avatar
    Join Date
    Jun 2004
    Location
    Southern NJ
    Posts
    2,007

    Default

    Quote Originally Posted by ScareCrow57 View Post
    Then apparently you don't know how a MITM attack works.
    Key word in MITM is 'middle'. If you weren't involve in the connection, then "The Man" couldn't be in the middle of it.

    As to the issue at hand, I think the South Park ep described my attitude on FB to a tee...
    So you call this your free country
    Tell me why it costs so much to live
    -3dd

  19. #44
    Banned

    Join Date
    Jan 2008
    Posts
    8,677

    Default

    Quote Originally Posted by DeputyMarshal View Post
    Yeah, actually, I do. I was in IT before the fire service. I don't bluff easily.



    Wow! You figured out how to do a reverse lookup in only two days! I take it all back, you have MaD interWeBz sKiLLz, indeed!

    Puh-leez. Epic fail, poser.
    Actually, that was not a reverse look up; this is

    Name: appliance4.wpi.edu
    Address: 130.215.36.61

    That was an ARIN search.

    Perhaps I should use this contact information to let them know you are actively inviting people to hack into their network.

    RTechHandle: SMO66-ARIN
    RTechName: O'Connor, Sean Michael
    RTechPhone: +1-508-831-5115
    RTechEmail: soconnor@wpi.edu

    FYI, It didn't take two days, I dismissed the earlier request knowing you didn't have the authority to authorize such actions. Performing an unauthorized PEN test is not only unethical but can also land you in jail.

    Given your comments here I can see why you got out of IT and into the fire service.

  20. #45
    Forum Member
    DeputyMarshal's Avatar
    Join Date
    Apr 2005
    Location
    Connecticut, USA
    Posts
    2,638

    Default

    Quote Originally Posted by ScareCrow57 View Post
    Perhaps I should use this contact information to let them know you are actively inviting people to hack into their network.
    Pathetic. You've managed to progress even beyond Epic Fail.

    *plonk*
    "Nemo Plus Voluptatis Quam Nos Habant"

    The Code is more what you'd call "guidelines" than actual rules.

  21. #46
    Banned

    Join Date
    Jan 2008
    Posts
    8,677

    Default

    Quote Originally Posted by voyager9 View Post
    Key word in MITM is 'middle'. If you weren't involve in the connection, then "The Man" couldn't be in the middle of it.

    As to the issue at hand, I think the South Park ep described my attitude on FB to a tee...
    Depending on how the person put themselves in the middle will dictate how things work. With an IRC chat session it is possible to have more than two people in the chat. I suspect somehow the attacker was able to get in on my chat channel.

  22. #47
    Banned

    Join Date
    Jan 2008
    Posts
    8,677

    Default

    Quote Originally Posted by DeputyMarshal View Post
    Pathetic. You've managed to progress even beyond Epic Fail.

    *plonk*
    Nope, just doing what any good security professional would do.

  23. #48
    Forum Member
    DeputyMarshal's Avatar
    Join Date
    Apr 2005
    Location
    Connecticut, USA
    Posts
    2,638

    Default

    Quote Originally Posted by ScareCrow57 View Post
    Actually, that was not a reverse look up; this is
    ....
    That was an ARIN search.
    BTW, just to share the irony with any non-techie types out there, the ARIN website provides -- wait for it -- reverse lookups or "reverse DNS resolution" over a web interface for people who can't or don't know how to do them directly from their own PCs. Apparently it's possible to use the ARIN site and not even know you're doing a reverse lookup...
    "Nemo Plus Voluptatis Quam Nos Habant"

    The Code is more what you'd call "guidelines" than actual rules.

  24. #49
    MembersZone Subscriber
    voyager9's Avatar
    Join Date
    Jun 2004
    Location
    Southern NJ
    Posts
    2,007

    Default

    Quote Originally Posted by ScareCrow57 View Post
    Depending on how the person put themselves in the middle will dictate how things work. With an IRC chat session it is possible to have more than two people in the chat. I suspect somehow the attacker was able to get in on my chat channel.
    The chat channel that you didn't have open? In case you forgot:
    Quote Originally Posted by ScareCrow57 View Post
    I got up one morning around 7, logged not my system, and my facebook page was up. Some body was chatting with my friends who were online telling them I was in London and needed money.
    So somehow they used a MITM attack on your computer while you were asleep to get your FB credentials, hacked FB, then went back and opened up the browser on your computer to FB so you could enjoy watching them?
    So you call this your free country
    Tell me why it costs so much to live
    -3dd

  25. #50
    MembersZone Subscriber

    Join Date
    Jan 2006
    Posts
    2,439

    Default

    Quote Originally Posted by ScareCrow57 View Post
    Then apparently you don't know how a MITM attack works.
    First of all, now you know how we all feel when you talk about Firefighting, since it's obvious you don't know how that works.

    2nd of all, for a MITM wouldn't you need to be on your computer using the actual Chat yourself, so that your conversation could be intercepted between the two computers, changed, and passed along?

    If you woke up and saw the chat on your computer, who was using your computer to be intercepted?
    "They who can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety." -- Benjamin Franklin

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Facebook Page
    By FirehouseEvents in forum Firehouse Expo
    Replies: 0
    Last Post: 05-26-2010, 09:36 AM
  2. Dive Rescue International on FACEBOOK and TWITTER
    By BladesRobinson in forum Underwater Rescue and Recovery
    Replies: 0
    Last Post: 01-18-2010, 01:24 PM
  3. Rescue Divers rescue woman from submerged vehicle in Evansville, IN
    By BladesRobinson in forum Underwater Rescue and Recovery
    Replies: 5
    Last Post: 01-18-2010, 12:54 PM
  4. Facebook
    By rmhinkle in forum Emergency (& Non) Entertainment
    Replies: 29
    Last Post: 08-02-2006, 01:02 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts

Log in

Click here to log in or register