Google Chrome v15 Very Unsafe for Social Surfers ...
12:38 PM Edit This 0 Comments »
Recently my Facebook profile has been hacked by some new method.
its more like cracking than hacking because in anyway Facebook provides no way
to get into an account without changing password of it first. But my account
got hacked two times without the password is changed and i regularly change my
all related account's password. Another thing is that the cracker is using
Facebook mobile or WAP version of Facebook to access my account, and here comes
the most interesting part that I am NOT GETTING any notification either in mail
or text from Facebook for it!! . Though I changed the password at the first
occurrence of cracking, that was nothing but a status update posted by that
cracker in my profile from a mobile device which showing me as the author of that
post, but that was fruitless as within few hours second post was posted by the
cracker showing its power. While I appreciate white hat hacking, but I don’t
support blackhat or cracking....
Then i was
thinking that where i had done mistakes. All Facebook security has been up to
top notch. No apps are running in Facebook. I don’t entertain spam, I don’t
click on links, and all notifications are on. Password is safe in my brain. All
other related account's password are too saved in my brain and lastly I don’t
share my a/c password with any person even my gf !! So there is no change of
hacking this supercomputer :P ...
So, lastly i
concluded that it’s not Facebook's problem then. i searched the net for
information and found that no recent flaws have been found in Facebook’s
mechanism. then I concluded that maybe there is any rootkit or keylogger in my
system, but if that so all my accounts everywhere are suppose to be hacked one
after one, but thanks to the god that didn’t happened, i also searched for
malwares that were stealing my cookies, I checked the certificates verification
and the webpage of Facebook matches with it so i am not using any phishing
sites, again i use a HTTPS connection so there should not be any
man-in-the-middle attack problems, lastly I scanned everything and found
nothing and also all my ports are closed and kept in strong security ,I am
using a very secure machine with a very secure and updated original 64bit OS.
no answers were
found lastly i started to think on other way that i am using 1 laptop and 1
desktop and it cant be possible to have SAME flaws in both the devices. Then
what is common between Facebook, My Two computers and ME?? The answer came
instantly ,it is the browser I am using, The Google Chrome. the tzar of
browsers.
Searched in
Google (!) and found that there have serious flaws in Google’s ultimate
browsers and it’s staying from long but recently discovered but Microsoft.
Microsoft actually blocked the chrome in computers which were using MS Security
Essentials, Microsoft's Own Antivirus solution, because MSSE started to
consider CHROME as a malwares and threat to security. Though Google suppresses
the issues in their web search so that no one can get aware of it and silently
started to patch up but the flaw was old and it will take time to disappear.
Later both Google told the public that it’s a false alarm but I witnessed the
truth.
And also the
biggest threat to the chrome itself is it's app store. as it is open in nature
and most apps are open to develop ,release and run , so it lacks in security .i
mean how can anyone keep up the security if there is thousands of apps gets
posted on each 10 hours ?? The open nature of app store attracts a new breed of
social crackers who are inserting xml, JavaScript, php, sql codes in these apps
for social networks. These apps are highly dangerous in nature. Recently I
installed 4 apps for better facebooking as they were advertised in app store of
Google, which are better facebook, facebook chat disabler ..Etc
on the first
attack I disabled all plugins ,but after second attack and from the result of
my research I learned that the disabling then wont matter and neither
uninstalling because that thing just keep on in memory and in your Google
account so when u will sync your Google account in chrome those app will come
back again. THIS IS A VERY HIGH TIME TO THINK THAT IS THE GOOGLE SYNC &
OPEN SOURCED TECHNOLOGIES ARE BOON OR BANE.
Another thing is
that the internal archives are very much restricted to all antivirus and
firewall monitoring. bookmarks histories and cookies are also you can delete
then in CCleaner but they keep on coming as account gets synced every time you
come online. the password manager is useless and its very easy to beat because
all the passwords are exposed so if anyone gets a hold on your chrome then they
can steal your passwords and cookies. There is also no option for master's
password in chrome as Firefox.
New chrome's
JavaScript engine is very very fast and efficient but lacks security. and
Facebook is very much dependent on javascripts its that chrome is all opened
for hacking. Also being a home product google inserts code in chrome to monitor
user activities to make their advertises efficient on web pages. This is
another serious issue.
New CHROME v15
has a feature which runs apps in background even you shutdown the CHROME itself
while its good for widgets but its worst in the case where some cookie tracing
or keylogger app running in background. Even you succeed to delete the thing of
your memory not only it will keep on running in Google’s SAFE SANDBOX it will
come back on the next time you connect to net via Google sync.
So as for the
first aid measure I uninstalled the google chrome. Deleted all data and
registry references. Deleted my data from google sync. Changed all my related
account’s passwords and obviously facebook’s also and changed my browser
platform. I chose security over speed. And another thing with chrome is that it
keeps on growing in HDD and memory. An installation of chrome acquires whooping
265MB+ of data in HDD and it eats up to 375000KB of memory on a single go with
1 tab opened on Facebook. So the browser maybe giving fast results but its
actually eating up the memory. I changed my browser and I am happy now .YES I
have to compromise on features, speed and other problems but whatever I am
using has the safest mechanism to protect privacy.
Some tips
which I follow for safety online-
1)
Use a
link filter like AVG.
2)
Usage
of download manager with scan on download facility.
3)
Avoid
unsafe websites and download destinations.
4)
Always
use HTTPS connection when possible
5)
Get a
secure browser NOT chrome no matter what they say.
6)
Clean
footprints regularly (history, bookmarks, cookies, passwords , temporary
folders … etc)
7)
Don’t
let anyone use your computer when you are not around.
8)
Don’t
share files online and if sharing only share from trusted friends and scan the
files before downloading.
9)
Don’t
response to every mail and don’t allow any mail to show images because strong
steganographic can be hidden on them.
10) Don’t use P2P. anyway all P2P networks
are dead including gnutella 1, gnutella 2, e2dk, fasttrack, ares …etc so they
are not useful except sending and receiving fake files with malwares.
11) DC++
12) Always log out from websites you logged
in. never leave then open.
13) Change passwords regularly and securely
using a random password generator. I made myself one and it is heavily secure.
14) Use onscreen secure scrambled keyboard
when entering vital data.
15) Don’t install unknown apps in browsers,
it seems to be the latest trend but keep you temptation in control and never
ever use any 3rd party addon for any social networking or online
accounts like yahoo, google etc. as I already told you they are not SECURE
enough. And the danger was with OPEN SOURCED apps.
16) Don’t download Youtube videos sometimes
the flv is encoded with Ajax
17) Encrypt Files and mails and send them via
online.
18) Try avoid logging in from café and also
absolutely avoid open cyber café’s because you could become a victim of
sidejacking.
19) Never write down your password in your
notebook or in wallet. That’s a very bad habit. Try to memorize and if you cant
then save that in your phone memory and lock the phone always with a password.
Some tips for
Facebook-
1)
Use
https.
2)
Don’t
install any apps. If u need to, then delete them from account settings after
using.
3)
Don’t
let apps mail you with offers they often contains spasm and bad links which
will lure you to go there for extra credit or Farmville money .keep in mind
that real world privacy matters more than virtual money.
4)
Enable
all notifications including text notifications also.
5)
When
you login save the device and when you want to logout. delete the device first
and then logout properly. It will end the sessions and though the hacker steals
the cookie cant be able to login with it.
6)
Always
keep an eye on the sessions .see which sessions are on and from where and if
not permitted disable then atonce.
7) Dont accept
any Event, Group, Pages request immediately without verifying because hidden
javascripts can be added in these requests however till now friends request
seems working fine. Don’t go for friends involvements in them because people
can be fooled easily so atleast arm yourself with knowledge.
8) Don’t use any
scripts for yourself or in firefox don’t use GRESEMONKEY because it can
backfire on you.
9) Don’t try to
hack other’s profile because all the available tools out there are only tools
to make you fool because they will take YOUR ID & PASSWORD and will HACK
your profile but not the person’s you intended to. So BEWARE. All these things
are scam.
10) Don’t go
after see any girl’s NUDE pictures on fb links because this will make your
profile NUDE instantly :P :P
11) Don’t trust
even your best friends here either because it might be possible that his /
profile is already hacked and your profile is the next target of hacker.
12) Don’t share
important and private info here. Remember Facebook is only for fun not a very
serious duty or business however there are some duties of a social networker.
13) Tell your
friends to mail you if they have anything private to say.. and I am talking
about mail accounts of outside not facebook’s mail service which is still a
toddler now.
14)if you suspect anything serious change
password, report to Facebook , and deactivate account for sometimes. Let
Facebook investigate about it.
15) Don’t add FAKE pictures and Information
about you in your Facebook Account because if your profile gets hacked THESE
informations can help you to recover it.
16) Don’t use STYLISHED FONTS in Facebook
username or anywhere. This can create problem later if your account gets hacked
because if when Facebook will tell you to write down the account name you cant.
17) Try to identify all of your friends
because when you are recovering your hacked account you will be asked to
identify 10 friends from your friend list in random. And please don’t make
random unknown friends.
It passes 5 days
now and no problems found so far…
© Ramen
Mukherjee.
0 comments:
Post a Comment