Log4J Affecting Civilians

This vulnerability will affect many systems, including the ones you use at home. Here are some tips to protect your personal devices and home network (tell your friends). Apply updates. Especially this week and next week. If you’re computer, phone or any piece of software wants an update, say yes. Updates in general are great, they often contain security fixes, as well as new features.
At some point this week make time to call your internet provider and ask if your router or modem has any updates for log4j. A lot of *devices* are going to be vulnerable, and most of us forget about our modems.
If you have “smart” devices at home, check for updates on them too!

While we’re at it, here are a few tips for securing your digital self (again, tell your friends!):

  • Turn on Multi-Factor Authentication (MFA) or two-factor authentication (2FA), on all your online accounts that are important to you. Your banking accounts, government services, shopping accounts that have a credit card saved, etc.
  • Get a password manager. Then change and save your passwords into it, one by one, as you visit all your favourite sites. Let it auto-generate unique passwords for you.
  • Think twice before you click on a link in an email if you were not expecting to receive that email. Verify who it’s from, that it’s a legitimate website, and that the link starts with a domain that you recognize. If you’re not sure, copy the link into google.com (not the address bar, go to the search engine website) then add “phishing” to your search and see what it says.
  • Never give personal information, such as pictures of your ID, your social insurance number, your home address, date of birth, etc. to anyone on the internet.

Guidance on Log4J

Lots of people are talking about how Log4J affects servers, but if you subscribe to this newsletter, you probably want to know about your apps. Let’s talk about what the problem is, how to figure out if you have it, then what to do about it.

Problem: this java logging dependency has a vulnerability in it that allows an attacker to take over your web server and run commands from it. They can run this attack before a login screen (unauthenticated). This is the “most scary possible” from a security viewpoint. Do you have this problem? You can search for it in a bunch of ways, but I suggest just going to your code repo, searching for “*log4J*”. If you find nothing, ALSO search using any sort of dependency tool. This could be dependencyGraph in GitHub, Snyk, OWASP Dependency-Check, White source, etc. These are also often called “Software Composition Analysis” or SCA for short.

Versions 2.x (every single one except 2.15.x which is the patch for this) are vulnerable.

Versions 1.x are only vulnerable if you call the JMSAppender functionality. You can look in your code for “JMSAppender” to see if you are calling it. If you are, you are vulnerable. If not, you’re good.

If the code has not been deployed anywhere, mark it as “do not deploy” and move on. Anything that HAS been deployed: where? WHERE is it deployed/where does it live? Behind a WAF or CDN? If so, add the rules to block this attack. CloudFlare & CloudFront both do, turn it on!

If you have your own RASP or WAF, and there are no rules available yet from your vendor (ask them if you don’t see it, tell them you want one if not). So if not available from the vendor, make your own “virtual patch”. Work with InfoSec to write regex that blocks the attack or fish some off of the internet (you are not the only one with this problem).

To be clear, if you make a virtual patch, this is a temporary measure, and you need to 1) monitor it to make sure it’s working, plus 2) upgrade the versions of Log4J as soon as you can. Don’t forget please. 😀

Worst case scenario: You have log4J, nothing to help you block it, and it’s a vulnerable version.

Option 1: “accept the risk” and do nothing to block it. You will still monitor the situation, but that is all. You will instead spend your efforts on releasing the upgraded version of your software as soon as humanly possible. For some organizations, this is the only option. Don’t feel bad, use that energy of the update instead. Ensure you test thoroughly; you don’t want to release patches like our industry saw during Meltdown/Spector that broke the patched systems worse than the vulnerability would have.

Option 2: Shut off the vulnerable systems. Immediately. If your business can have a few systems down until you figure out how to do something better, this *might* present less risk. There are currently many systems all over the internet being turned off, in the short term. There is no shame in doing this if it’s your best option. I’d rather have egg on my face than an exploited server.

Option 3: Go through your code and remove this dependency from your project, then comment out the code that calls it. When you are ready to apply the upgrade/patch, you will add it and turn it back on. Stop logging, just for now. This is the only situation where I would ever recommend removing logging. Test it thoroughly before deploying and make sure you don’t have any sort of “backup logging” that could interfere or spoil your efforts.

Story of Koragajja, and why he is famous in Udupi, Mangalore, Kundapura?

Tulunadu has a tradition of spirit worship since ages. Daivas/Bhootas are a class of supernatural spirits. According to some beliefs they are sent by Lord Shiva himself for the protection of the families. These daivas will protect us from any harm and bless us in all regards provided we worship them with all honour and respect.
One such daiva of tulunadu is KORAGAJJA. Also, One of the most worshipped Daiva throughout Udupi and tulunadu is koragajja. Anything which is lost, any work to be done or any issue to be solved; first and foremost, people recall this divine.

Koraga thaniya is the historical figure and not a mythical creation. Dravidian of Indian worship their ancestors, who did extraordinary things for the greater good to their community. Due to which they were recognized and worshipped by their later descendants.


Koraga thaniya who is popularly called koragajja. Here “Koraga” is the community name and “Ajja” is usually called for old male citizen in tulu.

Even though he attained divinity during his middle age; people started calling him Ajja because of love and affection towards him.

Udupi, Kundapura, Mangalore, is place of extra ordinary culture and tradition. Its colorful and joyous. The concept of idol worship wasn’t in existence until recent years. The people in Udupi, Kundapura, Mangalore, believed in spirits. Till date there are places where idol worship is yet to start. The spirits are considered as the savior of the community and they are worshiped as the ultimate deity in Mangalore. In such a big set of spirits, Koragajja is one.

Koragajja is considered as one of the most sacred and sought spirit in Udupi, Kundapura, Mangalore,. He is considered powerful and is widely worshiped along the coast. His existence extends from Ullal in Mangalore till Kundapura in Udupi. He is called by several others names as we proceed from south towards north. But in Udupi, Kundapura, Mangalore, he is called as Koragajja.

When people are in grave difficulty or have lost something or for some work needs to be successful, they pray to Koragajja and promise an offering once wish is satisfied. People usually offer alcohol, betel nut (Beeda), tea or chakkuli (a snack which is spiral in shape). These things are considered favorite for Koragajja. There are many instances where people have prayed to Koragajja and their prayers have been answered. This has made people to believe more in Koragajja and his existence has made people more safe and happy. There are people who offer Kola(A cultural and traditional extravaganza to please the spirit for his blessings ) as offering, which is done annually for the well being of the people.

There are many such spirits which protect the people of Udupi, Kundapura, Mangalore, but Koragajja has owned a special place in the hearts of tulunadu, and there is no doubt he is famous in and around Mangalore.


Koraga thaniya lost his mother Maire when he was of 30 days infant. He even lost his father during his childhood. There was no one to look after him. So, He left his home town and started his journey towards south. Near kallapu; he sits under the tree were hundreds of people were passing by. Due to hunger, he eats white sand as rice, He put Careya arborea (Wild guava) as a coconut. He used to cry sometimes and sometime laugh because of his loneliness.

At that time, Bairakke baidyedi, her daughter Manjakke and her brother Chenniya were passing through this place carrying toddy (kali) in the pot. They observed the behaviour and actions of thaniya and came closer to him. The Child ran away and hid behind fence. Bairakke baidyedi requested the boy to leave the fence and allow them to go. But Koraga thaniya told that, “he doesn’t have clothes on his waist, so he doesn’t want to leave the fence”.

So, Bairakke baidyedi took off the cloth that was tied to the pot and gave it to Taniya to put on his waist. He tied this cloth to his waist and began crying loudly with sorrow. Bairakke felt compassion on Thaniya, and she started enquiring about him. Thaniya told that “he had lost his parents and even the members of his community; there was no one to look after him. So, He decided to go to the places where there is plenty of work to do and plenty to eat”.

Bairakke baidyedi tells thaniya to come along with her. She even told that “she has 2 children, if in case thaniya goes with them; she will treat him like her third son”. Thaniya agreed to go along with her.

Bairakke Lovingly nourished him like a son. After thaniya ‘s arrival to their home, the house was filled with money, and their business started to improve. Koraga Thaniya learns the work related to his family. He started to make basket,handmade bamboo stuff, and he used to sell it.

(we can see this during koragajja the kola, the basket is usually hanged on the shoulder of koragajja during kola)

One day, Nema was organized For Marlujumadi, Maisandaya, Kinnikodangade Daivas, which was relating to Bairakke’s family. Coconut leaves, tender coconuts and banana plants had been allocated for this event from bairakke’s house. Things were so heavy that, it needs to be lifted by at least 7people. But there were no one to take these things from Ansuru barike.

Bairakke baidyedi requested thaniya to carry them to the temple. Thaniya decided to lift the things alone which was supposed to be lifted by 7 people. But he demanded to serve him a meal of 7 people. (It had toddy, rice and the curry of 30 mackerel fish). Bairakke happily agreed his demand.

After eating, thaniya raised the stuff alone that was supposed to be lifted by seven people. he walked down the yard ; looked back and he began to weep telling Bairakke that. “You have been nourishing me just like my mother, don’t expect that the one who went showing his back today might return by showing his stomach.”

Bairakke tells that “son, from the day you came with us; we had good fortune. if you do not want to lift those items. Keep it down”

Thaniya replied that “the promise which is given by me will not be taken back, just like that; burden which I lifted will not be kept down”.

He started his journey towards the temple.

Chief of the temple noticed thaniya bringing things from far distance. Later, he orders Thaniya to keep the thing near the temple and told him to stay away from the temple strain.

Thaniya felt bad on this behaviour. He questioned that “things which was brought by me was useful, but not me? Instead, you made me to stand far because I belong to lower community”.

Thaniya’s words were ignored by everyone present there.

Later, he was worshipped as koragajja/ neecha Daiva throughout tulunadu.

One day, Arasu daiva came to sarlapatta(kuthar) and they wanted to occupy their position in that place. Panjanthaya Daiva was worried about this. Because; if in case Arasu Daiva takes their position is sarlapatta the position of Panjanthya Daiva will not remain same. So, he requested koragajja to chase them away from coming to this place. Since, arasu daiva are usually offered vegetarian food. During their entry into the place; koragajja killed cow (kubalthi petha) on their way. Due to which arasu daiva might get impure if they touch it; so, they had to leave that place. Panjanthaya was happy from koragajja strategy. so he blessed that thereafter koragajja will be worshipped in 7 different stones in sarlapatta.

Why do people offer alcoholic drink to koragajja?

Even though koragajja was born in one community. He was nourished by Bairakke baidyedi who was into (kali) toddy business. She often gave thaniya to drink this wine. Due to which people started to offer palm wine to koragajja. But this was later exchanged by other alcoholic drinks.

Why people restricted women from watching koragajja kola?

During Koragajja kola, the person who became the medium of koragajja used few cloths on their body instead They were only tying palm leaf on their waist. they used to dance for the beats of drums(dollu) narrating the story in the form of pardanas.

Moreover, people used to offer alcoholic drink to this daiva due to which, people were using minimal lights during this kola. Because of this reason, women were restricted to watch this.

The main intention of writing this is to narrate the true story for future readers and not to degrade or uphold any community. SPECIAL Thanks to Mr Vishal & Arun for sharing the useful information – Sachin Shetty 🙏

Swami Koragajja
Swami Guliga Daiva
Koragajjana Katte

#StaySafe #StayHome

Request and advice to all members,

Before paying for any medicine, equipment make sure that it is genuine.

Avoid advance payment to anyone you just contacted through social media.

Many frauds and scamsters are taking advantage of this crisis.Their mode of operation is they will contact you once you share any request in any group and ask to pay by confirming the requests.

Pls always rethink before any such transaction.


Oxygen vendors for Banglore. All are verified today.


1. Drug Controller Helpline 24×7

2. Ganesh

3. Manoj

4. Ramesh

5. Srikanth V

6. Contact: Universal Air Products
Subhashish Guha Roy

7. Company Name: Peenya Industrial Gases Pvt. Ltd.
Name: Ramesh
Number: 9686196642

8. Contact: Amogh Gases Pvt. Ltd.
R. Mohan Kumar

9. Contact: Bhuruka Gases Pvt. Ltd.

10. Contact: Eureka Gases
9035588758 , 9535509423

11. Contact: Galaxy Air Products
R Tothumuthu
9448821347, 8867715015

12. Contact: Inox Air Products
Kiran Radu

13. Contact: Lindie India Ltd.

14. Contact: Pai Industrial and Medical Gases
Ravi Pai

15. Contact: Southern Gas (Peenya)
Sadanand Pai

16. Contact: Spec & Cal Gases Pvt Ltd
K Manoharan

17. Contact: Universal Air Products
Raja shekar
98450 63119

18. Siga Gases India (P) Ltd
Mr. Devaraja
93410 45631

19. Siga Gases & Dry Ice
080 2241 4271

20. Jana Sewa
84473 90017

21. Vinayaka/Aditya (KP Road)

22. Unity Gas (Mysure Road)
Pawan Muthu

23. Pai Air Products (Mysure Road)
Ravi Pai
98450 63166

30 April 2021:

ALERT – everyone in your social network – during this Pandemic most of the LinkedIn / FB/ Insta/ etc.. users are targeted. First, fraudsters create your fake account and start seeking money from your friends / relatives on behalf of you.

REMEMBER: It’s not account hack but your fake account created for fraudulent activity.
#Note: Majority of inactive user accounts are targeted.cybersecurity #cybercrime #phishing #databreach

Threat Reconnaissance Lessons from the Private Sector for Federal & State Agencies. This case study details how analyst teams at leading banks are extending threat hunting far beyond their perimeters.

Are We Stuck With the Four-Box Problem?

I don’t think so. CloudOps will likely add more traditional security functions, like incident response, making all things related to cloud infrastructure management centralized under one independent function.

That would be a big change — like a mini-cloud SOC within CloudOps. 

With such a change, we might see the problem knock back down to only two or three teams involved in security. If a CloudOps team manages all cloud infrastructure security, as well as the overall agility and orchestration, they may only work with developers through a ticketing system to fix specific code issues. A modification would be Three Boxes for CloudOps, Developers, and DevOps if runtime and CI/CD pipeline management remain separate.

This constant evolution of org structure and security responsibility makes it tough to effectively staff a security team or design a workable security stack.

My advice for all the security folks out there: Learn something about cloud environments. There’s no going back from digital transformation, and you will be best suited if you can secure cloud infrastructure. The need for security isn’t going anywhere — it’s increasing. Developers, DevOps, and CloudOps all need the security person’s mindset to work within their org structure and ensure business data remains secure. Source credit: Darkreading

Fake ransomware decryptor double-encrypts desperate victims’ files

By Sachin Shetty

US aerospace services provider breached by Maze Ransomware

The Maze Ransomware gang breached and successfully encrypted the systems of VT San Antonio Aerospace, as well as stole and leaked unencrypted files from the company’s compromised devices in April 2020.

VT San Antonio Aerospace (VT SAA) is a leading North American aircraft MRO (maintenance, repair, and overhaul) service provider specialized in airframe maintenance repair and overhaul, line maintenance, aircraft modifications, and aircraft engineering services.

VT SAA is a subsidiary of ST Engineering (part of ST Aerospace, its aerospace arm), one of the largest firms listed on the Singapore Exchange and an engineering group with customers in the defense, government, and commercial segments in over 100 countries, and roughly 23,000 people across Asia, Europe, Middle East, and the United States.Top ArticlesFitness Depot hit by data breachafter ISP fails to ‘activate theantivirus’

ST Aerospace provides repair and overhaul services for more than 25,000 mechanical and avionics component types fitted on various Airbus and Boeing aircraft and helicopters.  

Maze encrypted VT SAA’s network

The Maze Ransomware operators state in a new post on their data leak site that they breached the network of ST Engineering—actually that of VT SAA, one of the group’s North American subsidiaries—stealing data and encrypting servers.

During the attack, before deploying the ransomware payload to encrypt the company’s servers, Maze claims to have stolen 1.5 TB worth of unencrypted files to be used as leverage to pressure the ST Engineering subsidiary into paying their ransom.

ST Engineering entry on Maze leak site

ST Engineering entry on Maze leak site

As ‘proof’ that they breached VT SAA’s network, Maze has already leaked over 100 documents that consist of financial spreadsheets, cyber insurance contracts, proposals, and expired NDAs.

We were told that these files allegedly include financial information, “IT security systems” information, and how ST Engineering financially supports political groups in countries in Latin America and CIS. Maze did not provide any proof of these claims.

Stealing files from their victims’ network before deploying the ransomware payload is a common procedure for the Maze Ransomware operators.

Other ransomware operators including but not limited to REvilDoppelPaymerNemtyNetwalker, and CLOP have also adopted this extortion tactic.

Leaked files

Leaked files

BleepingComputer has also been told that VT SAA’s cyber insurance contracts are with Chubb, who was also attacked by the Maze Ransomware operators and had its network encrypted in March 2020.null

Bad Packets said at the time that Chubb had numerous Citrix ADC (Netscaler) servers unpatched against the CVE-2019-19871 vulnerability despite the insurance carrier’s statement that its network was not compromised (this security flaw was exploited in the past as part of other ransomware attacks).

Details of Maze’s attack

While Maze has not described details of their attack, they leaked the IT Manager’s memorandum of the cyberattack memo which shows exactly how the attack occurred.

Maze first connected to one of VT SAA’s servers via a remote desktop connection using a compromised Administrator account, then compromised the default Domain Administrator account and hit the company’s domain controllers, intranet servers, and file servers on two domains.

The memo also says that all the encrypted systems were fully recovered within three days after VT SAA’s systems were encrypted by Maze Ransomware on March 7, 2020.

Because of the number of files and the sensitive nature of the stolen data Maze has already posted on their leak site, ST Engineering Aerospace subsidiary will have to also disclose this incident as a data breach to all affected parties, including employees and clients.

Affected systems and data

Affected systems and data ST Engineering North America only partially affected by the attack

In a statement to BleepingComputer, VT San Antonio Aerospace Vice President and General Manager Ed Onwe said that the attack only affected a limited number of ST Engineering’s U.S. commercial operations.

“VT San Antonio Aerospace discovered that a sophisticated group of cyber criminals, known as the Maze group, gained unauthorized access to our network and deployed a ransomware attack. At this point, our ongoing investigation indicates that the threat has been contained and we believe it to be isolated to a limited number of ST Engineering’s U.S. commercial operations. Currently, our business continues to be operational,” Onwe told BleepingComputer.

“Upon discovering the incident, the Company took immediate action, including disconnecting certain systems from the network, retaining leading third-party forensic advisors to help investigate and notifying appropriate law enforcement authorities.

“As part of this process, we are conducting a rigorous review of the incident and our systems to ensure that the data we are entrusted with remains safe and secure. This includes deploying advanced tools to remediate the intrusion and to restore systems. We are also taking steps to further strengthen the Company’s overall cybersecurity architecture.”

Please don’t forget to give reviews, Like,Comment & Share.

Follow the Admin here:

Click here Sachin facebook account

Stop Complaining About Your Colleagues Behind Their Backs

In my coaching work with leaders and teams, I often ask my clients whether they engage in workplace gossip. More often than not, they respond, “of course not!” with a look on their faces that indicates that they are insulted to have been asked such a question.

But when I ask them whether they have ever participated in a “confirmation expedition” — whereby they 1) ask a colleague to confirm their own negative or challenging experience with a third colleague who is not present, or 2) welcome a similar line of confirmation inquiry from another colleague about a third colleague who is not present, most admit that this is, in fact, a regular part of their daily work life.

While leaders and teams might consider this behavior to be innocent “blowing off steam” or the more strategic “confirming performance data,” I consider it a form of workplace gossip.

But it’s not just me. Authors Nancy Kurland and Lisa Hope Pelled, in their research paper, Passing the Word: Toward a Model of Gossip and Power in the Workplace, define gossip as: “informal and evaluative talk in an organization, usually among no more than a few individuals, about another member of that organization who is not present.” When you think about how often your workplace conversations are 1) informal (“I’m just hanging out in Linda’s office”); 2) evaluative (“discussing how difficult it is to get a timely response from Doug in Accounting”); 3) among no more than a few individuals  (“…and Marci’s here too.”); and 4) about another member of that organization who is not present (“Doug’s at his desk, of course!”), you might start to realize how often you’re engaging in gossip, and contributing to gossip’s damaging effects.

Like what? Like the erosion of trust, hurt feelings, decreased morale, damaged reputations, reduced personal and professional credibility, increased anxiety, divisiveness, and attrition.

Despite the high costs of gossip, the drive to engage in it is strong. Dr. Peggy Drexler, research psychologist and professor of psychology at Cornell University’s Weill Medical College writes that “anthropologists say that throughout human history, gossip has been a way to bond with others — even a tool to isolate those who aren’t supporting the group.”

Talking with one or more coworkers about how hard it is to get Doug in Accounting to give a timely response creates a feeling of connection with everyone else who is struggling with Doug’s lack of responsiveness. Those similarly frustrated by Doug treat one another with in-group favoritism, a common and central aspect of human behavior, whereby people act more pro-socially towards members of their own group relative to those outside their group.

Gossip is also a means of venting for those who are reluctant to give direct feedback to or have difficult conversations with their colleagues. As I cited in my HBR article, When to Skip a Difficult Conversation, “In a 2013 Globis survey of more than 200 professionals on the topic of difficult conversations…80% of respondents reported that these conversations were a part of their job, [but] more than half indicated that they didn’t feel like they had adequate training on how to conduct them effectively.”

By talking to anyone, everyone, or even one person about another colleague who isn’t there to hear the feedback, provide his or her perspective, and engage in joint problem solving, you are undermining the benefits of an open, honest relationship and a feedback-rich culture.

Finally, we use gossip as a way to collect evidence that confirms our beliefs, satisfying our confirmation bias — the tendency to look for information that confirms what we already believe to be true. By checking in with a coworker about whether she, too, experiences Doug as slow to respond, we get confirmation for our existing beliefs, and the satisfaction that comes from “being right” about Doug. And as Judith Glaser explains in her article, Your Brain Is Hooked on Being Right, the flood of adrenaline and dopamine that accompanies feeling right can become downright addictive.

Considering how satisfying it is to be right, how tempted we are to avoid giving direct feedback and having difficult conversations, and how often we seek confirmation for what we already believe, it can be hard to break the habit of engaging in gossip — as the instigator or the recipient. Nevertheless, there are several strategies to help you and your team stop engaging in something so wrong that feels so right:

1) Name it, then pivot. First, call gossip “gossip” to stop it in its tracks. If you are engaging in “informal and evaluative talk in an organization, usually among no more than a few individuals, about another member of that organization who is not present,” — especially if the aim is to confirm your experience rather than get constructive solutions — then you are participating in gossip. If you call someone on it, most people will step back at hearing a colleague say, “This sounds like gossip. Is that what you intended?” Second, pivot the conversation by asking, “How can I help you get a better outcome?” Only engage in coaching, brainstorming, and problem-solving conversations — not in problem-confirming ones.

2) Ask yourself or others why you need someone else’s confirmation about a behavior that you’re noticing in a third person. If it’s to justify your feelings, to confirm that you’re right, or to gain support for your point of view, don’t bring someone else into the conversation. If it’s to understand how you might be contributing to the dynamic or problem, to brainstorm helpful solutions, or to go on record to make a formal complaint for further investigation, then go for it.

3) Let people know that you have a policy of “if you have a problem with me, please tell me first.” Adopt the “tell them first” policy with your colleagues, and, when someone approaches you with gossip about someone else, ask “Have you already told her?” to remind them of this policy.

4) Create a feedback-rich environment around you. The more you normalize feedback — both positive and negative, and both giving and receiving — the less likely people will be to look for alternative means to express their frustrations and concerns. Rather than “saving” feedback for annual performance reviews, make discussions about what someone did well, and what he or she could do differently, a part of every supervision meeting or project debrief. And make sure to give people positive feedback when they offer particularly useful feedback — even if it’s hard to hear.

Gossip, even by any other name, is still a destructive communication strategy that negatively impacts individuals, teams and the whole organization. By stopping it in its tracks, choosing healthier and more helpful methods of communicating what’s not working, and engaging in collaborative problem-solving, relationships and organizations can flourish.

Please don’t forget to give reviews, Like,Comment & Share.

Head shot of Deborah Grayson Riegel

Follow the Admin here:


Top 10 Facebook Hacking techniques used:

Submitted by Sachin Shetty

Facebook is one of the most widely used social networking site with more than 850+ million users, as a reason if which it has become the number 1 target of hackers.

1. Phishing

Phishing still is the most popular attack vector used for hacking Facebook accounts, There are variety of methods to carry out phishing attack. In a simple phishing attacks a hacker creates a fake login page which exactly looks like the real Facebook page and then asks the victim to login into that page. Once the victim logins through the fake page the victims “Email Address” and “Password” is stored in to a text file, The hacker then downloads the text file and gets his hands on the victims credentials.

2. Keylogging

Keylogging, according to me is the easiest way to hack a Facebook password, Keylogging sometimes can be so dangerous that even a person with good knowledge of computers can fall for it. A keylogger is basically a small program which once is installed on victim’s computer will record every thing which victim types on his/her computer. The logs are then send back to the attacker by either FTP or directly to hackers email address.

3. Stealers

Almost 70% percent people use stored passwords in their browser to access the Facebook, This is quite convenient but can sometimes be
extremely dangerous, Stealer’s are software’s specially designed to capture the saved passwords stored in the victims browser. Stealers once FUD can be extremely powerful

4. Session Hijacking

Session Hijacking can be often very dangerous if you are accessing Facebook on a http://EXAMPLE.In/ without https a Session Hijacking attack a hacker steals the victims browser cookie which is used to authenticate a user on a website and use it to access victims account, Session hijacking is widely used on LAN’s.

5. Sidejacking With Firesheep

Side jacking attack went common in late 2010, however it’s still popular now a days. Fire sheep is widely used to carry out side jacking attacks.

Firesheep only works when the attacker and victim is on the same WiFi network. A sidejacking attack is basically another name for HTTP session hijacking, but it’s more targeted towards WiFi users.

6. Mobile Phone Hacking

Millions of Facebook users access Facebook through their mobile phones.
In case the hacker can gain access to the victims mobile phone then he can probably gain access to his/her Facebook account. Their are lots of Mobile Spying softwares used to monitor a Cellphone. The most popular Mobile Phone Spying softwares are:
1. Mobile Spy
2. Spy Phone Gold

7. DNS Spoofing

If both the victim and attacker are on the same network, an attacker can use a DNS spoofing attack and change the original Facebook page to his own fake page and hence can get access to victims Facebook account.

8. USB Hacking

If an attacker has physical access to your computer, he could just insert a USB programmed with a function to automatically extract saved
passwords in the browser.

9. Man In the Middle Attacks

If the victim and attacker are on the same LAN and on a switch based network, A hacker can place himself b/w the client and the server or he could also act as a default gateway and hence capturing all the traffic in between.

10. Botnets

Botnets are not commonly used for hacking Facebook accounts, because of it’s high setup costs, They are used to carry more advanced attacks, A botnet is basically a collection of compromised computer. The infection process is same as the key logging, however a botnet gives you additional options for carrying out attacks with the compromised computer. Some of the most popular bot-nets include Spy-eye and Zeus.

Be safe & don’t be an easy prey for the hackers.

Please don’t forget to give reviews, Like,Comment & Share.

Follow the Admin here:

About Sachin Shetty


Introducing Microsoft Ignite!

This morning on The Official Microsoft Blog, we revealed more details about our enterprise technology conference in May – Microsoft Ignite. If you attended the SharePoint Conference, Exchange Conference, Lync Conference or Project Conference, this is the conference for you. And, if you’re interested in or already using Office 365, this is the conference for you. Register now and we will see you in Chicago!