+1 855 499 1906 (11 a.m to 7 p.m CST)
Online safety is not limited to saving your kid from dangers that might hurt them, but it is also about saving them from themselves. When they learn new things, they might easily get involved in the malicious activities that are not meant for them. Since they get attracted too much by the glittery social media world, they will take no time to learn the tactics that not only put them in danger but also put others in danger such as hacking.
Kids are tech-savvy these days and in no time, they can find their ways around the tech world like no one else. All they need is to be an enthusiast and interested in knowing things and they can get their hands on everything. Nowadays, things like how to hack Facebook password without software is also coming into learning for the kids and they might use it on their parents first. Parents are also concerned about pursuing Facebook monitoring to make sure their kids are on the right path. But, how would you know that your kid is indulged in hacking?
Hacking provides a new world of empowerment and acceptance, especially for teenagers who are not doing so well in the other areas of their lives. When they are bored, being bullied, harassed, or are told that they are not good enough, they often find these ways to feel independent and good. Being parents, you must look for the malicious activities that might be conducted by your teens. Here are some simple and easily noticeable signs:
After all, they are kids. They will brag about anything that they learn and think that they have achieved something. Hacking is something that gives them a feeling of empowerment, so they show you how successful they are. Most parents often ignore when their kids are making direct comments about how easy hacking is and how it is just a matter of skills that they already possess. Sometimes they are bragging about it, but in many cases, they are reaching out to the parents and friends in the hope that they will tell them that it is wrong.
Who do you think they will start hacking with? Well, you. You must activate your radar when you hear something about yourself from them which they have only known if they were reading your emails or knowing other online activities. It is very common that kids usually first try to hack their parents’ accounts to have their control over them. It is all about their curiosity and when it ends, they usually move to other targets.
Whether they are hacking or not, every teenager wants confidentiality when it comes to online activities. But when you see this confidentiality being handled way to technology, it is time to notice. If you see their computers and you can’t see anything like they have been clearing their files and browser history too often, and using encryption programs to encrypt folders and files, that’s a possible sign.
It is normal now to have multiple Facebook accounts.
But if your child is hiding them from you and showing you just one main email account that you can access while keeping others from you, then make a note of it. If not malicious activities, it might be porn or other activities that you won’t approve of. This type of absolute privacy must be investigated.
When you are using the internet and social media, you come across different things every day, and sometimes, you just don’t know where the information came from. The same is the case when your internet service provider asks you to stop hacking or you will face criminal actions. Of course, you are not hacking but it must worry you if someone in your family is hacking. Internet service providers know it very well.
If your kid was not doing good in school, and suddenly his grades are improved, there is something to notice. Either they have started working hard or they have hacked into their school system. If you see no noticeable effort from their side and they are touching their studies even like before but getting good grades, there is a possibility that they have hacked it.
Kids love to experiment with their hacking skills in school to bring up a good impression.
If you suspect that they are hacking, check out their inventory of the programs and tools that they have installed on their computer. You might get lucky in finding out something if your kid hasn’t thought it out yet. If you find a lot of encrypted files and programs, that’s a definitive red flag. Port scanners, credential theft programs, folders of stores malware, and other programs like these are the indicators that they are into hacking and they must be stopped.
No kid is innocent nowadays, and if you think your kid is innocent enough that he won’t ever jump into these things then you are mistaken. Kids who are quiet and shy are usually the ones being involved in these activities. However, there are ways to know if your kid is performing any unusual activities on Facebook by using proper parental control tools that they can’t dodge.
SecureTeen is one of the best tools that will tell you right away if your kid is doing something wrong on Facebook or if they are involved in some malicious activities. With its other features, you can easily know the threat that comes from your kid and take the action right away. It also allows you to put a screen time limitation on their devices. This way, you can keep an eye on them and know beforehand if they are being involved in anything wrong.
Mar 08, 2016Swati Khandelwal
Hacking Facebook account is one of the major queries of the Internet user today. It's hard to find — how to hack Facebook account, but an Indian hacker just did it.
A security researcher discovered a 'simple vulnerability' in the social network that allowed him to easily hack into any Facebook account, view message conversations, post anything, view payment card details and do whatever the real account holder can.
Facebook bounty hunter Anand Prakash from India recently discovered a Password Reset Vulnerability, a simple yet critical vulnerability that could have given an attacker endless opportunities to brute force a 6-digit code and reset any account's password.
The vulnerability actually resides in the way Facebook's beta domains handle 'Forgot Password' requests.
Facebook lets users change their account password through Password Reset procedure by confirming their Facebook account with a 6-digit code received via email or text message.
To ensure the genuinity of the user, Facebook allows the account holder to try up to a dozen codes before the account confirmation code is blocked due to the brute force protection that limits a large number of attempts.
However, Prakash discovered that the social media giant had not implemented rate-limiting in its password reset process on the beta sites, beta.
facebook.com and mbasic.beta.facebook.com, according to a blog post published by Prakash.
Prakash tried to brute force the 6-digit code on the Facebook beta pages in the 'Forgot Password' window and discovered that there is no limit set by Facebook on the number of attempts for beta pages.
Prakash has also provided a proof-of-concept (POC) video demonstration that shows the attack in work. You can watch the video given below that will walk you through the entire procedure:
Here's the culprit:
As Prakash explained, the vulnerable POST request in the beta pages is:
lsd=AVoywo13&n=XXXXX
Brute forcing the 'n' successfully allowed Prakash to launch a brute force attack into any Facebook account by setting a new password, taking complete control of any account.
Prakash (@sehacure) discovered the vulnerability in February and reported it to Facebook on February 22. The social network fixed the issue the next day and had paid him $15,000 as a reward considering the severity and impact of the vulnerability.
Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.
SHARE
Tweet
Share
Share
Share
Share on Facebook Share on Twitter Share on Linkedin Share on Reddit Share on Hacker News Share on Email Share on WhatsApp Share on Facebook Messenger Share on TelegramSHARE
Account password Reset, Bug Bounty Program, Facebook security, Hacking Facebook account, hacking news, How to Hack Facebook
Security Security strategy User Internet Web Services
|
Share
The flaw, which Facebook closed in early 2020, allowed it to seize control of any account on the social network and its friendly services. Security researcher Amol Baikar (Amol Baikar) has identified a dangerous vulnerability in Facebook's OAuth authorization protocol. It allows you to access any social network account, as well as other services that are logged in using Facebook. The specialist spoke about this in his personal blog, emphasizing that the described bug has existed for about 9 years.-10 years.
According to Baikar, the problem lies in the implementation of the "Login with Facebook" function, which uses the OAuth 2.0 authorization protocol to exchange authorization tokens between the social network site and other web resources. Thanks to this feature, Facebook account holders can freely use third-party Internet services that provide such an opportunity without additional registration.
The expert explained that an attacker could deploy a special website to intercept OAuth traffic and steal tokens that provide access to visitors' Facebook accounts. As a result, the "hacker" will be able to send messages, post in the feed, change account information, and perform any other actions on behalf of the victim. nine0005
In addition, the cybercriminal gets the opportunity to establish control over accounts on third-party resources, which can be used for authorization using Facebook. Many web services now provide this opportunity, including the social network Instagram, streaming services Netflix and Spotify, and the dating app Tinder.
Baikar informed Facebook about the discovered vulnerability on December 16, 2019. To his surprise, the company acknowledged the presence of the "hole" on the same day. What's more, she immediately released a fix. nine0005
Security researcher Amol Baikar found a way to hack any Facebook account using a decade-old flaw
However, later the researcher found errors in its implementation, about which he notified the company representatives on January 3, 2020.
On January 10, Facebook eliminated the shortcomings identified by Baikar.
On February 20, the expert received a $55,000 reward from Facebook as part of the Bug Bounty program for his work.
Over the past few years, Facebook has repeatedly found itself at the center of various scandals due to a careless attitude to the privacy of social network users, as well as the presence of serious vulnerabilities in other company products.
Evgenia Ukraintseva: Automation of HR processes should begin with the digitalization of the organizational structure
HR Tech 2022
For example, in July 2019, a vulnerability was discovered in the mobile version of Instagram (part of the Facebook ecosystem) that allowed an attacker to reset the password for absolutely any account and gain full control over it. nine0005
In April 2019, Facebook was convicted that when registering on a social network, a user's password to his email address could be requested if the client's email service causes some suspicions in the system.
The list of "suspicious" was also the popular Russian service "Yandex.mail".
In March 2019, it was discovered that tens of thousands of company employees could have access to other people's Facebook and Instagram pages, since the passwords of hundreds of millions of users were stored on the company's servers in clear text. Moreover, the social network officially recognized the existence of a problem only after a third-party information security specialist with connections within the company spoke about it on the Internet. nine0005
In September 2018, Facebook acknowledged the data breach of over 50 million account holders. The cause of the hack was a serious vulnerability in the Facebook code. It was eliminated as soon as possible, and law enforcement agencies were notified about the incident.
Nikita Vinogradov, FC Otkritie Bank: “Those who have long dealt with the issue of corporate technological sovereignty coped with the difficulties”
Security
In November 2018, it became known that the social network was unable to repel cybercriminals, as a result of which personal information about more than 120 million network users ended up in the hands of hackers.
The data was put up for sale at a price of 10 cents per profile. nine0005
Between 2007 and 2014 The social network transmitted information about its users to the British analytical company Cambridge Analytica, as a result of which 87 million people were affected.
Dmitry Stepanov
A notification pops up on the smartphone screen: "We detected an unusual login attempt from Rio de Janeiro, Brazil." The first reaction is panic, especially if you live in, say, Vladivostok. What could it be? System failure? Or is someone from the other side of the world really encroaching on your account?
There is no way to panic in such a situation - this will only play into the hands of the burglars. So that you can remain calm and survive this incident with minimal losses, we will arm you with knowledge: we tell you what the matter might be and how to act.
nine0005
First, let's figure out how a stranger could get access to your account at all. There are several options here.
A third party site where you registered might have been leaked. Having acquired a list of logins, e-mail addresses and passwords, scammers use them for a substitution attack, that is, they try to enter stolen credentials on many sites. Unfortunately, many people set the same passwords to protect their accounts in different services - this is what criminals are counting on. nine0005
Alternatively, your Facebook or Instagram credentials may have been leaked from the app you trusted them to. For example, in June last year, thousands of passwords from Instagram accounts leaked to the network, the owners of which used the Social Captain service to buy likes and followers. It turned out that he did not encrypt customer data, and anyone could get access to it. It is reasonable to assume that many users of the service have since experienced hacking attempts.
It may also be that some time ago you fell for phishing, and your login with a password fell into the hands of scammers directly. They clicked on some link, and on the page that opened, very similar to the Facebook or Instagram login screen, they entered their credentials. So they ended up with the criminal. For example, most recently, our experts discovered a phishing campaign in which victims were lured to phishing pages by the threat of blocking their Facebook account due to copyright infringement.
Your password could have been stolen by malware you picked up somewhere. Many Trojans have a built-in keylogger, a program that registers keystrokes on the keyboard. All logins and passwords that the victim enters, the keylogger directly passes into the hands of attackers.
Someone may have stolen your access token. So that you don't have to enter a password every time you log into Facebook or Instagram, it saves a small piece of information needed to log in to your computer, which is called a token or access token.
If an attacker steals the current token, he will be able to log into the account without a username and password. nine0005
Tokens can be stolen in different ways. Sometimes this is done through vulnerabilities in Facebook itself - for example, in 2018, attackers were able to get access tokens to 50 million Facebook accounts. Also, attackers can use browser extensions to steal tokens.
It is possible that you logged into Facebook or Instagram from someone else's device - at a party, in an Internet cafe, in a hotel lobby, and so on - and did not log out after that. Or, for example, they forgot to log out of their account on a device that they had already sold or donated. Now someone has discovered your oversight and logged into your account. nine0005
Your account may not have been hacked at all, but they are trying with a fake suspicious login notification. This is the same phishing that we talked about above, but a slightly different version of it.
Instead of the threat of blocking, scammers can use fake suspicious login notifications with a link to phishing sites similar to the login page. Attackers expect that the victim in a panic will go to a fake site and enter their username and password there. nine0005
We have sorted out the possible causes, now it's time to act. To get started, log into your account - but in any case not through the link from the notification (as we already know, it can lead to a phishing site), but through the mobile application or by entering the address in the browser manually. If the password does not match and you can no longer log into your account, refer to the detailed instructions on what to do if your account has already been hijacked, which we published earlier.
If you are still allowed into your account, go to your account settings and verify the authenticity of the notification. For each social network, the path to the desired settings item will be different - see how this is done on Facebook and Instagram.
Then go to the “Account Logins” section: if there are no suspicious entries there, then everything is in order, and the message about the hack was still phishing. nine0005
If you really see a suspicious one in the list of logins to your account, then it's time to hurry up to take protective measures - timely actions will help soften the blow:
If you're not sure you can remember it, save it in a password manager. By the way, at the same time the program will help you come up with a reliable combination. Many famous break-ins began during the Christmas holidays. A few simple tips will reduce your risk of becoming the next victim.
Avast solutions have a good reputation, but several incidents cast doubt on their reliability. We tell you whether you can trust Avast products.
How to watch the World Cup and not become a victim of fraud.
