hack

FaceNiff Android app makes hacking Facebook simple

FaceNiff is a new Android App that makes it literally effortless to log into someone else’s Facebook account as long as that person is on the same Wi-Fi network as you.

This application works by capturing and sniffing all the packets that are sent  around the network. The application itself doesn’t hack into Facebook, it wait for a user on the same wifi network to login, then it will intercept the data and display the user’s login ID. Then clicking on the name and ID, the app user is able to log in and take over the account.

In addition to Facebook, this application works with Twitter, YouTube and Amazon.

Android phones need to be “rooted” in order to run the app (a simple process) then the handset owner can just download and run the app. The video below shows just how simple it is (don’t try this yourselves folks, it’s illegal).

httpv://www.youtube.com/watch?v=3bgwVM7t_s4

There are a couple of ways to protect yourself from this hack:

1) Use SSL – Facebook, Twitter and Amazon all allow secure connections using https: instead of the standard http: – this means the data sent from your handset is secure and cannot be intercepted by the app.

2) For any service that does not support SSL, you can set up a VPN tunnel – this is a private network connection over public Internet which terminates on a trusted connection (such as your home or office). If you are unsure how to do this, your IT support company can advise you.

Sony network back under attack

Sony Pictures

A hacker group has claimed it has attacked the Sony network and stolen more than one million passwords, email addresses and other information.

Lulz Security said it broke into servers that run SonyPictures.com.

Sony said it was aware of Lulz Security’s statement and was investigating, the Associated Press reported.

In April, hackers broke into Sony’s PlayStation Network and stole data from more than 77 million accounts.

That attack was considered the biggest in internet history and led to Sony shutting down the PlayStation Network and other services for almost a month.

The company has estimated the data breach will result in a $170m (£104m) hit to its operating profit.

Since then, Sony’s networks have become targets for hackers and the company has confirmed at least four other break-ins prior to the claimed attack on Sony Pictures.

Lulz Security claims to be behind one of those attacks: an assault on Sony Music Japan.

The latest alleged attack will come as a blow to the Japanese firm, 24 hours after it announced the PlayStation Network would be fully restored in the US and Europe, and said it had beefed up its security systems.

‘Asking for it’

In a statement on Thursday, Lulz Security said it had hacked into a database that included unencrypted passwords as well as names, addresses and dates of birth of Sony customers.

“From a single injection, we accessed EVERYTHING,” it said. “Why do you put such faith in a company that allows itself to become open to these simple attacks?”

“What’s worse is that every bit of data we took wasn’t encrypted. Sony stored over 1,000,000 passwords of its customers in plain text, which means it’s just a matter of taking it.

“This is disgraceful and insecure: they were asking for it.”

The group also recently claimed responsibility for hacking the website of the PBS network and posting a fake story in protest at a news programme about WikiLeaks.

[Via BBC News]

Sony Playstation Network in fresh hack attack

Playstation Network password reset page could be exploited.

It’s been a bad few weeks for Sony with the PSN getting hacked a few weeks back – and now only 2 days after it was restored, it seems thier new security “improvements” can be circumvented.

This fresh exploit allows people to change users’ password via the password reset page using only a users account email and date of birth – data which was stolen by hackers in the original breach.

As a result, Playstation sign-in page is now unavailable on a number of Sony’s sites. The password reset site has also been taken down.

The website reads:

“PlayStation Network is not available at present. This could be for a number of reasons including scheduled maintenance or essential updates and we apologise for the inconvenience caused. In the meantime, you can continue to explore the world of PlayStation at eu.playstation.com.”