Wednesday, 1 June 2011

Facebook Account Hacking, How to Prevention?

Some of today’s media preach about the theft of passwords facebook account. The victims were admitted after log out last time and the next day trying to log in to access fails for several reasons such as “username and password do not match” or “account does not exist”.

In some other social networking, like twitter and plurk had reported similar incidents never happen. Username and password do not match suddenly due to any reason, or we can take the red yarn, which change their password there.

Is there a technique for hacking cracking facebook accounts between individuals? The answers are few. Then the next question is, is there a technique to disable an account on facebook or other social networking?

The technique is revealed to attack facebook account some time ago was to flooding facebook data on a server with DDOS or the usual technique known as Distributed Denial of Service so that the server was paralyzed for several hours as happened on facebook and twitter in 2009 by a cracker from Russia. This possibility we need to be aware of.






The first method uses a keylogger is a very effective way for crackers to steal passwords from your facebook account. By installing the software and or hardware keylogger on the target notebook or PC, then automatically all kinds of knock on your keyboard or your browsing activities will be recorded in detail and systematically.

So if you type the password and username on a notebook or PC that has installed a keylogger, you with hearts full compliance has been handed over sensitive personal data on people who install it, because the keylogger is like carbon paper to make copies of something written on it.

Keyloggers are usually installed by crackers on a public internet access terminals, such as sharing in the cafe and campus. So be careful when using such access.

First, do not immediately use the terminal but did restart.
Second, check whether there are hidden applications that are running in the background memory, you can use the tools event task manager (press ctrl + alt + del on your windows desktop) and see if there are applications or processes that unusual? Indeed you need a little study and get this for your own safety.
Third, check your security settings on the browser you are using does automatically record your username and password? We recommend that you disable this feature and if there is anti phishing site can be activated.
Fourth, clean / delete the cache and history automatically every time to close the browser. This you can do on your browser settings.
Fifth, make sure that everyone has finished the activity you are always logged out perfectly.





The second technique is to use common tools such as Cain and Abel sniffing in the area to be connected to WiFi these tools are “seeking activity” on a laptop-connected laptop. Then you should be careful whenever they are mobile and access the HotSpot.

In principle, very easy wireless access to diintip. Do not just trust the SSID “Free or Free WiFi HotSpot” when you scan the wireless network. The most secure is to ask the manager what area HotSpot official SSID? Then the settings on wireless access
your notebook to not “auto connect” but must be manually so you can examine it first.

When you do a WiFi HotSpot access from the network should avoid transactions in critical sites such as e-banking, access email, social networking etc account. Browsing the general course unless you are certain that no one tried to peek your activity and the network are trustworthy.

However, be sure that you always access by selecting the mode using the HTTPS secure connection that is usually marked by the locked padlock icon on your browser. With HTTPS access is then between you and server accessible services have been protected with encryption so that’s not easy diintip by unauthorized people. Make sure you have entered into secure mode before entering a username and password or PIN.



The third way is to click the url given by the application or via email facebook. Or to trap you with a bid of a foreign application on facebook is an application that facebook itself apart from maintenance.

These applications can be made by anyone, anytime and random nature. To steal your username and password, usually the victim was told to access the link and ordered to give passwords and username.

You’re actually accessing the site (url) outside the official web site on facebook, so you need to be careful and never give if asked to re-enter your username and password or should never do when asked to download a software, programs, applications or certain documents glance appears to be useful or interesting (such as games, tools etc..) because it could be that actually the malware.

It should be socialized, if found it unusual or even doubt you do not understand what he meant, then the safest action is to always reject and select click the button “cancel”. Or immediately close the page, until you get reliable information.

Must always remember that the username and password is something vital, like let your PayPal, bank and God only knows. Never give them to others, for whatever reason, including a request from someone who claimed to be admin. Because if true he is the admin, of course does not require a username and password to perform any maintenance or actions.

Lastly, always type the address directly on the site url of your browser window. Because there is also malware which add a bookmark link that you think that it is official but misdirection (phishing).

More sophisticated malware that can even change the information in the etc / hosts that maps the url address as static on your computer without using the engine control. So when you type the address of the social networking site was redirected to phishing. Because it is very important to always be vigilant and check the validity of an url and aware of any irregularities, although a bit difficult.



Now this started many victims due to piracy efforts facebook account that uses social engineering techniques. Mainly exploit the weakness of the procedure for free email accounts like Yahoo! Mail.

Person or cracker can pretend to be you and try to get unauthorized access and hijack your email account. You do this by following the procedures for lost passwords.

Usually a free email service will ask for confirmation of some key words such as combinations of “where your honeymoon?” Or “what was the name of your first pet” or “uncle or aunt whose name is your favorite?”. Answer or keyword from the confirmation question like this once you fill in when first registering that email account.

Now through facebook, one or a cracker can easily fool you. He will pretend to apply as your friend. Then figure out your email address.

When he learns that you are using a free email address, then he invites you to start communicating. In a certain way he will mengkorek some information that you should keep private.

Once you provide the information necessary to access the lost password procedure in a free email account service, then the cracker will acquire your email account. Then he will perform the same procedure to your facebook account, ie pretending to forget his password and try to hijack.

Facebook will usually send you an email “temporary password” to your primary email address which unfortunately have been mastered by the cracker. So that he easily mastered your facebook account as well. Once she changed the password your facebook account, then you will be denied further access to your own facebook me.

A cracker who hijack your facebook account will usually use it for some evil purpose. The first is to conduct impersonating or falsifying identity with intent to defame, bad-mouth and drop your dignity as a true account owner. For example he was attacked and taken action that is not liked your friends so that in the real world, all people become hostile to you without your awareness.

The second is to fool your friends. There have been many reports in foreign countries and also in Indonesia, that some people asked for help by his old friend on facebook to send some money for some reason, the classic is stolen or kerampokan admitted on weekends or can not take money for treatment and so on. Or taking something but actually transact facebook account had been hijacked by others.