The seven most sinister hacking technologies-Intermittent blogs

Source: Internet
Author: User

Nowadays, in the Internet era where "information is at your fingertips", many people have their own email, QQ number, MSN, and other communication tools to contact friends and family, many people register their own accounts on their social networking websites, which will undoubtedly greatly facilitate our work and life. However, as attackers target social networks, ordinary users face a huge risk of being hacked when surfing the Internet.

The focus of a social network is to build online communities of people with common interests and activities. It can also be a collection of people interested in exploring others' interests and activities. Many social networks are web-based and provide users with opportunities for interaction, such as emails and other instant messaging services mentioned at the beginning of the article.

Social networks can be illustrated as follows:

The biggest danger of a social network is that it damages personal identity information and other information. It may cause your photos to be sent to an adult website and destroy your image. It may also lead to the theft of confidential information about your online bank card, and may "expose the company's trade secrets to the rest of the world" without knowing it "!

Don't take it lightly. Don't think this will not happen to you or your company. A social network is an important position for online fishermen, spammers, botnet controllers, and company spies to make profits. If you are careless about it, it can even easily ruin the fate of the company or individual.

The root cause of the problem is that social network sites are not secure. Generally, such websites do not identify users, and users cannot fully confirm the identities of online so-called friends. Attackers can easily exploit the "trusted" Culture in social networks, from the middle of the bulk. However, many users do not enable or deploy certain security and privacy options provided by these sites.

For example, social network application development tools, such as opensocial, and some third-party tools can be easily exploited by attackers to spread malware or leak personal private information. In addition, there is a real risk of company espionage. Attackers can easily use the information of network employees to perform other attacks. In addition, some popular Web attacks, such as cross-site scripting attacks, can also be used to deal with members of social networks.

Do not be complacent because you prohibit private information such as home addresses and phone numbers, because this will not protect you from security threats. There is no real privacy on the Internet. Users can only delay the risk of information leakage. Users need to regard the entire Internet as a platform where all resources will survive.

Attacks against social networks have just begun. Therefore, you should think twice before releasing personal information, or be cautious when accepting and trusting new friends. As attackers are increasingly concerned about social networks, their attacks will become more serious. Facts show that social networking websites have become a breeding ground for cyber attacks.

Sun Tzu said, "Know the enemy and know the enemy. To deal with social network attacks, we must first deal with such attacks. Next I will talk about the seven most sinister social network "Black techniques" of attackers ":

1. Identity counterfeiting and targeted personal information attacks

2. Create spam and botnets

3. Transformed social network applications

Iv. Intersection of personal information and professional information

5. Cross-site scripting attacks or cross-site Request Forgery

Vi. Identity Theft

7. Company espionage

Let's talk one by one:

1. Identity counterfeiting and targeted personal information attacks

Do not think that security experts are not threatened by social networks. In recent years, social network attacks have become increasingly widespread, and the personal information of many social network websites has been published to other websites. This shows that even experts may not be spared. Attackers can use personal identity information to threaten victims, such as sending photos to the Internet.

If a member of a social network rapidly updates his/her behavior or comments multiple "followers", it is simply introducing other factors into social network security, physical security. Maybe you didn't tell others who you are and where you are, but it doesn't prevent others with ulterior motives from knowing your information.

For example, spreading too much personal information (such as travel information or travel plans) to the Internet may cause entry theft. It can be seen that this will cause serious physical security problems. Therefore, do not easily publish your information to a social network.

As hamier and Moore demonstrated at the Black Hat conference, users do not even have to have the configuration information of the social network to be attacked, nor do they have to own accounts, you can send photos of others to the Internet, obtain online information, and build trustable information.

2. Create spam and botnets

Spam has become a huge industry. Advertising, click fraud, and botnets need to effectively spread their messages and malware (or both. Attackers have already entered social network communities like worms, hijack user accounts, and use their address books to spread spam, worms, or other malware.

As you can see, more and more malware is being attached to spam. You can see this clearly on famous foreign social networking websites. This mail is characterized by attracting people who do not know the truth to "special" Web pages, such as inviting users to click on a wonderful video link, which is actually a Trojan horse download link, it secretly downloads malicious software to a user's computer and turns the computer into a botnet member.

3. Transformed social network applications

Users have not considered installing applications in their browsers. However, these applications may be able to access the user's system, however, users' extremely private information may be stored in their own systems, and the risks are obvious. However, there are always some users who think that installing these applications is nothing remarkable.

This makes third-party applications a simple tool for attackers. In addition, third-party application services enable code-based attacks.

But it does not mean that all social network virtual tools are malicious. For example, opensocial, an open social networking website, provides Tool developers with the option to restrict malicious javascript in their applications, but unskilled developers do not know how to use these methods. This is only an option and is rarely used by developers. The final result is that security-insensitive developers can build applications, and the propagation speed will be as fast as the wild fire on the grass.

Iv. Intersection of personal information and professional information

Even if the user uses the account information of a social network for private use and the account of another social network is used for professional networks, this cannot guarantee that the pictures of the former will not appear in the latter's account, even "run" to the boss's mailbox. Consider an open social network that can be copied and pasted everywhere, whether it's images or work experiences.

5. Cross-site scripting attacks or cross-site Request Forgery

Cross-site scripting and cross-site request forgery are very obvious attack tools. Some social network worms use cross-site scripting to spread the attack. However, most social networks have mechanisms to deal with cross-site scripting attacks. Cross-Site Request Forgery is not yet popular.

Cross-site scripting attacks and Cross-Site Request Forgery do not pose a huge risk to social network sites. In cross-site scripting attacks, malicious code is injected into vulnerable web applications, and users who view these web pages are hacked ". During Cross-Site Request Forgery, attackers may cheat users' browsers to send login requests.

You know, attackers can force users to load HTML code at any time, the potential threat is that attackers can exploit browser vulnerabilities, infect botnets, and manipulate user accounts through XSS/csrf.

Cross-site request forgery attacks can jump between multiple social network sites, and when users log on, such attacks can spread from one social network to another. In general, Cross-Site Request Forgery is a type of hacker activity that is ignored.

Vi. Identity Theft

In short, identity theft refers to the activity of defrauding, stealing, and obtaining illegal interests by pretending to be another person's identity. Social network information can reveal valuable content, such as the name and date of birth of a victim. Identity thieves can use this information to guess the user's password or imitate these users, and finally steal their identities.

Social network users sometimes inadvertently hand over their information to others. They may hand over their e-mail addresses, birth dates, phone numbers, and other information to unfamiliar so-called "Netizens ".

One of our advice to social network users is not to answer all the questions submitted by the website, or to provide their own real birth dates. Users do not have to tell the website their real educational background, phone numbers, and so on, but also try to make other sensitive information wrong for thieves.

7. Company espionage

In the context of the increasing growth of Internet platforms, the company's espionage activities are also increasing. The personal information of employees may also lead to the company's espionage risks.

For example, in order to launch a phishing attack, attackers search for company employees on social network sites and pose a posture of a company boss or leader, if you appear as a leader of the human resources department and send an email to the employee, for example, "Dear XXX, congratulations on joining the company. Click the link below to access the company's intranet and log on with your normal user name and password. We will update the configuration file based on your information ." It is particularly important to note that new employees who just came to work in the company may be cheated like this.

The only way to deal with such espionage is to tell employees to restrict public information and not to disclose the names of employers or bosses, this can reduce the chance of attacking company leaders and companies through employees.

In short, employees need to know that you are only one step away from strangers on social networks. Be clear: there are always some black hands searching for your information on social networking websites. We are not just friends, but also wolf. Therefore, please disclose your information with caution.



Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.