Facebook Hacked

Ninety Million Facebook Accounts Hacked

50 Million Facebook accounts totally compromised. Fifty million people, that’s nearly the population of England. But that’s not all, additional 40 million could have been be affected too. That’s a total of 90 million people and that’s the population of Germany and Austria combined. They announced the hack to the public, fixed it and moved on like nothing happened. Read more

Private Social Networks: Three Case Studies

There’s a wide variety of reasons why people might want to start their own social network; privacy is a dominant one. Whatever you’re interested in keeping safe, from your children to data about how you use the internet, smaller social networks can be a very appealing option. Here’s three popular private social networks, to show you just how viable they can be in today’s market, and some of the ways you can utilise plugins like PeepSo. Read more

“Digital Kidnapping:” The Rise of a Disturbing Trend

Social media roleplays are an online game in the same family as fanfiction and cosplay; users will create settings and characters, create social media accounts for them, and then play out relationships and events as those characters. Sometimes they play as established characters from television and film; other times, they extend existing fantasy universes. Where new characters have been invented, tradition dictates that they’ll choose a celebrity who fits their vision of what the character looks like, and use public domain photos of that celebrity where images are required or desired. These games have become so popular that players have to apply to take part; game organisers will ask a set of questions, and select the person they think will play best. For the most part, it’s harmless, creative fun; but recently, it’s taken a darker turn as people have started playing using photographs of “real” people, stolen from their social media profiles. It’s not quite catfishing, as players will usually make it clear that they’re role playing (by putting “RP account” in their description), but it can be equally distressing to the people whose photos are being used to represent a character they have no control over. Read more

WordPress News: a Rise in Brute Force Password Attacks

Malware removal company Sucuri noticed a massive spike in WordPress malware “visitorTracker_isMob” in the last two weeks. The purpose of the malware is to gain access to as many computers as possible via infected websites. At the same time, they’ve noticed a spike in brute force attacks; a particularly insidious kind, where the people attacking your site aren’t restricted by a limited number of login attempts before being locked out. As described by Sucuri, this is how they work:

Instead of going against wp-login.php (which can be easily blocked or protected via .htaccess) or doing a single attempt against xmlrpc, attackers are leveraging thesystem.multicall method to attempt to guess hundreds of passwords within just one HTTP request.

Sucuri-VisitorTracker-Malware-Campaign-II

In other words – rather than getting three guesses before being locked out, they’re getting a hundred times three. This particular type of attack is called Brute Force Amplification.

So how can you protect yourself against brute force amplification attacks, and in turn, from increasingly common malware?

Sucuri suggests that you block all access to xmlrpc.php – this does break some applications’ functionality, primarily JetPack. They also suggest blocking system.multicall requests. They’re hardly ever used and this will protect you against these amplification methods.