Can you ever imagine that a single text message is enough to hack any Facebook account without user interaction or without using any other malicious stuff like Trojans, phishing, keylogger etc. ?
Today we are going to explain you that how a UK based Security Researcher, “fin1te” is able to hack any Facebook account within a minute by doing one SMS.
Because 90% of us are Facebook user too, so we know that there is an option of linking your mobile number with your account, which allows you to receive Facebook account updates via SMS directly to your mobile and also you can login into your account using that linked number rather than your email address or username.
According to hacker, the loophole was in phone number linking process, or in technical terms, at file /ajax/settings/mobile/confirm_phone.php
This particular webpage works in background when user submit his phone number and verification code, sent by Facebook to mobile. That submission form having two main parameters, one for verification code, and second is profile_id, which is the account to link the number to.
As attacker, follow these steps to execute hack:
Change value of profile_id to the Victim’s profile_id value by tampering the parameters.
Send the letter F to 32665, which is Facebook’s SMS shortcode in the UK. You will receive an 8 character verification code back.
Enter that code in the box or as confirmation_code parameter value and Submit the form.
Facebook will accept that confirmation code and attacker’s mobile number will be linked to victim’s Facebook profile.
In next step hacker just need to go to Forgot password option and initiate the password reset request against of victim’s account.
Attacker now can get password recovery code to his own mobile number which is linked to victim’s account using above steps. Enter the code and Reset the password!
Facebook no longer accepting the profile_id parameter from the user end after receiving the bug report from the hacker.
Last summer, Skype and Facebook announced a partnership and a deeper integration. Using Skype technology, Facebook users could have video calls inside the site. But, despite being based on Skype, they couldn’t call a friend using the Skype client or the other way around.
Now though, this has become possible, with the latest beta releases of Skype for Windows and Mac.
Skype users can start a conversation with their Facebook friends from the desktop client. It doesn’t matter whether their friends have the client as well, they can answer from the site and have a video conversation without the platform they use getting in the way.
“Today we are thrilled to announce our partnership with Facebook has reached yet another milestone with the launch of Skype 5.4 Beta for Mac and Skype 5.7 Beta for Windows allowing you to conduct a Facebook-to-Facebook call from within Skype,” Skype announced.
The feature has been a sorely missed one and it’s easy to see why. Without being able to connect with Facebook friends and start a video conversation, the integration wasn’t that useful to existing Skype users.
“Initiating a Facebook-to-Facebook call from within Skype is quite easy; all you need to do is connect your Skype and Facebook accounts. Then, select a Facebook friend and hit the video call button in Skype- your friend simply picks up the call from Facebook,” Skype explained.
If you’ve been using the video call feature on Facebook exclusively, the new addition doesn’t really mean much to you. Since you can start a video call on Facebook without even having a Skype account, the desktop client probably doesn’t mean much to Facebook users.
But there are plenty of Skype users out there and the ability to now chat with many other friends, who you may not have convinced them to join Skype. And now, they don’t have to.
Lagi-lagi ulah peretas internet Anonymous yang kabarnya ingin mencoba menumbangkan situs jejaring sosial Facebook. Hal ini didasarkan atas pendapat grup ini bahwa data yang tersimpan di Facebook telah disalahgunakan, dengan cara dijual ke pemerintah dan perusahaan keamanan yang bertujuan untuk memata-matai orang.
Menurut video yang diposting oleh Anonymous di YouTube, grup itu akan berusaha melakukan aksi nya pada tanggal 5 November nanti,dan turut mengajak semua orang yang ingin berperan. Namun seperti yang kita ketahui dari akun Twitter @GroupAnon, bahwa tidak semua anggota dari Anonymous ini akan ikut serta,bahkan tidak setuju, dalam proyek kali ini karena ternyata beberapa anggotanya merupakan pegawai Facebook sendiri.
Akankah Anonymous berhasil untuk menumbangkan situs raksasa yang mempunyai 750 juta pengguna? Dan juga mengembalikan reputasinya setelah gagal untuk menumbangkan Amazon?
Kalau update status Twitter menjadi status Facebook sepertinya sudah banyak yang menggunakan. Nah status Google+ yang dapat diupdate menjadi status Facebook sepertinya belum banyak yang belum mengetahuinya. Dibawah ini adalah cara-cara mengupdate status Google+ menjadi status Facebook anda, cara ini juga terbuka untuk meng-update status twitter sekaligus.
Untuk mengakali hal tersebut ikuti langkah-langkah berikut:
1. Buka alamat http://facebook.com/mobile
3. Copy-kan alamat email di bawah ulpload via email (No 1)
4. Login ke akun Google+ anda
5. Pilih fasilitas Circle atau lingkaran
6. Pilih tambahkan orang baru, pastekan alamat email , kemudian enter. Berikan Nama dan tambahkan ke lingkaran anda, kemudian simpan. (no.2)
7. Lihat di bawah layar, pilih undang ‘nama yang Anda masukkan di atas’ (no. 3)
8. Kalau berhasil, pada status FB anda akan terlihat seperti no. 4
9. Buat status baru di Google+. Pilih lingkaran di mana nama yang di atas dimasukan. Jangan lupa memberi tanda centang pada ‘kirimkan juga email kepada 1 orang yang belum menggunakan Google+’. Kemudian klik bagikan (no.5)
10. Apabila berhasil status Google+ dan Facebook Anda akan sama (hasil lihat no 6 dan 7)
Ever since the Google+ beta launched a few weeks ago, obsessive social networkers have complained about the lack of Facebook integration preventing users from cross posting between sites.
Fortunately, an application dubbed “Google+Facebook” created by an Israeli company known as Crossrider aims to solve this problem by allowing Google+ users to view Facebook streams and update their status from within the competing social network.
“It’s something we created in less than a day,” Crossrider co-founder Koby Menachemi told Reuters. “The product is not perfect, yet you can view (Facebook) streams and update your status” while using Google+.
Google+ is Google’s brand spanking new social network designed to compete directly with Facebook.
The nascent platform already has 10 million users, compared to Facebook’s 750 million.
Facebook won’t allow users of its site to import friends, pictures, or other information into Google+ based on the site’s terms of service, a major source of contention for those with an established Facebook presence.
“It’s a site within a site,” Menachemi said about the application. He added that Crossrider hopes to continually improve the service stating, “If users want a feature to post updates on both networks, we will. If they want to comment on their Facebook screen, we will do it.”
Note: There has been some criticism of the app on Crossrider’s own website, with a number of comments referring to the software as malware. As expected, Menachemi denied the allegation, but emphasized he would not remove the negative comments from the Crossrider site.
You never really know what you’re onto until you look, but who knew “looking” involved “digging through source code?” Software guru Jeff Rose had his curiosity piqued yesterday with the proper launch of Facebook Video Calling, and rather than just being satisfied with things working, he took it upon himself to see how exactly things were coming together under the hood. Turns out, the program grabs a startlingly small download link called FacebookVideoCalling.jar, which in turn uses LiveConnect to allow the Java applet to fetch a few other things. This enables the program to source your Facebook user ID (as well as an application ID), and from there, the installer has permission to use two things: a video chat plugin called “peep,” and something else dubbed “vibes.” Curiously enough, only one of those two were launched to the world, so logical skeptics are obviously opining that Facebook has a connected music service up its sleeve. ‘Course, there’s no indication that said service will actually use the Vibes moniker, but we could definitely ponder worse titles. So, Mark — three months from now, another impromptu press event, announcing something even more awesome? We’re so there.
Mark Zukerberg, CEO Facebook, baru saja mengumumkan akan disediakannya beberapa fitur baru di Facebook. Fitur baru ini adalah chat berkelompok, desain antarmuka chat baru, dan integrasi Skype untuk panggilan video.
Pengguna Facebook akan bisa melakukan Group Chat dengan cara memilih beberapa teman secara langsung. Chat berkelompok ini dilakukan dengan cara melakukan chat dengan seorang teman lalu mengundang teman lain untuk bergabung (Add Friends to Chat). Pengguna bisa terus menambah teman untuk chat bareng ini dan tidak akan terganggu oleh pengguna lain yang bukan temannya. Group Chat ini juga tersedia dalam antarmuka untuk perangkat bergerak (mobile) namun mereka tidak bisa menambah teman untuk bergabung dalam chat.
Chat berkelompok ini juga bisa dilakukan dengan teman yang berada dalam satu grup. Menurut Facebook, saat ini sekitar 50% pengguna Facebook masuk dalam grup/kelompok tertentu dengan anggota rata-rata 7 orang.
Desain antarmuka chat juga dirubah agar lebih simpel. Ada sidebar Chat yang akan muncul ketika chat dimulai sehingga ruang untuk mengobrol lebih lega. Selain itu juga ada fitur pembatasan untuk chat. Pengguna akan bisa memilih teman mana saja yang bisa melihat status online mereka untuk diajak mengobrol. Dengan demikian pengguna tidak akan terganggu oleh pesan dari teman lain yang tidak diinginkan jika sedang mengobrol dengan teman satunya.
Fitur baru yang paling canggih adalah chat video melalui Skype. Pengguna perlu mengunduh sebuah plugin yang dipasang di komputer mereka. Pengguna yang belum memiliki plugin akan diminta untuk mengunduh plugin tersebut jika ada temannya yang mengajak mereka melakukan obrolan via video.
Jendela panggilan video ini akan dipisah dari jendela Facebook sehingga pengguna bisa tetap menjelajah Facebook dan situs lain sementara sedang melakukan panggilan video. Panggilan ini juga bisa dilakukan hanya dengan suara jika pengguna tidak memiliki webcam untuk bertatap muka. Pengguna Facebook juga bisa mengirimkan pesan video kepada temannya jika mereka sedang tidak online. Fitur panggilan video ini bisa dijalankan di berbagai browser namun hanya di sistem operasi Mac dan Windows, sementara Linux tidak didukung.
Fitur-fitur ini juga akan digulirkan bertahap dan akan tersedia untuk seluruh pengguna Facebook dalam waktu dekat. Untuk memulai chat video, kunjungi http://facebook.com/videocalling
Facebook is organizing its efforts to branch out to the iPhone and iPad, but doesn’t want Apple in its way.
The social networking giant is working on a sweeping new platform designed for devices that use HTML5 – in other words, mobile devices made by Apple.
The website Tech Crunch is citing people “familiar with the project” as calling the new initiative almost like its own operating system.
It’s such a big undertaking that Facebook even created a cool name for it – Project Spartan.
That is to say, once users log into the HTML5-optimized version of Facebook, they’ll be able to run apps, chat, and do pretty much all the social networking activities they regularly need to, without ever opening an actual iPhone app.
The reason, say Tech Crunch’s sources, is to take Apple out of the equation and to “break the stranglehold they have on mobile app distribution.”
HTML5 does exist on other devices, and is slowly emerging to become a mobile standard in online content, but for now it is tied very closely to the iOS operating system and its built-in Safari browser.
Other mobile browsers are actually able to run full Flash content, the standard that has been supported by computers and other devices for much longer.
Yahoo akhirnya meluncurkan secara final layanan Yahoo Mail baru ke 284 juta penggunanya di seluruh dunia setelah sebelumnya masih berupa versi beta. Versi baru ini memiliki beberapa fitur menarik seperti integrasi dengan Facebook dimana pengguna bisa langsung merespon Facebook mereka langsung dari Yahoo Mail tanpa perlu membuka Facebook di tab lain secara terpisah.
Untuk melihat slideshow dan video pun kini bisa langsung dibuka dari email. Untuk email dari orang yang ada di daftar kontak sekarang akan langsung masuk ke bagian atas inbox sebagai email yang belum dibaca, dan email dari non-kontak akan berada dibawahnya meski diterima lebih dulu. Fitur Yahoo Messenger pun sudah terintegrasi dan layanan YouSendIt juga ikut disertakan Yahoo.
Sama seperti Facebook, Yahoo juga tampaknya ingin agar pengguna mereka lebih lama berinteraksi dengan Yahoo daripada melanglang buana ditempat lain. Yahoo Mail adalah salah satu layanan email gratis terbesar didunia yang melayani 284 juta pengguna dalam 26 bahasa berbeda, termasuk Bahasa Indonesia.
Facebook Messages seamlessly integrates many communication channels: email, SMS, Facebook Chat, and the existing Facebook Inbox. Combining all this functionality and offering a powerful user experience involved building an entirely new infrastructure stack from the ground up.
To simplify the product and present a powerful user experience, integrating and supporting all the above communication channels requires a number of services to run together and interact. The system needs to:
- Scale, as we need to support millions of users with existing message history.
- Operate in real time.
- Be highly available.
To overcome all these challenges, we started laying down a new architecture. At the heart of the application back end are the application servers. Application servers are responsible for answering all queries and take all the writes into the system. They also interact with a number of services to achieve this.
Each application server comprises:
- API: The entry point for all get and set operations, which every client calls. An application server is the sole entry point for any given user into the system. Any data written to or read from the system needs to go through this API.
- Distributed logic: To understand the distributed logic we need to understand what a cell is. The entire system is divided into cells, and each cell contains only a subset of users. A cell looks like this:
Cells give us many advantages:
- They help us scale incrementally while limiting failure scenarios
- Easy upgrades
- Metadata store failures affect only a few users
- Easy rollout
- Flexibility to host cells in different data centers with multi-homing for disaster recovery
Each cell consists of a single cluster of application servers, and each application server cluster is controlled by a set of ZooKeeper machines.
ZooKeeper is open source software that we use mainly for two purposes: as the controller for implementing sharding and failover of application servers, and as a store for our discovery service. Since ZooKeeper provides us with a highly available repository and notification mechanism, it goes a long way towards helping us build a highly available service.
Each application server registers itself in ZooKeeper by generating N tokens. The server uses these tokens to take N virtual positions on a consistent hash ring. This is used to shard users across these nodes. In case of failures, the neighboring nodes take over the load for those users, hence distributing the load evenly. This also allows for easy addition and removal of nodes into and from the application server cluster.
- Application business logic: This is where the magic happens. The business logic is responsible for making sense of all user data, storing and retrieving it, and applying all the complex product operations to it to perform various functions. It also has a dedicated cache that acts as a write-through cache, since the application servers are the only entry points to read/write data for any given user. This cache stores the entire recent image for the user and gives us a very high cache hit rate. The business logic also interacts with the Web servers to respect user privacy and also apply any policies.
- Data access layer: The data access layer is the schema used to store the user’s metadata. It consists mainly of a time sequenced log, which is the absolute source of truth for the user’s data, and is used to back up, retrieve, and regenerate user data. The schema also consists of snapshots that represent the serialized user objects understood by the business logic. This layer is designed to present a generic interface to the application servers while making the underlying store pluggable.
- Metadata store: Each cell also has a dedicated metadata store. We use HBase as our metadata store. The data access layer interacts with HBase to provide storage functionality. Late last year we talked about our Messages storage infrastructure, which is built on top of Apache HBase.
Finally, the whole system has a number of cells, and looks like this:
Other Messages Services
The Messages application back end needs to parse email messages and attachments, and also provide discovery of the right application servers for the given user. This is achieved with the following services:
- MTA proxy: This service receives all incoming email messages and is responsible for parsing the email RFCs, attachments, large bodies of email, and so forth. These parsed out values are stored in a dedicated Haystack cluster (which is the same key/value store that we use for photos). Once the proxy has created a lightweight email object, it talks to the appropriate application server and delivers the message. But talking to the appropriate application server involves figuring out the cell and machine a particular user resides on, which brings us to the discovery service.
- Discovery service: This consists of a map of user-to-cell mappings. Every client needs to talk to the discovery service before it can contact an application server for any request. Given the stringent requirements, this service needs to be very highly available, scalable, and performant.
- Distributed logic client: These clients listen for ZooKeeper notifications and watch for any changes in the application server cluster state. Each application server cluster or cell has a dedicated client. These clients live in the discovery service process, and once the discovery service has mapped the user’s cell, it queries that cell’s client, which executes the consistent hash algorithm to figure out the correct application server node for the user.
The Messages application back end also relies on the following services:
- Memcache dirty service: The application servers query message counts from the home page very frequently to accurately display the message notification jewels. These counts are cached in memcache in order to display the home page as quickly as possible. As new messages arrive, these entries need to be dirtied from the application servers. Thus, this dedicated service runs to dirty these caches in every data center.
- User index service: This provides the social information for each user, like friends, friends of friends, and so forth. This information is used to implement the social features of messaging. For example, on every message that is added to the system, the application server node queries this service to determine if this message is from a friend or a friend of friend and directs it to the appropriate folder.
The clients of the application back end system include MTAs for email traffic, IMAP, Web servers, SMS client, and Web Chat clients. Apart from the MTAs, which talk to the MTA proxy, all other clients talk directly to the application servers.
Given that we built this services infrastructure from scratch, one of the most important things was to have the appropriate tools and monitoring in place to push this software on almost a daily basis without any service disruption. So we ended up building a number of useful tools that can give us a view of the various cells, enable/disable cells, manage addition and removal of hardware, do rolling deployments without disrupting service, and give us a view of the performance and bottlenecks in various parts of the system.
All these services need to work in tandem and be available and reliable for messaging to work. We are in the process of importing millions of users into this system every day. Very soon every Facebook user will have access to the new Messages product.
At Facebook, taking on big challenges is the norm. Building this infrastructure and getting it up and running is a prime example of this. A lot of sweat has gone into bringing this to production. I would like to thank every individual who has contributed to this effort and are continuing to do so. This effort involved not only the Messages team but also a number of interns and various teams across the company.
Google Search :)
- December 2013
- November 2013
- October 2013
- September 2013
- August 2013
- July 2013
- June 2013
- May 2013
- April 2013
- March 2013
- February 2013
- January 2013
- December 2012
- November 2012
- October 2012
- September 2012
- August 2012
- July 2012
- June 2012
- May 2012
- April 2012
- March 2012
- February 2012
- January 2012
- December 2011
- November 2011
- October 2011
- September 2011
- August 2011
- July 2011
- June 2011
- May 2011
- April 2011
- March 2011
- February 2011
- January 2011
- December 2010
- November 2010
- October 2010
- September 2010
- August 2010
- July 2010
- June 2010
- May 2010
- April 2010
- March 2010
- Adobe and Java vulnerabilities leave Windows open for exploitation
- Tips Mempromosikan Aplikasi Mobile dengan cara Promosi Silang
- Qualcomm eyes massive Snapdragon speed (graphics) boost
- Android’s Camera Confirmed to Get RAW Support in a Future Release
- 7 Lessons Every Startup Should Know
- 10 countries with the highest percentage of Internet users tweeting
- Microsoft Launches Visual Studio 2013, Cloud-Based Visual Studio Online
- AMD adds new chips for 2014
- Android dominates 81 percent of world smartphone market
- MEMS sensors and hands-free UI will revolutionize mobile