Vulnerability | Before Investing Your Money

Posts Tagged ‘Vulnerability’

Facebook application security hole exposes millions to hacking, researcher says – mxlogic.com – 19 Oct 09

October 23rd, 2009

Before You Invest

A security researcher is warning Facebook users about potential vulnerabilities in Facebook applications that could allow cross-site scripting (XSS) hacker attacks for hijacking user accounts.

Hacked Facebook applications could threaten the account security of Facebook’s roughly 300 million users, posing a risk of identity theft and account hijacking. Hackers controlling accounts can then access a user’s friends’ accounts.

The security researcher who goes by the handle “the harmony guy” said on a website that “nearly any XSS vulnerability in a Facebook application allows a sort of cross-site request forgery in that one can use application credentials to make requests to the Facebook API.”

This means the attacker can use the application to access Facebook user profiles and photos, even “send notifications to your profile, send notifications to other people (anonymously or from you) and post feed stories to your wall, all with links included,” the researcher said on theharmonyguy.com.

Writing for the technology blog ReadWriteWeb, Sarah Perez reported that the Facebook application vulnerability exists on 9,700 apps, including six of the 10 most popular Facebook apps.

“With hacked apps, security vulnerabilities, lack of privacy policies and apps that can read your private profile information, one has to wonder if using any Facebook application is appropriate and safe these days,” Perez wrote, in an article appearing on NYTimes.com

Posted in Finance Fraud

Tags: Account Security, Application Security, Apps, Attacker, Credentials, Facebook, Forgery, Hacker Attacks, Hackers, Harmony, Mxlogic, Notifications, Privacy Policies, Private Profile, Researcher, Security Hole, Security Vulnerabilities, User Accounts, User Profiles, Vulnerability

Comments Off

The financial crisis and the dollar

June 21st, 2009

Before You Invest

In the face of the worst economic crisis since the Great Depression and unprecedented U.S. policy actions, the U.S. dollar is still up 14 percent, against a trade-weighted basket of major currencies, from its all-time lows last year. On top of that, as you can see in the chart below, the dollar remains in an uptrend …

Source: Bloomberg

Meanwhile, currencies in the BRIC region have been decimated, with the exception of China — which has manipulated its currency in a virtual flat-line against the dollar since the crisis commenced.

Today, even after some recovery, the Russian ruble remains down 35 percent, the Brazilian real is down 27 percent and the Indian rupee is down 23 percent versus the dollar.

But most importantly, from peak to trough these currencies lost 58 percent, 69 percent and 33 percent respectively against the dollar at the height of the crisis. Take a look at the second chart below, and you’ll realize how drastic this fall was.

Source: Bloomberg

This underscores the vulnerability of these less developed, less dynamic economies and emphasizes the fragile nature of their financial markets and currencies.

Posted in Finance Fraud

Tags: Bloomberg, Brazilian Real, China, Currencies, Currency, Dollar, Dynamic Economies, Economic Crisis, Economic Depression, Financial Crisis, Financial Markets, Fragile Nature, Great Depression, Indian Rupee, Policy Actions, Russian Ruble, Time Lows, Trough, Uptrend, Vulnerability

Comments Off

Hackers seek to attack PowerPoint users: Microsoft – economictimes.indiatimes.com – 13 May 209

May 14th, 2009

Before You Invest

BOSTON: Microsoft Corp said on Tuesday that hackers are seeking to attack users of its PowerPoint presentation software for Windows PCs and released patches to protect them against the threat.

The world’s No 1 software maker said that a version of PowerPoint for Apple Inc’s Mac computers is also vulnerable, though it has yet to find any evidence that hackers are actively seeking to exploit it.

Microsoft defined the threat as “critical”, the most severe on the scale by which it ranks vulnerabilities to its software. Hackers are seeking to exploit the vulnerability in PowerPoint by persuading the intended victim to open a tainted PowerPoint file, that they either download from a Website or receive in an email, according to Symantec Corp, the world’s top maker of security software.

“At that point, the attacker would then have complete control over everything the user’s account has permission to do on the system,” said Alfred Huger, a senior researcher with Symantec. Huger said that Symantec has so far only observed a limited number of hacker attempts to exploit the vulnerability in PowerPoint.

Microsoft did not release a patch for Mac computers, though company spokesman Christopher Budd said that one is in development.

Posted in Finance Fraud