Friendster Account Security

September 25, 2008 · Posted in Friendster, Gastrote, Password Security

Hi, welcome to my first post in this blog!

I think it’s no use to introduce myself first (I’m too lazy to do that). So if you’ve read r3ck0rd’s article about account security such as this or maybe this and do everything that has been explained correctly. But, you account still get hacked so easily. Maybe this tutorial can help you, because I’ll explain more and concentrate in Friendster only

Here’re some possibilities of techniques that he/she use:

Fake Login (Phising)
Script Injection
Social engineering

Script injection that I mentioned above can be formed as Defacing Via Comments or maybe by using current working XSS. And about Fake Login (Phising), as you know now it has been improved. Fake Logins will just say “Error Validating User” or any messages (because it can be modified easily). And the latest version of it can just redirect you to the url of your fake login but the address bar still show the URL of your profile.

So here’s some advisory from me:

Please don’t approve comment(s) automatically. You can change it by going to “Settings” and find Approve comments automatically line. Change it into “Never”. Why do you have to do it? Because now as you know Friendster has turned off the “script” tag linker. You can find more information here.
Increase your awareness. Always check the URL whenever you login in Friendster. It’s must be something like: http://www.friendster.com/login.php or http://www.friendster.com. Not http://www.evil.com/friendster.html. And always check that after friendster it’s followed by .com after it (be aware of URL redirection spoofing) and always see that it’s not followed by Friendster ID (ex: http://www.friendster.com/54673221) because it means that he’s using iframe or other tag. And always check whenever you wanna log out from friendster. The address must be http://www.friendster.com/logout.php, not http://profiles.friendster.com/logout.php. And please don’t click suspicious links.
Use NoScript add on or just disable javascript. Remember, there are some malcodes also can take over your profile easily. For example Cookies Stealer or Fake Login Redirection.
Use your trusted user agents or browsers. I suggest you to just use Opera or just use Mozilla. Why not IE? It’s all because there are many exploits to be used to download a file (It could be a virus) without any confirmation. And please download latest patches from the developers or just upgrade to the latest version. Just choose which one is the best, but I don’t suggest you to use IE.
Change your password periodically. And please use different passes for every different accounts. For more advisory about password security, just see here

Thanks to:

God (For every blesses that you give)
r3ck0rd a.k.a Calvin Limuel (To let me to write this article)
FriendsterTalk (for every knowledge that you give)

Thx,

ymm0t a.k.a Tommy Winarta

Related posts brought to you by Yet Another Related Posts Plugin.

Tags: advisory, Friendster, security

Comments

178CommentsFriendster+Account+Security2008-09-25+10%3A55%3A18ymm0t to “Friendster Account Security”

r3ck0rd on September 25th, 2008 05:58:13 pm

Hey, not bad
Account Security Part 4 - by r3ck0rd | r3ck0rd's Blog on October 9th, 2008 10:42:47 pm

[...] must be one of the reason Th0R wrote “Friendster Hacking”.
You already know this and this article, and about the filter of
Friendster is off. So, attackers, can snoop in malicious code [...]
kembangsetaman on October 20th, 2008 02:28:46 am

very interesting article…nice to read your post, dude… Thanks