HideMyAss VPN

Thursday, September 5, 2013

‘Critical’ Facebook flaw left user images vulnerable to deletion by hackers

Indian researcher Arul Kumar has uncovered a security flaw that allowed hackers to delete any image from any Facebook user’s profile, without the user’s knowledge or consent.
The flaw has been classed as ‘critical’ and worked by exploiting the Facebook Support Dashboard, which is used to send Photo Removal requests to the company. These reports are usually either seen by Facebook’s employees or sent directly to the image’s owner with an automatically generated link to remove the photo. Once clicked by the user, the target image is then deleted.

The new bug has revealed that while sending these images, two parameters were left open and vulnerable. If a hacker modified Photo_id and Owners Profile_id, they were able to bypass any user interaction and simply have the removal link sent to their own personal inbox instead.

The owner profile IDs can be found through a simple search with Facebook Graph, and each image contains the fbid value which can found in a Facebook URL. Once the photo’s ID had been pinned down, two Facebook user accounts could then be inserted in order to receive the link needed to remove the image, with one person acting as a sender and the other as a receiver.
Kumar has warned that any photo could be taken from any page or user, including shared and tagged images, photos from groups and pages and images from suggested posts. The researcher has since been awarded a $12,500 bounty through Facebook’s Bug Bounty program and the company says that the error has since been fixed.

If you’re concerned about the security of your personal data then a VPN service can offer you added peace of mind when surfing the web. A VPN gives your computer an extra layer of protection while you’re using the internet, helping to ensure that the information stored on your device remains securely defended against any external forces attempting to access it.

Microsoft and Google press U.S. government for right to release more data on surveillance

Google and Microsoft might be rivals when it comes to most things, but the two companies have recently joined forces in pressuring the U.S. government to give companies the right to publish information requests made by the secret services. Putting their differences aside, Google and Microsoft are pursuing legal action petitioning the government to permit them to release statistics regarding secret surveillance demands against customers using their services.

The Obama administration has already confirmed that it will begin the release of a limited amount of statistics, notably the total number of security requests that have been issued for customer data over the past 12 months. It’s also been confirmed that this data will be released annually for the foreseeable future, but Google and Microsoft say that this isn’t enough. The two companies are looking for the right to release far more detailed statistics. The U.S. government faced the companies in a federal court in June, but has already asked for six extensions in just two months. Google and Microsoft insist that they simply won’t agree to any more delays.

Microsoft’s general counsel Brad Smith wrote on the company blog, ‘We both remain concerned with the Government’s continued unwillingness to permit us to publish sufficient data relating to Foreign Intelligence Surveillance Act (FISA) orders...we believe it is vital to publish information that clearly shows the number of national security demands for user content, such as the text of an email. We believe it’s possible to publish these figures in a manner that avoids putting security at risk.'

Google’s Chief Legal Officer David Drummond took the same stance as Smith in a letter to the attorney general and FBI. ‘We… ask you to help make it possible for Google to publish in our Transparency Report aggregate numbers of national security requests, including FISA disclosures—in terms of both the number we receive and their scope.’

With these two giants of the internet teaming up for the sake of information disclosure rights, it looks like the U.S. government has a serious fight on its hands.

If you’re concerned about the security of your personal information, a VPN service can help. A VPN provides your computer with additional defences while you’re surfing the web, to ensure your data stays safe and private.

18 new servers and 1873 IP addresses to the Hide My Ass! VPN Network

We’ve added 8 servers, 782 IP addresses and 2 NEW countries to the Hide My Ass! VPN Network

  1. France, Strasbourg (LOC1 S2) (128 IPs)
  2. France, Strasbourg (LOC1 S1) (128 IPs)
  3. Italy, Pordenone, Porcia (LOC1 S2) (60 IPs)
  4. Denmark, Copenhagen (LOC1 S2) (126 IPs)
  5. Jordan, Amman (LOC1 S2) (60 IPs)
  6. USA, New York, Virtual UK (LOC1 S2) (127 IPs)
  7. USA, New York, Virtual UK (LOC1 S1) (127 IPs)
  8. Saudi Arabia, Riyadh (LOC1 S2) (31 IPs)
  9. Norway, Oslo (LOC1 S5) (127 IPs)
  10. Norway, Oslo (LOC1 S4) (126 IPs)
  11. USA, New York, Virtual Canada (LOC1 S2) (127 IPs)
  12. USA, New York, Virtual Canada (LOC1 S1) (127 IPs)
  13. Latvia, Riga (LOC1 S2) (59 IPs)
  14. Republic of Singapore, Virtual Malaysia (LOC1 S2) (65 IPs)
  15. Republic of Singapore, Virtual Malaysia (LOC1 S1) (65 IPs)
  16. Republic of Singapore, Virtual Indonesia (65 IPs)
  17. Netherlands, Dronten (LOC1 S2) (127 IPs)
  18. Ireland, Dublin (LOC1 S2) (127 IPs)
You may have spotted that we have three new ‘virtual locations’. ‘Virtual locations’ are great for getting faster connections through our VPN service. See our knowledgebase for further details.