Archive

Archive for the ‘Vulnerability’ Category

Recover your Gmail and Orkut accounts from Bom Sabado attack

September 26th, 2010 3 comments

orkut Exploiting cross-site scripting flaw on Orkut, “Bom Sabado” worm is spreading like a plague on Orkut. Bom Sabado means ““Good Saturday” in Portuguese. It sends “Bom Sabado ” scraps to your friends and automatically joins your profile on some adult communities. It’s a cookie stealing script in action.

Am I infected?

If you have seen “ Bom Sabado! “ scrap on orkut, on your scrapbook or your friends scrapbook, or seen this scrap on Gmail’s web interface, you are infected.

Don’t panic !

What should you do?

  • Clear your cookies and cache.
  • Change your Google account password immediately by visiting the following link and don’t login to Orkut till Google engineers fix this issue.

https://www.google.com/accounts/EditPasswd?hl=en

changepasswd

  • Change the security question too

securityqn

  • Keep your Mobile phone no. updated for getting password reset code.
  • Don’t try to open Orkut or messages from Orkut by e-mail. (SMTP & POP users may view the message in plain text)
  • Stop visiting the scrapbooks of others till they fix this issue.
    How can you help to avoid its spreading?
  • Login to mobile version of Orkut http://m.orkut.com from Opera Mobile and delete all “ Bom Sabado! “ scraps

Alternatively,

Pass this information to your friends. Stay tuned for further updates.

Install and maintain an updated Anti-virus and Anti-Malware like, Malwarebytes Anti-Malware to keep your system free from Key loggers and backdoor trojans.

UPDATE from Google:

Hi all,

This is to inform you all that we’ve contained the “Bom Sabado” virus and have identified the bug that allowed this and have fixed it.

We’re currently working on restoring the affected profiles.

Thanks a ton to each of you who’s made an effort to alert everyone else about this.

Possibly Related Posts:


How to bypass Windows passwords? aka Linux, the easy way

June 23rd, 2010 2 comments

If you want to access a system badly and don’t have any authentication credentials here is a trick to bypass it.

Requirements:

  1. ISO image of any live Linux distribution (Ubuntu, Fedora, DSL etc.)
  2. Thumb drive aka Pen drive
  3. UNetbootin for Linux/ Windows
  4. More information at my previous post here

btw, don’t violate any rules. Enter at your own risk.

Possibly Related Posts: