May 15 2011

BackTrack 5 Released

The BackTrack Dev team has worked furiously in the past months on BackTrack 5, code name “revolution” – they released it on May 10th. This new revision has been built from scratch, and boasts several major improvements over all our previous releases. It’s based on Ubuntu Lucid LTS – Kernel 2.6.38, patched with all relevant wireless injection patches. Fully open source and GPL compliant.

BackTrack 5

New in Version 5 :

  • Based on Ubuntu 10.04 LTS
  • Linux kernel 2.6.38 (with wireless injection patches)
  • KDE 4.6
  • GNOME 2.6
  • 32-bit and 64-bit support
  • Metasploit 3.7.0
  • Forensics mode (a forensically sound instance)
  • Stealth mode (without generating network traffic)
  • Initial ARM image of BackTrack (for Android-powered devices)

Download: http://www.backtrack-linux.org/downloads/

May 11 2011

Facebook exposed user data to advertisers

Facebook accidentally left a door open for advertisers to access profiles, pictures, chat and other private data at the social network, US computer security firm Symantec says.

Symantec discovered that certain Facebook applications leaked tokens that act essentially as “spare keys” for accessing profiles, reading messages, posting to walls or other actions.

Facebook applications are web software programs that are integrated onto the leading online social network’s platform. Symantec said that 20 million Facebook applications such as games are installed every day.

The tokens were being leaked to third-party applications including advertisers and analytics platforms allowing them to post messages or mine personal information from profiles, according to Nishant Doshi of Symantec.

“Fortunately, these third-parties may not have realized their ability to access this information,” Doshi said in a blog post.

“We have reported this issue to Facebook, who has taken corrective action to help eliminate this issue.”

Symantec estimated that as of April, nearly 100,000 applications were giving away keys to Facebook profiles.

“We estimate that over the years, hundreds of thousands of applications may have inadvertently leaked millions of access tokens to third parties,” Doshi said.

Facebook confirmed the problem, which was discovered by Doshi and Symantec colleague Candid Wueest, according to the computer security firm.

There was no reliable estimate of how many tokens have been leaked since the release of Facebook applications in 2007.

Despite whatever fix Facebook has put in place, token data may still be stored in files on third-party computers, Symantec warned.

“Concerned Facebook users can change their Facebook passwords to invalidate leaked access tokens,” Doshi said.

“Changing the password invalidates these tokens and is equivalent to ‘changing the lock’ on your Facebook profile.”