22 January 2010

Berselancar Aman Di Facebook

Akhir-akhir ini banyak kasus teman-teman saya dimana account facebooknya dicuri, tiba-tiba teman saya tidak bisa mengakses karena alamat email sudah diganti.

Mengapa bisa terjadi?? Bisa banyak kemungkinan dapat dilakukan hacker, tapi hack melalui brute force attack dengan sasaran server facebook kemungkinan masih sangat kecil. Kenapa saya ambil kesimpulan seperti itu. Masih banyak cara dapat dilakukan untuk mencuri alamat email dan password pengguna facebook. Misal fake login dengan tampilan website yang mirip. Bahkan teman anda sendiri yang telah anda add sebelumnya dapat berbuat begitu. Ingat, bukannya hanya teman anda sendiri yang bisa mengetahui alamat email anda?? Setelah mengetahui alamat email anda, dia akan mengirim email dari alamat palsu atau Personal Message (PM) di Facebook yang memberitakan kabar & alamat palsu dan menggiring ke fake website yang ternyata akan menyimpan data user/alamat email dan password anda. Dengan mudah orang jail ini mengganti alamat email & password yang anda gunakan pada facebook. Bayangkan, apabila password yang digunakan pada setiap email & jejaring sosial lainnya sama, namanya sekali gebuk dapat semua. Yang saya herankan untuk website jejaring facebook pun ternyata belum aman (dijelaskan dibawah)

Bagi yang sering surfing di warnet pun harus extra waspada. Tanpa disadari pada warnet yang nakal setiap komputer telah diinstal keylogger yang akan mencatat setiap kegiatan yang anda lakukan ketika berselancar. Banyak program keylogger dapat dicari, bahkan kalau tidak mau bayar dapat langsung dicari cracknya sehinga tidak perlu aktivasi lagi.

Lucunya saya pernah menerima tawaran user disalah satu forum aplikasi yang menjanjikan dapat menghack account facebook orang. Kenapa saya curiga? Dalam aplikasi itu kita diwajibkan memasukkan account/alamat email beserta password facebook kita. Maksudnya menjaili orang malah kita dijaili, baaahhh….

Memang tidak ada gunanya…….

Berikut saya ambil kutipan dari salah satu milis semoga bermanfaat



  1. Do NOT login from http://www.facebook.com.
    Url Unsecure
    The page is not encrypted.
    Your login information (email and password) is> encrypted. But, since the login form is embedded inside a frame, users can not see whether it is encrypted or not. The following pictures show that there is no lock sign (https enable) in the right bottom. Attacker can use fake Facebook web site to steal user’s password without giving the victim any clue of attack.
  2. Do login from https://login.facebook.com/
    Url Secure
    When you are in http://www.facebook.com just click Login botton without fill in the email and the password. You will be automatically directed to the encrypted login page.>> You can verify the login session is encrypted by looking for the lock sign> in the right bottom of your browser.
  3. Do NOT continue the login process if there is any security warning /> alert> If you click Yes, malicious person might attacking your encrypted traffic> (https session). Press Esc button on your keyboard to stop the login> process.
  4. Do NOT forget to logout If you are not using your own computer/warnet, only closing the browser will leave> your login session to be used by other people. I found this case many times> in public PC.
  5. Do NOT work with system administrator privilege. Surfing the Internet, opening email, images, documents and other normal> activities must not use user account with administrator privilege. It’s VERY-VERY dangerous!!! Unfortunately, majority of Windows users work with> administrator privilege. I wrote this article about it in Indonesian. Here> is the English version translated by google.
  6. Beware of Malicious Facebook Widget> Widget, the third party application, allows its author to access sensitive information or install spyware in the target computer. There are already two> malicious Facebook applications: Secret Crush and Error Check System> attacking Facebook users.

    Beware of unsecure computer> Unsecure computer can be any computer which is not patched, has no updated> anti virus, or is infected by malware. Computer infected by Koobface worm> (koob = book), keylogger or other malware steals users password.
  7.  Beware of Wi-Fi Internet connection> Only Facebook login process is encrypted using SSL/TLS (https). Your> Facebook cookies can be easily captured from the air. Wi-Fi protected with> WEP encryption can be easily broken in maximum 10 minutes. Malicious person> can set up free Wi-Fi access point. He gives you free access, you give him> all unencrypted information, including Facebook cookies. Don’t keep private> or sensitive information in your Facebook.>>
  8.  Think Security First before click> Clicking any URL in Facebook wall is a risk. Malicious person and malware> (malicious software) such Koobface are spreading their maliciouse code using> the wall posting. It’s also easy to impersonate your friend or family in> Facebook by creating another account using the same name.>> 10. Make your families and friends aware>> The key to make you secure is to ensure your families and friends also are> aware of various security risks. Sharing this article (via email, Facebook’s> wall, etc) will help me, you, our families and friends to survive in this> (dangerous)

No comments: