For Facebook the Hacks Just Keep Getting Bigger

In an ironic twist that Mark Twain would have been proud of Facebook’s most recent and largest breach to date stems from a feature Facebook added to give users more control over their privacy!

“View As” Gives More Than a View

Two bugs in Facebook’s “view as” feature were exploited by hackers.  The flaws enabled them to get control of so-called Access Tokens, which allowed them to be logged in as genuine Facebook users without having to use their password. Ouch! I guess my 20 character randomly generated password wasn’t much of a deterrent when you have a backdoor like that!

All told, nearly 50 million user accounts were compromised on Facebook including those of Mark Zuckerberg himself and Sheryl Sandberg, Facebook’s COO. When you factor in that many people use their Facebook account to access other services such as Spotify, Tinder and hundreds of others, the extent of the compromised accounts grows to staggering.

Do We Have Your Attention Now?

Facebook was already arguably under more scrutiny than any other company for its past security transgressions such as those involving Cambridge Analytica and “Fake News” but this latest episode is sure to garner the attention of even more individuals, lawyers and regulators both here and abroad. Two individuals here in the US have already filed lawsuits that they hope will become class-action lawsuits.

GPDR Could Cost Billions

GPDR went into effect on May 25th of this year and that may have serious consequences for Facebook. If Facebook is found to be in breach of GPDR for failing to adequately protect user data they could be facing the largest security related fine in history. Under GPDR, a guilty party faces a fine of 20 Million Euro or 4% of revenue, whichever is larger. In this case, 4% of revenue represents a whopping $1.63 billion!

The Final Irony

Stories spread rapidly on Facebook. Real news and fake news alike and Facebook has taken tremendous heat for allowing fake news stories to proliferate across their platform. But, what is fake and what is real? And, with 2.2 billion users, who decides?

Well in the final ironic twist to this story Facebook was the one place you couldn’t learn about the latest breach. Why? So many users posted stories about the breach that Facebook’s spam filters thought the actions looked suspicious and removed them for looking like spam “fake news” stories!

Konsultek’s Take

Social networks such as Facebook pose a tremendous threat to the privacy of individuals and corporations who choose to use them. The use of a single Facebook login to access multiple properties means that the breach of a singular system, in fact, represents the breach of potentially hundreds. Extreme caution with social media has always been advised and this latest breach drives that home. While convenient, using shared credentials for access should be avoided as a security best practice.

Reporter Trolls the Russian Dark Web and Finds…

Reporter Trolls the Russian Dark Web and Finds…

Dylan Curran, writing for the Guardian, recently published a fascinating look at the world of Russian Dark Web hacking forums.

Knowledge is Power

You may recall that we took a look at dark web forums previously here, here and here. Well, in case you are under the false impression that the dark web has been scrubbed clean or had the bright light of justice shone upon it, you’ll be disappointed to learn that the dark web is not just alive, but thriving!

FreeHacks

Dylan’s deep dive was into just one of the larger hacking forums called FreeHacks which divides itself up into no less than 17 different hacking related sub-forums (granted, one of those sub-forums  is “Humor”) to meet the needs of its 5,000 or so members.

Unlike some of the sites we’ve chronicled in the past, FreeHacks is focused on education and sharing and in this way really highlights the difference in mindset between Russian hackers and those in Western countries.

Collaboration vs. Independence

On FreeHacks information and instruction on a very detailed and granular level are being openly shared for the greater good of the community. This is in contrast to Western hackers who are more apt to keep a lower profile, less openly sharing knowledge and less likely to collaborate with strangers in order to maintain as much anonymity (and competitive advantage?) as possible.

Konsultek Collaborates Too

At Konsultek we understand that the best security solutions come from collaborating with the top firms and brightest minds in the industry. That’s why we’re proud to partner with industry thought leaders at ForeScout, Checkpoint, SentinelOne, Gigamon, IntSIght and more. Are you looking to collaborate with a local leader with a global reach? Look no further! If you’re interested in a complimentary Risk Assessment, just pick up the phone and give us a call to schedule your first step towards greater security.

Understand where your most important digital assets are, what the impact and likelihood of an incident is, and how to protect those assets.

December 2017 ForeScout CounterACT Training

ForeScout CounterACT Training

Learn the practical real-world skills you need to properly configure, protect and maintain ForeScout CounterACT.

Konsultek consistently ranks as one of the top ForeScout resellers in the nation. Our instructors are experienced ForeScout security experts and will bring you the knowledge you need to maximize your ForeScout investment.

Highlights

Lab Focused | Training in a real network environment

Certified Professionals | Service engineers with real world experience implementing and troubleshooting ForeScout CounterACT

Hands-On | Learn the best practices for configuring, deploying and maintaining CounterACT

Flexible Scheduling | Onsite training provides a private learning experience for your team with discussions centering on your unique needs.

For More Info.

Additional information on this training program can be found here.

Register Here

Event Details

DATES: Tuesday, December 5 thru Friday, December 8

LOCATION:
Konsultek Office
2230 Point Boulevard, Suite 800
Elgin, IL 60123

WHAT TO BRING:
Laptop Capable of Connecting via RDP

COST:
$3,500 per person

October 2017 ForeScout CounterACT Training

ForeScout CounterACT Training

Learn the practical real-world skills you need to properly configure, protect and maintain ForeScout CounterACT.

Konsultek consistently ranks as one of the top ForeScout resellers in the nation. Our instructors are experienced ForeScout security experts and will bring you the knowledge you need to maximize your ForeScout investment.

Highlights

Lab Focused | Training in a real network environment

Certified Professionals | Service engineers with real world experience implementing and troubleshooting ForeScout CounterACT

Hands-On | Learn the best practices for configuring, deploying and maintaining CounterACT

Flexible Scheduling | Onsite training provides a private learning experience for your team with discussions centering on your unique needs.

For More Info.

Additional information on this training program can be found here.

Register Here

Event Details

DATES: Tuesday, October 17 thru Friday, October 20

LOCATION:
Konsultek Office
2230 Point Boulevard, Suite 800
Elgin, IL 60123

WHAT TO BRING:
Laptop Capable of Connecting via RDP

COST:
$3,500 per person

June 2017 ForeScout CounterACT Training

ForeScout CounterACT Training

Learn the practical real-world skills you need to properly configure, protect and maintain ForeScout CounterACT.

Konsultek consistently ranks as one of the top ForeScout resellers in the nation. Our instructors are experienced ForeScout security experts and will bring you the knowledge you need to maximize your ForeScout investment.

Highlights

Lab Focused | Training in a real network environment

Certified Professionals | Service engineers with real world experience implementing and troubleshooting ForeScout CounterACT

Hands-On | Learn the best practices for configuring, deploying and maintaining CounterACT

Flexible Scheduling | Onsite training provides a private learning experience for your team with discussions centering on your unique needs.

For More Info.

Additional information on this training program can be found here.

Register Here

Event Details

DATES: Tuesday, June 13 thru Friday, June 16

LOCATION:
Konsultek Office
2230 Point Boulevard, Suite 800
Elgin, IL 60123

WHAT TO BRING:
Laptop Capable of Connecting via RDP

COST:
$3,500 per person

April 2017 ForeScout CounterACT Training

ForeScout CounterACT Training

Learn the practical real-world skills you need to properly configure, protect and maintain ForeScout CounterACT.

Konsultek consistently ranks as one of the top ForeScout resellers in the nation. Our instructors are experienced ForeScout security experts and will bring you the knowledge you need to maximize your ForeScout investment.

Highlights

Lab Focused | Training in a real network environment

Certified Professionals | Service engineers with real world experience implementing and troubleshooting ForeScout CounterACT

Hands-On | Learn the best practices for configuring, deploying and maintaining CounterACT

Flexible Scheduling | Onsite training provides a private learning experience for your team with discussions centering on your unique needs.

For More Info.

Additional information on this training program can be found here.

Register Here

Event Details

DATES: Tuesday, April 18 thru Friday, April 21

LOCATION:
Konsultek Office
2230 Point Boulevard, Suite 800
Elgin, IL 60123

WHAT TO BRING:
Laptop Capable of Connecting via RDP

COST:
$3,500 per person

February 2017 ForeScout CounterACT Training

ForeScout CounterACT Training

Learn the practical real-world skills you need to properly configure, protect and maintain ForeScout CounterACT.

Konsultek consistently ranks as one of the top ForeScout resellers in the nation. Our instructors are experienced ForeScout security experts and will bring you the knowledge you need to maximize your ForeScout investment.

Highlights

Lab Focused | Training in a real network environment

Certified Professionals | Service engineers with real world experience implementing and troubleshooting ForeScout CounterACT

Hands-On | Learn the best practices for configuring, deploying and maintaining CounterACT

Flexible Scheduling | Onsite training provides a private learning experience for your team with discussions centering on your unique needs.

For More Info.

Additional information on this training program can be found here.

Register Here

Event Details

DATES: Tuesday, February 21 thru Friday, February 24

LOCATION:
Konsultek Office
2230 Point Boulevard, Suite 800
Elgin, IL 60123

WHAT TO BRING:
Laptop Capable of Connecting via RDP

COST:
$3,500 per person

© Copyright 2018 Konsultek