An experienced CYBER SECURITY ANALYST dealing in transborder crimes on phones,computers,threat intelligence, bug hunting,.... White hat hacking and Repairing phones and reviewer of new technology gadgets
Wednesday, January 30, 2019
Are ugandans using MTN and Airtel safe?
Facebook vulnerabilities
I have heard that Facebook is determined to have a new development in the incorporation of both instagram,messenger and whatsapp in a sort of intergrated messaging procedure but before you do this i wanna alert you on and of some holes in your social media platforms..these holes may be carried on and it may end up affecting all the applications.
One is the authentication and verification of a phone number associated with a given account on some of the social mediaccount e.g especially those created using an email account as . . a login id ,these accounts are usually compelled to add a phone number which must be verified but on such accounts one can temporary use a phone number without verification for a couple of weeks or more month because on the three facebook accounts iam testing iam and gave been able to use one phone number to login to three different facebook profile accounts;where one is originally verified and associated with a different account while the two others are temporarily using it,a phone number verified to be a login id of another different facebook account can be added and used as a phone number on another account meaning that one phone number can be used to log in to more than two different accounts.this is possible on some browsers and Facebook pplication on some chinese made phones especially those running on spreadtrum micro chips,the most common browser which is a culprit to this is the NOKIAJAVA ME running on small Techno and airtel phones......plus most techno and airtel smartphones with other browsers are also prone to this however it should be noted that the opera mini browser doesnt allow a such for when i tested it on all the chinese phonebe it techno ,airtel and others it always showed that a phone number is associated with a facebook thus i concluded that on opera mini its had to add a phone associated with another account to act as a login number to another different account,i again noted that;an email associated with another facebook account cannot be used as a second login number to another account unlike phone numbers.now what worries is and what am asking myself is why has facebook managed to make sure that an email that is verified with another account cqnnot be used on another account,why can't they do it on phone numbers.Again,why does a phone number has to be kept pending for more than a year?one can add such a number and he/she doesn't verify it yet it still can be used as a login id for that account,this means that there is a problem with facebook's database.however i have come to prove that this phenomenon is mainly common on browser that are inbuilt on chinese phones or on facebook applications inbuilt on chinese made phones...!!!!thus am compelling the facebook development team to revise their database and make sure that one single phone number must be used " only and only" on one facebook account.
Which official phone numbers from facebook are allowed to send password reset messages to us?
I think many may be not aware that some phone numbers which aren't official facebook's number do send reset codes to our phone numbers associated qith our facebook accounts.they end up even sending facebook links for reseting our passwords which are phish.in some countries where telecommunication companies aren't serious, i think government security bodies can force them to surrender facebook users' numbers and some times can divert messages to their numbers so as to interfere with their works on facebook.i have also a belief that these governments have used the ss7 exploit to divert messages to phone numbers of facebook accounts that they think is a threat to them.i have had many scenarios where certain phone numbers from some african country owned by some people have been sending password reset messages and reset links whenever one tries to reset his or her account password!! Its really shocking how local number can send one a message if he or she tries to reset his or her password.this messaging from localphone numbers also does occur on Instagram.why does facebook send a message via another number not their own official number?are there local phone numbers that are suppossed to send such messages?if facebook is aware of this or not,then facebook must know that it is very dangerous to someones security and privacy more especially here in africa where governments try all means to interfere into people's privacy...what facebookand instagram must do is to make sure that phone numbers registered with profile accounts are the ones which must recieve reset messages and such messages from their web database must not pass via any diverted number.i think facebook has much changes to do and implement on its database.
The biggest and graveous threat here is that"as we all know that a reset code sent has some designed time until when it becomes invalid if its not used" but what i have discovered is that such phone numbers that pretentiously send these codes on behalf of facebook even resend a reset code that was earlier sent even after 8hours or more and this reset code can be used to change a password of the facebook account!!! I know its hard to believe this but what am sure of is that such numbers especially here in most african states have deliberately been established by the some authorities or certain foreighn States or cyber criminals or neighbouring states that want to carry on espionage to crack down people whom they think aren't pro their gorvenment.this puts some many of us at a risk and all Ugandans using telephone numbers to access facebook,instagram,twitter,whatsapp are at high risk of falling to this threat and am sure that all Ugandans using ugandan phone numbers to access social media are under this threat!!!!
For example,in uganda Some of the examples of these numbers that send these reset codes are +256771952364,+256773120478,+256772423645 and are registered in names of gerald adiga,fahad ssebbi,juliet birungi............and many others..i appeal to all ugandans to be extra cautious for they facebook accounts and instagram accounts may succumb to international or nationahackers
Subscribe to:
Post Comments (Atom)
-
With the widespread availability of the Internet today, there are still times when it may not be feasibly available. Be it on a flight, du...
-
msticpy is a package of python tools intended to be used for security investigations and hunting (primarily in Jupyter notebooks). Most ...
-
A new way for cybercriminals to create fake social media profiles and carry identity scams using Artificial Intelligence powered tool? A ...
No comments:
Post a Comment