Feeds

back to article Script fools n00b hackers into hacking themselves

Security experts have warned Facebook users in India not to fall for a new scam which tricks victims into “self cross-site scripting” by promising access to a tool which will let them hack their friends’ accounts. Symantec security response manager Satnam Narang revealed in a blog entry that a post began circulating last week on …

COMMENTS

This topic is closed for new posts.
Silver badge

Give these people an award!

With all the "bad" hacking going on, the people behind this deserve an award. The unprincipled script kiddies get a cyber-wedgy of their own doing, Farcebook gets more noise, a nice trade in "likes" can be started, which keeps marketing dweebs everywhere happy. And for those of us who don't run scripts we don't understand, and don't give a tinker's cuss about FB, well, it's simple amusement.

32
1
Gold badge

Re: Give these people an award!

Yup! The phrase you are looking for is "victimless crime".

6
0
Silver badge

Re: Give these people an award!

@Ken Hagan "Self-punishing crime"?

10
0
Bronze badge

Re: Give these people an award!

@brewster's angle grinder,

More likely a self inflicted gunshot wound (metaphorically speaking).

0
0

Re: Give these people an award!

FYI

A "tinkers dam" is not cussing. Tinkers used to repair things, like say a pot. They would make a dam out of clay and sand & then pour molten metal in to the pot to close the hole. When they were done they would sweep this tinkers dam away because it was worthless.

0
1
Silver badge

Catch 'em young

If the "career" path of a hacker follows the conventional route: from starting as a script kiddie to either getting a girlfriend or becoming a hard-ass hacker, then anything that can nip the process in the bud sounds like be a good thing.

Maybe the world should start hacking back? With tools like this and then later on with malware that purports to prevent self-hacks. We know, from the life-cycle of hacking itself, how to escalate these things.

Maybe attack really is the best form of defence.

1
0
Gold badge

Reminds me of a line from BBC Hustle

"You can't con an honest man"

(OK, you can deceive them, but the idea is that you need a kernel of dishonesty to start with, the "something for nothing" germ :) ).

3
0

Re: Reminds me of a line from BBC Hustle

As pointed out by Terry Pratchett in Making money: The impossibility of fooling honest men is no problem, dishonest are so much easier to find.

6
0
Silver badge

Re: Reminds me of a line from BBC Hustle

And they do not go an complain to the Watch

3
0
Silver badge

Facebook?

Facebook?

Jeez, not exactly the Dark Web.

CSS via Facebook and (no doubt) IE.

Serves the feckers right - I bet they are the same ladies' front bottoms that do the trainers and sunglasses spam.

0
5
Silver badge

Nothing new here...

The keyword here is script kiddie, or put differently: someone who has almost no idea how this whole computer / network thingie actually works. "Get IP number, enter IP number in script, $profit!".

(from an real IRC convo in the past 20 years, but I had to reconstruct from mind of course):

<kiddie> Oh yeah, bet ur afraid to give me ur ip. LOLZ

<guru> None at all, my IP address isn't a secret. 127.224.94.13, so what, huh?

*** Quits: kiddie #linux [~kiddie@my.hidden.address] (Ping timeout)

It's not as if its hard to fool these kind of "networking experts" you know ;)

4
0
Silver badge

Re: Nothing new here...

Should have given him 127.0.0.1

1
0
Bronze badge

Re: Nothing new here...

Nah, even a script kiddie might recognize 127.0.0.1 as a loopback address. Significently fewer people are aware that any address starting with 127 does exactly the same thing.

There's no place like 127.0.0.0/32

3
0

Re: Nothing new here...

Ummmm... shouldn't that be 127.0.0.0/8?

(Honest question, despite sounding like a CCNA pedant)

Also: http://ars.userfriendly.org/cartoons/?id=20010523&mode=classic

5
0
Thumb Up

Re: Nothing new here...

Yeah, it's not really class A as it's reserved, but it kind of logically is A, so it's subnet mask would be 255.0.0.0, so classless CIDR gives 127.0.0.0/8

Also, 2007 Wayback Machine :)

0
0

At least its clever

Its still smarter than the weekly phonecalls people I know get from indian sounding gentlemen.

In fact, my Nan - a lady who has never owned any form of computer (bar an ancient nokia which is new-tech to her) got a phonecall only 3 days ago from someone from her ISP (despite not having a connection). He informed her that her broadband was at fault and needed fixing (for a fee).

She passed the phone to me and by memory, I talked the guy through everything he needed to know (checked event viewer for errors). The fix was to enable port forwarding, RDP and pay £200. It was fun playing dumb and wasting some time.

7
0
Silver badge

Re: At least its clever

I never have the time to waste. :(

4
0
Bronze badge
WTF?

@BenBell - Re: At least its clever

BenBell wrote :- "my Nan - a lady who has never owned any form of computer ... got a phonecall .. from someone from her ISP (despite not having a connection)."

She has an ISP despite having no computer or connection? How did a salesman manage that?

0
2
Coat

Re: @Nuke - How did a salesman manage that?

Probably called her on the phone claiming to be from Microsoft Technical Support and that she needed an ISP for £200!

0
0
Silver badge

Bah!

What exactly is a "Facebook Like" and what is it's worth?

I'm sorry if I sound stupid but I don't use Facebook, and the exact impact of this "hack" is lost on me.

2
0
Gold badge

Re: Bah!

It's worth the same as a Bitcoin or a Renoir -- whatever you can persuade someone else to pay for it.

3
0
Silver badge

Born every minute...

As in "all day" (sucker!).

0
0

I feel pretty good about this

Serves them right!

0
0

"hackers" um, yea not really

Hackers should be in quotes throughout this article, as we're really talking about wannabe script kiddies that would fall for this. Serves em right.

0
0

Isn't this the same as the (risks racist tag) Irish Virus which went round a few years ago?

"Greetings, You have just received the "IRISH VIRUS". As we don't have any programming experience, this Virus works on the honour system. Please delete all the files on your hard drive manually and forward this Virus to everyone on your mailing list. Thank you for your cooperation."

Ah. No. This one actually works.

0
0
RML
WTF?

It's all Jacobian to me

So a hacker engineers it so crackers get cracked.

0
0
This topic is closed for new posts.