logo

Saturday, June 16, 2007

Save your Orkut account from getting hacked!!

by Sushma Verma 15 comments
Tag


Well, first of all my apologies for not posting anything for two days! One of my friend challenged me if I can hack her orkut account.
I don't know how to hack?
Google uses a 4 Level Orkut login which makes it difficult to hack using brute force method.
1st Level Security-SSL or 128 bit secured connection
2nd Level Google account checks for cookie in the sytem of user
3rd Level Google provides a redirection to the entered User information
4th Level Google doesn't use conventional php/aspx/asp coding so impossible to attack using input validation attack!!
It is not an easy task to break this security! But still some people manages to get access to other accounts. The question concerned is How they do it? Many of them just use simple tricks that befool users and then they themself leak out their password. Here are some points you need to take care of, to prevent your Orkut account being hacked!

Phishing Attack is the most popular way of stealing other's password. Popular by the name of fake login (among those who knows it!!) the users land on a page where they are asked for their login information and they enter their username and password thinking it to be a real page but actually it is other way round. It submits all the details entered to the programmer or the coder.

Community Links:
Many times you are provided with a link to a community in a scrap. Read the link carefully, It may be something like http://www.okrut.com/Community.aspx?cmm=22910233 OKRUT not ORKUT. Clicking on this link will take you to a fake login page and there you loose up your password.

Orkut New Features:
I have come across a page that looks like they are giving the user a choice of selecting new features for orkut with your ID and password, of course!! When user submit the page, there goes his ID and password mailed to the coder.

Java script:
You must have seen the circulating scraps that asks you to paste this code in your address bar and see what happens! Well sometimes they also leak out your information. Check the code and if you are unsure of what to do, then I recommend not to use it.

Primary mail address:
If by some means a hacker came to know password of your Yahoo mail or Gmail, which users normally keeps as their primary mail address in their Orkut account, then hacker can hack Orkut account by simply using USER ID and clicking on 'forget password'.This way Google will send link to the already hacked primary email id to change the password of the Orkut account. Hence the email hacker will change your Orkut account's password. Hence your Orkut account hacked too.
So a better thing would be to keep a very unknown or useless email id of yours as primary email id so that if the hacker clicks on 'Forgot password' the password changing link goes to an unknown email id i.e. not known to the hacker.
Hence your Orkut account saved.

If you would like to share something, comment here and I will add up here with a credit to your name.

Comments 15 comments
shivansh said...

gr8 work, buddy.....

bt i would like 2 ask, dat how & where could i create dis fake link, so dat the passwords r forwarded to my email ID....??

:)

Ashfame said...

Shivansh,
Will you hack our school mate's account?
Lolz

Kratika Sharma said...

good work ashish !!
but
"Google uses a 4 Level Orkut login which makes it difficult to hack using brute force method.
1st Level Security-SSL or 128 bit secured connection
2nd Level Google account checks for cookie in the sytem of user
3rd Level Google provides a redirection to the entered User information
4th Level Google doesn't use conventional php/aspx/asp coding so impossible to attack using input validation attack!! "
pls explain me this thing .... too much techno stuff !!!! :D :D :D
more than half of it ws bouncer !

Unknown said...

i think someone cud get thru my account...coz i hav noticed tht i hav a new community added to the existing list which i hav never joined in my best memory...do u think tht sumone cud login in my account???

Ashfame said...

Sri,
Welcome here!
It may be the case like you said, change your password and it can also be the case that you yourself join that community and now don't remember it.

Ashfame said...

Hi kratika!
Welcome to my blog!
Here is what you need to know:
Brute Force Method: It means targeting the target with all the possible matches. For example: Using all the possible combination of alphabets, numbers and symbols to enter the password. This technique gives you result for sure but it requires time (in days to crack good passwords)
SSL Security: It is a protocol for keeping people from intercepting sensitive data while it is being transferred over the internet by using encryption, authentication and message authentication codes.
Cookies: They are simply text files stored on user's PC for authenticating, tracking, and maintaining specific information about users, such as site preferences and the contents of their electronic shopping carts.
Redirection Technique: Google uses some sort of redirection technique to transfer user's information.
Input validation attack: You need to input some unique text in the form of username or password or anything else that is unique to you only and which authenticates you and nobody can gain access to it without your permission. Input Validation Attack is the art of gaining access to the restricted data by illegal terms. Google uses coding which is impossible to attack with this technique.
I hope I am clear now.
And Yes! I don't work for google!!

Kratika Sharma said...

well yes, i understood quite much of it .... thank you. and i know you DONT work for google :D lols

by the way, are cookies program files ?? can they link the info on my PC to the one on web ???

Anonymous said...

Hi..

Here :
http://orkutunderworld.blogspot.com/2007/06/infromation-on-how-your-account-gets.html

Changed it..
Actually i had to give two sources because i read about you from the other Blog...

And cool Blog man...
Do you Blogger Beta or the Full version ??
Nice Layout..
You have done one hell of a good work on the Template ..

Ashfame said...

kratika,
They are just simple text files (*.txt extension)
Yup there are malicious cookies which are used to track your activity online, supposedly for targeted advertising purposes.
Most of the Anti-spyware softwares can remove them! I use Spybot (Search n Destroy), its a freeware and effective too!

Hi Anique Akhtar!
Good to see you here!
I am on Blogger Beta!
BTW what is this Blogger Full Version? I have never heard of it!
Thanx for the comment Dude!

Anique Akhtar said...

Blogger beta...
was the Old one with the Old HTML..

now they upgrade to the new Blogger...
added Page Element page and Fonts page in the Layout...

Now the Problem is that few of the Widgets and codes that used to work in Old Blogger (Beta one) does not work in the new...

and those in the new doesn't work in the Old...

So i think you are using the New Blogger...
In the Edit HTML page at the Bottom you have an option to switch back to the old one...

Ashfame said...

Anique,
Oh Sorry! I got you wrong!
Yeah I am on new Blogger!
I have seen people calling the Old Blogger as Classic Blogger and the New one as Blogger Beta. Maybe I got them wrong too.
Anyway, Thanx for correcting me!

Ashfame said...

Google Analytics shows that many people landed on this post through search engine by actually searching for "hacking orkut account" and i guess if this information is not useful for them, they haven't figured out their way. Anyways, Best of luck to all of them!

S Ramanathan said...

hey !
i think i am a victim on one of those Java scripts address bar tricks...and someone knows my password !!

now, temme wat to do as a cure..i ahve changed my password a coupla times, but the guy is still able to access my account !

Anonymous said...

cool. like it

looks like some anti phishing work

keep it up :)

Anonymous said...

lol..... let google create any level of security..... i am here to break it.

Ashfame
I am a tech freak who loves to share.
Homepage : Ashfame.com
You can mail me at ashishsainiashfam[at]gmail[dot]com

Subscribe feeds via e-mail
feed

Subscribe feeds rss From Other Blog

Advertise on this site Sponsored links

Categories

Sponsored Links