Tuesday, February 28, 2017

Why You Should Disable Autofill on Your Browsers

Completing an online order. Filling out another registration form. These are just some of the online tasks we're happy to have Autofill complete the information for us. Recently, however, web developer Viljami Kuosmanen discovered a vulnerability that can expose your stored data to a malicious person via phishing. In this attack, a phishing email would be sent asking the target to complete a form on a web page. Once the target fills out one of the (visible) fields, the browser then auto populates multiple invisible fields on the page (drawing from the stored Autofill data).

picture1

Above is an example of the hack in action, and you can also test it out yourself on a test page Kuosmanen setup. With this it's possible to give an attacker access to your address, credit card information, and other sensitive data. According to Forbes, password keeper Last Pass is also susceptible to this vulnerability, which could cause you to give up your passwords unknowingly. 


Prevention against the attack

One of the most reliable is turning Autofill off on your browser. It is easy to do, and if you're using Chrome you can just follow these steps:
  • Open Chrome and click on the settings button in the upper right. 
       screen-shot-2017-01-26-at-9-41-25-am
  • At the bottom, click Show advanced settings.
  • Under "Passwords and forms", uncheck "Enable Autofill to fill out web forms in a single click".
  • Click on Manage Autofill Settings, and delete any data that has already been stored.

If you're looking to protect your enterprise environment from this, you'll need to educate your users on not clicking and reporting suspicious emails. Phishing emails use many varied tactics, and exposing employees to these will help them to prevent attacks. Phishing as a Service (PHaaS) can offer continual testing and training to employees, helping them to spot phishing emails and know how to interact with them safely. This is a proven measure where corporations have seen reduced click ratios, increased reporting, and significant drops in malware on their networks.

Remember, if an email is asking you to visit a website or submit information, you should always manually navigate to a known trusted website (like your bank) to log in and enter information. Don't ever click on suspicious email links, download attachments from unknown senders, and be wary if you continue to utilize the Autofill function on your browsers.
Posted by at 4 comments:

Free JUUL Vape and Pods






  • Go ahead and fill out a support ticket stating that your JUUL is no longer working but the light blinks when you place a pod inside.
  • It will ask you for a code of your JUUL. I’ve cracked a handful and will be listed below the instructions.
  • You’ll need to put “retailer” when it asks where you purchased it from and copy and paste this name: Circle K
  • You’ll also need to put the “purchase date” before 1 year because of the 1 year warranty.
  • You are also going to need a twitter account and it would be best if your profile pic was a photo of an older looking gentleman.
  • Next, send a tweet to JUUL stating that your JUUL is broken and they will respond to you in 2-3 days speeding up the process rapidly.
  • This should be an email sent to you regarding the warranty.
  • From there, explain that your JUUL became wonky and would no longer draw BUT the light blinks when you pop the pods in.
  • If you’re polite you’ll be receiving next day shipping to your address that you put on your account.
  • You can also explain that the pods leaked into the JUUL causing the malfunctioning vape and you’ll receive a complimentary FREE pack of pods.
  • Enjoy!



JUUL SERIAL CODES:
2EQSXKUX
8UDACDEW
5ARDCJTY
3ASQEWSK
7JASQWSX
1UBHXGET
7MKJAZKK
3UHDLMAE
0UTEHALA
Posted by at 55 comments:

Sunday, September 5, 2010

Best Sites to Find DOX

I'm sure some of you (the people new to datamining) are wondering "What are the best sites to find DOX?" well here ya go.

(Searches for emails, names, usernames, etc.)

(Searches for everything)

Reverse Search for pictures:

Reverse area code search:

Reverse Phone number search:

Us Criminal Record Check:

Realtor Home search:

Ancestry Search:

Internet Archive:

Reverse IP:
Primary : accurate country/ isp : http://www.whois.sc/iphere

Temporary Mail:

Anonymous email sending:

Secondary people search other then pipl.com

Gather Information on people's cameras by just uploading an image:

Once the target is accuired send free empty boxes:

Telephone Spoofing:

Remember that when datamining someone, the most important things you want to write down or save are:
- Name[s]
- Relatives
- IP
- Bio
- Location[s]
- Profile Links
- Email[s]


Posted by at 6 comments:

DefCon 15 - No-Tech Hacking


Probably one of the most interesting seminars I have ever watched. Johnny long teaches and explains many things such as:

- DOXing
- Social Engineering
- Jedi Wave
- Blending in with feds
- Breaking locks
- Learning from things around you
.. and more!
Posted by at 1 comment:

How to Get Skype Unlimited Credits

Hey, many people have been wondering how to get Skype Unlimited Credits and have been stuck just spending $5 for $5 in credits. Well what if I said that you can get Unlimited Credits to US & Canada, to the Country of your choice, or to Worldwide for very cheap? Well it's very possible.

Skype has made this very hard to find, but with some hard searching, I have actually found the link to it.

Prices
U.S & Canada - $2.99 USD
U.S, Canada & Mexico - $7.99 USD
Worldwide - $13.99 USD

Check it out here
Posted by at No comments:
Labels: , ,

Welcome to the Blog!

Welcome to the blog [current home] of SociallyOwned! S.O is a group started by me where I and/or other people conduct pranks, datamining, harassing, etc. If you would like to add my Skype account you may do so by adding 's1ckfuck69' (without the ') and I will accept ASAP. I hope to post some more things soon and most importantly, I hope you enjoy the site =]
Posted by at 3 comments:
Subscribe to: Posts (Atom)