Buğra AYAN*

Said Saraçoğlu ile birlikte 18 Ocak 2008 de Youtube’a yolladığımız mailin orjinalidir.Açık kapatıldığı için yayınlıyoruz.

İki Türk gencinin mesajı üzerine Youtube sitesini değişmiştir. 

—– Original Message —–

From: Bugra AYAN*

To: security@youtube.com

Sent: Friday, January 18, 2008 1:16 PM

Subject: Security Issue

Hi.We are two teenager from Turkey(Bugra AYAN & Said Saraçoğlu) We found two security issue.

1-Login Problem

[İlk güvenlik açığını gösteremiyoruz.Çünkü Hala Aktif Durumda ]

2-Hack with next url

This is a honest link

http://www.youtube.com/watch?v=-dtdF6EYdac&eurl=http://www.link.com

But someone can change  with this devil link =)

http://www.youtube.com/verify_age?next_url=http://www.link.com&watch?v=qNPupgvf3YA

Link.com = Faket Login Page which was made tiny url with (2url.us etc.)

For example anybody receive mail like this.

—————————————————————————————————-

You know someone abuse our country and our flag in youtube :@ :@

Go this link and click Flag This Video for our country

http://www.youtube.com/verify_age?next_url=http://www.link.com&watch?v=qNPupgvf3YA

Thank you..

————————————————————————————————————————–

When users go youtube write username and password Your Fake Login Page then Fake Login Page direct video like abuse video.

User can’t understand what happened but he or she was hacked.

We hope you reply this mail.

Thank You Youtube..

Kaynak: [ Bu kaynağı görüntüle ]

Teşekkürler.

Dünyada ilk defa Facebooktaki güvenlik açıklarını Chip dergisinde Şubat ve Mart ayında Said Saraçoğlu ile yayınlamıştım.

Facebook yazışmalarda güvenlik açıklarını kabul etmiş fakat siteyi değiştirmemişti.

Ama bugün gelen bir haber bizi mutlu etti.

En güzel screenshotlarımdan birini aldım.

Facebook tüm üyelerine yani 100 milyondan fazla üyeye yaptığı duyuruda güvenliğini,mahremiyeti artırdığını dile getirdi.

İşte bu duyuru: [ Duyuruyu görüntüle ]

Daha önce açık olduğunu kabul etmişlerdi.Bu yazışmalar ile ilgili kayıtlardan bir kısmı ilk defa burada yayılıyorum. [ Belgeyi görüntüle ]

Site: http://www.turknorthamerica.com/modules.php?name=Forums&file=viewtopic&t=532

Amerikada yaşayan Türklerin sitesi TurkNA olarak bilinen turknorthamerica.com sitesinde programım yayınlanmıştır.

Site: http://www.rootshell-team.com/showthread.php?p=7610

Facebook Açıklarından bazıları yayınlandı…

In Turkey,Facebook bugs and Vulnerable found by two Turkish Guy.
Google Mirror: http://www.google.com.tr/search?hl=t…C4%B1k+bulundu
Send a Special message and open the profile

There is here some bugs and vulnerables;
Send a Special message and open the profile

Facebook security deficits continue to scare users. The accounts that can’t be seen by people who aren’t their friends are opened when the message is sent. To give an example,
A message is sent you,
“You have added me as a friend. Do we know each other?”
You say “no”. she/he says “Pardon”. Yet as soon as you say no, your profile is opened. Even if you limit the properties, he/she can see your friends and reach your photos.

Posted in Vulnerable | No Comments »
Making Avatar Bigger
January 3rd, 2008

Making Avatar Bigger

Facebook continue bothering you about security deficit. Malicious people can use the small photos that appear at the result of a search for fake memberships on friendship websites by making them bigger. We can make bigger and save Bu?ra Ayan’s small photo whose storage shortcut is http://profile.ak.facebook.com/profi…09740_9399.jpg by deleting the letter ‘s’ from ‘small’ in the shortcut, then in stead, writing ‘n’ from ‘normal’ in form of

http://profile.ak.facebook.com/profi…09740_9399.jpg . Malicious people can make up fake profiles on friendship sites by storing photos with this method

Friend Finder

With FriendFinder, Facebook that ignores the security of people’s personal data is so dangerous. Facebook that enables you to add your friends in MSN list by scanning them violates the security:
It ignores whether the other person accepts you in MSN or not.
It shows the people’s photos found at the result of the search.
It allows you to scan more MSNs than one.
Thus, malicious people can scan the list they will make from any letter by opening a fake MSN address. For instance, they open afakemsnadress@hotmail.com and,
jennifer1@hotmail.com
jennifer2@hotmail.com
jennifer3@hotmail.com
jennifer4@hotmail.com
jennifer5@hotmail.com
jennifer6@hotmail.com
jennifer7@hotmail.com
jennifer8@hotmail.com
jennifer9@hotmail.com
jennifer_usa@hotmail.com
jennifer_londra@hotmail.com
jennifer_newyork@hotmail.com
jennifer_mail@hotmail.com
jennifer_88@hotmail.com
jennifer_89@hotmail.com
jennifer_90@hotmail.com
jennifer_91@hotmail.com
jennifer_japan@hotmail.com
jennifer_sweet@hotmail.com

They form a list that alters according to the Jennifer fix. Then when you scan this, Facebook sends you “Do you want to add Jennifer High Jenniferusa@hotmail.com as a friend?”. As a result, this person can get Jennifer’s photos and E-mail address without knowing who she is. He can use it in his illegal works.

Resmi büyük olarak görmek için tıklayın.