Social Media Tag

  |   Blog

How to Recognise a Self-XSS Scam

How to beat the hackers who can compromise your social networking account [caption id="attachment_5945" align="aligncenter" width="640"] Self-XSS graphic by Profit_Image/Shutterstock.[/caption]It’s a typical Wednesday afternoon. You are enjoying your lunch and posting on your favourite social networking account. Then you see this video clip on a friend’s page. It’s a group of kittens at play, doing daft things. You click on the clip, then something strange happens. Your Facebook wall or Google+ account is littered with strange or distasteful posts, which you have no knowledge about. Then you realise your account has been hacked. Then you find out what caused this: a self-XSS scam. What is a Self-XSS scam? A Self-XSS scam alters the code on the site you are using. It is so-called because the action is conducted on your own PC. Hackers could compromise your account by going into the Developer Tools option on your web browser. Under the Console section of the Developer Tools option would be the site’s errors. Google, Twitter and Facebook no longer display the error messages from their websites. Being able to access the error messages gives hackers free reign to spam or hack their way to your site. What is XSS? XSS stands for Cross-site Scripting, with the ‘x’ used to symbolise the cross in a Christmas/Xmas sense. In 2007, according to Symantec, it accounted for 84% of all security vulnerabilities. This can vary from a trifling glitch to a major security hole. There are three types of XSS flaws:Non-persistent flaws; Persistent flaws; DOM-based flaws.Non-persistent flaws can allow malicious sites to attack users of, for example, Google’s services whilst logged in. This is common with HTTP query parameters.Persistent flaws may include embedded vulnerabilities like a worm. This could be hidden inside a video clip, posted on a social networking site, and compromise an insecure PC.DOM-based flaws were traditionally found in applications which used server-side data processing. In 2011, a number of jQuery programs were found to have had DOM-based flaws.The above can be rectified by:Contextual output encoding or escaping: several escaping schemes can be used where the untrusted string needs to be placed within an HTML document. This includes HTML entity encoding, JavaScript and CSS escaping, and URL (or percent) encoding. Safely validating untrusted HTML input: in the comments sections of blogs and status boxes of social networking sites should limit facilities for the use of certain characters. Disabling scripts: it is possible to disable client-side scripts within your web browser. A single space: the most effective way of circumventing self-XSS scams entails a single space within the source code (seen within the a href link inside double quote marks). Treading carefully: though you may be tempted to click the link, show some discretion. The kitten video clip link may take you to another one which could be dodgy. Clicking the right mouse button and selecting ‘Inspect Element’ could be a good tip if you’re comfortable with reading the source code.Net66, 22 April 2016....

Read More
22 April
0
  |   Blog

Facebook: Taxing Times for Social Media Giant

Corporation Tax switch sees Facebook paying more tax in 2016-17 Financial Year [caption id="attachment_5755" align="aligncenter" width="640"] Taxing times: Facebook has agreed to pay UK Corporation Tax for its British operations. On the other hand, it is using an employees' bonus scheme to streamline its tax bill. Image by RawPixel.com/Shutterstock.[/caption] Facebook, Mark Zuckerberg’s social networking site is set to pay more Corporation Tax in the next Financial Year, following a recent outcry. The popular social media site will switch the tax base of its UK operations from Dublin to London.Till the start of the next financial year, Facebook has paid the Republic of Ireland’s National Treasury Management Agency’s lower rate. From April, they shall pay the HMRC rate of Corporation Tax of 20 pence in the Pound. They will also be subject to a Diverted Profits Tax, set at 25%. Therefore, customers wishing to buy advertising space will be billed from London instead of Dublin.In 2014, Facebook paid HMRC the measly sum of £4,327, less than a full-time employee might pay per annum. Particularly galling was the fact that HMRC paid more for Facebook ads than Facebook's tax bill - six times over. This was courtesy of a “Double Irish” deal where tax revenue was routed through its Republic of Ireland office.In a press release, the UK Treasury said: "The government is committed to making sure multinationals pay their fair share of tax. That's why we've taken unprecedented action both domestically through introducing the Diverted Profits Tax, and internationally through leading the world's major economies to introduce new rules to tackle aggressive tax planning by multinationals." Employee Bonuses Though the UK Treasury was pleased with Facebook’s decision, some savings are being made to the company’s tax bill. Through a £280m bonus scheme, part of their tax take will be classed as a ‘taxable expense’. Its 850 UK based employees will be given a payout of (on average) £775,000.Plus, the company’s international expansion plans see no end of ceasing. A new London HQ is under construction at One Rathbone Square, a new development by Great Portland Estates. This is on the site of land formerly owned by the Royal Mail. 216,000 square feet have been leased to Facebook.Today, Facebook is light years away from its modest beginnings, with advertising options and its search engine (powered by Bing) reaping rewards. Besides connecting people, it has become a marketplace along with the eBays and Amazons of this world. Its use as a source for business is greater than ever.Net66, 07 March 2016....

Read More
07 March
0
Get In Touch!
CLOSE