Hacking Orkut

Orkut is becoming a popular Social Networking site Now-a-days. More and more people are joining Orkut regularly especially from India and Brazil. Due to this vast number of users, hacking orkut accounts is also increasing day by day. Orkut has really taken great efforts to prevent hacking and it has successed in it upto some extent. Most of the vulnerabilities in Orkut are vanished and they are pursuing towards it continuously. This extending security is also causing problem to ease of use. Still there are some methods to hack orkut because, as we say, weakest link in security is of course Human. I am going to explain three methods to hack orkut as these stand valid currently. I am not going to teach you step-by-step process, but just going to tell you how it is done.
Here we go:

1. Trojans, Keyloggers: These are one of the difficult to implement methods. What you have to do is, by anyhow, give the victim a file containing trojan keylogger. Once they execute it, trojan should execute and complete its primary steps properly. After that, when the victim logs on to orkut, this trojan will automatically log down their username and password and will then convey to you by one of the various methods. This one seems to be far easier but antivirus is one of the most difficult hurdle in that. Most of the computers today have good antiviruses but still some of them lack it. Also there are some non-truseted antiviruses which may not be able to detect the trojan. This trick requies knowledge and careful handling of trojans as they may also target your computer if programmed so. Ok, So lets move on to another trick.

2. Cookie Stealing: Cookies are a small piece of information that websites store on your computer for many reasons. When you log in into orkut, a cookie is generated. This cookie authenticates you and allows you to access your account. This cookie lasts until you log off from orkut. What if someone gets that cookie? When he keeps that cookie on his computer and log into orkut, orkut will read that cookie. It will grant person who has that cookie to access the victim account. Actually, this is not a fault of orkut. So, how can someone get that cookie which is stored in victim computer? You must have heard about javascripts. Something code that we paste in address bar and hit Enter. Then some effect takes place. These javascripts are the best way to get someone's cookie. There is a specially designed javascript for that. If you give that javascript to victim and if he executes it, automatically, the attacker gets the cookie of victim. Now he can log on into his/her account without tackling username/password and can made whatever changes they want.

3. Phishing: This is one of the most efficient and wide-used trick. Also, it is one of the easiest to implement. In this, what hackers do, they send a link to victim. If the victim clicks that link, He will see the orkut login page. He then logs in with his username and password. It gets failed. When he tries again to login, he gets logged in. So, now their account is hacked! What went wrong? The link which attacker sent to the victim was a duplicate copy of orkut login page. Anyone who logs on to that duplicate page, their emails and passwords are conveyed to the hacker by one of the various ways. After their email and password is sent to the hacker, they are taken to the orkut login page saying that login was not successful. So, there remains no doubt in victim's mind that we logged into another page. Most of the effort in this trick lies in putting such a page and finding a service which conveys you their email and password after they put it in that duplicate (fake login) page. There is no increased awareness about this trick. So, generally people fall prey for this hack.

After all discussion above, I am writing below some safety measures that you must take to preserve your account:

1. Always have a good antivirus and keep scanning your computer regularly. Many people think that a computer virus can't interfere with what we do in browsers. Well, upto some extent, it is right, but it can log your typped emails and passwords while signing in into orkut or such a service.

2. Dont execute any javascript given by anybody. As we discussed before, it can prove very risky to your account.

3. Dont click on any suspecious links given by anybody. As these maybe links to fake login pages.

4. When logging in to orkut, have a look at address bar and confirm that it is something like this:
https://www.google.com/....... (note that it is https which is very important)

5. Keep in mind what security question you have kept while creating the account and do not disclose its answer to anybody especially while chatting.

6. Before closing orkut, you must click "log out". This may not affect so much but it is recommended for keeping your account safe. There can be chances of "Man in the middle attack" but they dont occur so often.

So, this was a short article related to how orkut hacking is done. I hope you understand and like it. Please remember that I have not taught you "how to hack" but "how hacking is done".