Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


Two Hackers Plan to Disclose MySpace Vulnerabilities

Two hackers have initiated a campaign to highlight MySpace vulnerabilities. This campaign hopes to make a greater splash than the January month of Apple bugs. The hackers admitted that the campaign started off rather slowly.

The hackers named Mondo Armando and Mustaschio stumbled on the vulnerabilities when they selected MySpace to carry out their project because the site has a large number of visitors. They said they had informed MySpace about their project. TECHWORLD published the hackers' statement on April 2, 2007.

The hackers said that during the next few weeks, they would disclose a number of bugs including cross-site scripting (XSS) flaws and others that allow unauthorized access to profiles of the site users.

At the start of the initiative the couple used a popular vulnerability that reflected the very characteristics of MySpace. Users could use cascading style sheet (CSS) language to edit their profiles as well as customize its URL. This could allow hackers to create profiles resembling the site's login page and use a seemingly authentic URL to dupe users into divulging their credentials.

On April 2, 2007 the hackers uncovered vulnerability within the "cms.goto" application featuring on "profile.myspace.com". It occurs due to the absence of input-validation and that can cause an XSS assault.

CTO of WhiteHat Security, Jeremiah Grossman told SCMagazine.com on April 2, 2007 that the project underscored the flaw of a large number of sites displaying on the World Wide Web. In any case, hackers would tend to exploit MySpace vulnerabilities, as there are 130 million members on the site. Hackers frequently target MySpace, as by hacking a single account it could help to access numerous other users' accounts that they could infect with malware or attack with spam.

In December last, the MySpace, the site drawing the fifth most traffic, carried an Apple patch after a cross-site scripting worm attacked it. The bug exploited the JavaScript functionality within QuickTime player that many site visitors use to play videos on the pages hosting their profiles. Understandably, the objective of the assault was to capture login details and entice users to visit a pornographic site containing spyware.

Related article: THE SPAM MAFIA

ยป SPAMfighter News - 4/10/2007

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page