A group of hackers has kicked off its month of MySpace vulnerabilities, which it hopes will make more of a splash than January's month of bugs for Apple Inc.'s software.
But they acknowledge they've started off with a softball, as the first one revealed on Sunday isn't too dangerous, they wrote .
The problem involves URL (Uniform Resource Locator) spoofing. An attacker could build an official-looking MySpace page using MySpace's CSS (Cascading Style Sheets) editing features that's designed to solicit a person's log-in details. The fake page could have a URL that reads "www.myspace.com/PasswordReset."
The problem is credited to mybeNi websecurity .
"Note, it's a pretty light one, seeing how today is Sunday, and we don't really expect the crack MySpace Security Squad to actually do a lot of code changes on Sunday," they wrote. "So, we went with one they probably don't care about, and isn't terribly dangerous on its own."
The hackers, who go by the names Mondo Armando and Müstaschio, have said they picked MySpace for their project for its high number of users. MySpace had 64.4 million unique visitors in February, according to comScore Networks Inc., which tracks Web site traffic.
The hackers have informed MySpace of the project, they said.
"They are adhering to the company line that they do not respond to inquiries regarding security," one of the hackers wrote in an e-mail to IDG News Service.
The "month of bugs" theme has been criticized as gimmicky and, sometimes, just not that exciting. Others have done the "Month of kernel bugs" and "Month of PHP bugs" projects. The month of Apple bugs, which ran throughout January, turned up flaws but nothing too alarming.
But MySpace might prove more fertile. It has frequently been targeted by hackers since a single compromised account can open a door to potentially hundreds of thousands of other users, which can be targeted with spam or infected with malicious code.
In December, a worm rapidly spread across user profiles using a cross-site scripting weakness and a feature within Apple's QuickTime multimedia player.
Users who visited another MySpace profile could be infected by viewing an embedded QuickTime file, which could then begin an attack to capture the user's log-in details.
If the MySpace vulnerabilities aren't that thrilling, the hackers said it could aid the end of month-long bug-finding sprees.
"If it kills this Month of Whatever fad, then hurray for everyone, it's over," they wrote on their Web site.
Get the independent advice and expertise you need to support a virtual workforce.
The increase in Linux popularity has increased the frequency and sophistication of malware attacks. Read this 2 page white paper now to learn how you can protect your Linux environment with real-time protection that is certified by all major Linux vendors.
Download now »
Ensuring acceptable application delivery will become even more difficult over the next few years. As a result, IT organizations need to ensure that the approach that they take to resolving the current application delivery challenges can scale to support the emerging challenges. This handbook elaborates on the key tasks associated with planning, optimization, management and control and provides decision criteria to help IT organizations choose appropriate solutions.
Download now »
A common misconception is that mid-range storage requirements are dramatically different than that of a larger enterprise. Mid-range storage users may require less capacity, but they have similar functionality and management requirements. This ESG paper examines mid-range storage needs and reviews a new solution that adjusts size while retaining value, performance and functionality.
Download now »
Sign up to receive Architecture Resource Alerts
Recommend This
