Back to the articleIt seems MySpace users aren't a particularly cautious lot. #
Posted Tuesday 12th June 2007 04:49 GMT
It seems El Reg has gone a bit soft here, cautious ?
Google goes spear phishing on MySpace
CSS #
Posted Tuesday 12th June 2007 10:33 GMT
For us lucky Firefox users, it is nice and easy to get around these problems by disabling the CSS/JS on a page, this can be done using the Web Developer toolbar.
Quite why you'd want to look around a persons myspace when they're clearly phishing is a little debatable, but just in case you want to...
CSS has been traded privately for months #
Posted Tuesday 12th June 2007 13:30 GMT
CSS for mspace and hi5 have been traded privately for months. My favourite was the Hi5 CSS that was publically reported in December over at sla.ckers and went unfixed for months.
The exploit instead of stealing the victim's cookie logged the user out of the app and forced them to re-authenticate writing out user / pass to a writeable file on previously compromised webserver.
Normally the victim would be given a hi5 or you'd sign up as their myspace friend and leave a saucy note. Intriguing them to visit your profile , be mysteriously logged out when viewing certain parts of the profile then getting their account hacked later on.
Sign up, sign up for The Register's weekly IT security newsletter - click here
Top stories
Popular Whitepapers
- Analyst Keynote: The Register Agile Data Center Summit
On-Demand: Audio with slides - Analyst Keynote: The Register Agile Data Center Summit
On-Demand: Audio Only - Dell PowerEdge M710 with Dell EqualLogic storage vs. HP ProLiant BL685c with HP StorageWorks EVA 4400
Virtualizaed Exchange workload performance comparison of end-to-end solutions - New storage architectures make SSDs more cost-effective
High-performance, cost-efficient storage infrastructures - Hosted CRM Can Be Your Secret Weapon to Success!
Hosted CRM comparison guide - Market Primer: ERP Systems
Still stuck in the clouds when in comes to ERP?
