Google's Orkut social networking site was hit by a quick-spreading worm that managed to infect a large number of users when they viewed messages that came from friends who were already exposed. Infected users became part of a community dubbed "Infectatos pelo Virus do Orkut," which loosely translates from Portuguese to mean " …
Brazilian black hat community
I am a manager of an ISP in a Portuguese speaking country that has the misfortune to have the same name as a Brazilian location.
So, up to the point: it is unbelievable the amount of crap that comes from brazil IP addresses. Loads of spam, and fake e-mails with custom-made trojans are the order of the day. And even tough most of them are blocked by our measures, some manage to pass. yahoo.com.br also seems not to care much about our spam complaints, unfortunately.
In my opinion, in terms of this activity, Brazil comes right next after china and russia. Or perhaps due to our peculiar case, even manages to surpass russia.
login credentials and session cookies.
...it would have been relatively trivial for the authors of the Orkut worm to steal an Orkut user's logon credentials...
I'd doubt that as the logon credentials are passed at the time of login and what remains after that is only a token of authenticity in the form of browser cookies. Yes, it may be possible to steal that cookie and compromise a user's "session" which includes all of the Google services until a user logs out. I think people should stop click "Remember me on this.. " checkbox and avoid creation of a persistent cookie. Only my 2 cents.. please enlighten me if I'm wrong on this one.
Should we be taking Google to court?
I think it only fair that any damage incurred on any organisations website who host these types of service be responsible for their own security, its the only way security will ever be taken seriously.
If your at work and have an accident through unsafe working practices you are entitled to claim so why not on the web? You here many stories about Microsoft security threats but not many when it comes to their own systems! I wonder if they take their own security more seriously?
Within hours . .
Hey, Microsoft ! Did you read that ? The hole was patched WITHIN HOURS.
Not years, not months, not even days.
Does that mean ANYTHING to you, Steve ?
Really Pascal. Try comparing an Operating System patch with a patch for a website. Microsoft has to test their patches to make sure it does not break the OS. Wonder how impressed you would be if they did not test their patches.
Even Apple take their time offering patches.
- Just TWO climate committee MPs contradict IPCC: The two with SCIENCE degrees
- Apple winks at parents: C'mon, get your kid a tweaked Macbook Pro
- SOULLESS machine-intelligence ROBOT cars to hit Blighty in 2015
- China in MONOPOLY PROBE into Microsoft: Do not pass GO, do not collect 200 yuan
- BuzzGasm! Thirteen Astonishing True Facts You Never Knew About SCREWS