Google's Orkut social networking site was hit by a quick-spreading worm that managed to infect a large number of users when they viewed messages that came from friends who were already exposed. Infected users became part of a community dubbed "Infectatos pelo Virus do Orkut," which loosely translates from Portuguese to mean " …
Brazilian black hat community
I am a manager of an ISP in a Portuguese speaking country that has the misfortune to have the same name as a Brazilian location.
So, up to the point: it is unbelievable the amount of crap that comes from brazil IP addresses. Loads of spam, and fake e-mails with custom-made trojans are the order of the day. And even tough most of them are blocked by our measures, some manage to pass. yahoo.com.br also seems not to care much about our spam complaints, unfortunately.
In my opinion, in terms of this activity, Brazil comes right next after china and russia. Or perhaps due to our peculiar case, even manages to surpass russia.
login credentials and session cookies.
...it would have been relatively trivial for the authors of the Orkut worm to steal an Orkut user's logon credentials...
I'd doubt that as the logon credentials are passed at the time of login and what remains after that is only a token of authenticity in the form of browser cookies. Yes, it may be possible to steal that cookie and compromise a user's "session" which includes all of the Google services until a user logs out. I think people should stop click "Remember me on this.. " checkbox and avoid creation of a persistent cookie. Only my 2 cents.. please enlighten me if I'm wrong on this one.
Should we be taking Google to court?
I think it only fair that any damage incurred on any organisations website who host these types of service be responsible for their own security, its the only way security will ever be taken seriously.
If your at work and have an accident through unsafe working practices you are entitled to claim so why not on the web? You here many stories about Microsoft security threats but not many when it comes to their own systems! I wonder if they take their own security more seriously?
Within hours . .
Hey, Microsoft ! Did you read that ? The hole was patched WITHIN HOURS.
Not years, not months, not even days.
Does that mean ANYTHING to you, Steve ?
Really Pascal. Try comparing an Operating System patch with a patch for a website. Microsoft has to test their patches to make sure it does not break the OS. Wonder how impressed you would be if they did not test their patches.
Even Apple take their time offering patches.
- Facebook offshores HUGE WAD OF CASH to Caymans - via Ireland
- Microsoft teams up with Feds, Europol in ZeroAccess botnet zombie hunt
- Justin Bieber BEGGED for a $200k RIM JOB – and got REJECTED
- Review Bigger on the inside: WD’s Tardis-like Black² Dual Drive laptop disk
- Inside Steve Ballmer’s fondleslab rear-guard action