It seems MySpace users aren't a particularly cautious lot.
It seems El Reg has gone a bit soft here, cautious ?
If it seems like every Tom, Dick and Harry with a MySpace account was getting his account hijacked a couple of months ago there's a reason. Starting in mid-March, the number of page views generated on phish sites increased five-fold, with almost all (95 per cent) targeting the popular social networking site. The revelation, …
For us lucky Firefox users, it is nice and easy to get around these problems by disabling the CSS/JS on a page, this can be done using the Web Developer toolbar.
Quite why you'd want to look around a persons myspace when they're clearly phishing is a little debatable, but just in case you want to...
CSS for mspace and hi5 have been traded privately for months. My favourite was the Hi5 CSS that was publically reported in December over at sla.ckers and went unfixed for months.
The exploit instead of stealing the victim's cookie logged the user out of the app and forced them to re-authenticate writing out user / pass to a writeable file on previously compromised webserver.
Normally the victim would be given a hi5 or you'd sign up as their myspace friend and leave a saucy note. Intriguing them to visit your profile , be mysteriously logged out when viewing certain parts of the profile then getting their account hacked later on.
Biting the hand that feeds IT © 1998–2019