An audit of two popular social-networking sites found a dozen wormable vulnerabilities in less than an hour, a researcher for antivirus firm F-Secure stated on Thursday.
The company performed the research following three high-profile security incidents targeting popular social-networking site MySpace in the last year. Most recently, a banner ad on MySpace compromised almost 1.1 million computers, according to analysts at VeriSign's security consultancy, iDefense.
F-Secure searched through two sites claiming to have 80 million users and found a half dozen cross-site scripting vulnerabilities in each site, researcher Masood Syed Ghouse stated on the company's weblog.
MySpace has had its share of problems in the past year. In addition to two worms and this months banner-ad attack, a 14-year-old girl and her mother are suing the company for failing to adequately protect minors who use the site. In an attempt to solve its problems, the company hired former Microsoft cybercrime investigator Hemanshu Nigam to head its security push.
Posted by: Robert Lemos