Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
    Digg this story   Add to  
Social-networking sites rife with wormable flaws
Published: 2006-07-27

An audit of two popular social-networking sites found a dozen wormable vulnerabilities in less than an hour, a researcher for antivirus firm F-Secure stated on Thursday.

The company performed the research following three high-profile security incidents targeting popular social-networking site MySpace in the last year. Most recently, a banner ad on MySpace compromised almost 1.1 million computers, according to analysts at VeriSign's security consultancy, iDefense.

F-Secure searched through two sites claiming to have 80 million users and found a half dozen cross-site scripting vulnerabilities in each site, researcher Masood Syed Ghouse stated on the company's weblog.

"We stopped looking after finding half a dozen, but we are sure there are a lot more holes in there," Ghouse stated. "With about a day's work a malicious attacker with a half-decent knowledge of Javascript could create a worm using just one of these vulnerabilities."

MySpace has had its share of problems in the past year. In addition to two worms and this months banner-ad attack, a 14-year-old girl and her mother are suing the company for failing to adequately protect minors who use the site. In an attempt to solve its problems, the company hired former Microsoft cybercrime investigator Hemanshu Nigam to head its security push.

Posted by: Robert Lemos
    Digg this story   Add to  
Comments Mode:


Privacy Statement
Copyright 2009, SecurityFocus