Friday December 5, 2008 7:50 PM AEST

SC Magazine Australia/NZ > News > Vulnerabilities & Exploits > Web > Hackers attack MySpace and Facebook

Vulnerability Alerts

SANS

Microsoft

Microsoft Security Bulletin Advance Notification for December 2008
MS07-068 - Critical: Vulnerability in Windows Media File Format Could Allow Remote Code Execution (941569 and 944275) - Version:2.3

CERT/CC

Latest Comments

"Excellent info. If you use Gumtree Australia you will see many obvious scam posts in all ..."

on Scammers target online car buyers, warns ACCC

by Marian Imrie | Dec 5, 2008 4:45 PM

"Very nice and useful information. UT4B4. Tape4backup.com"

on Weighing the options for securing back-up data

by Lto-4 Tape | Dec 4, 2008 9:23 PM

"Interesting that you do not bother to list the one AV that has consistently passed the VB100. ..."

on Latest VB100 malware test brings good news

by Ben | Dec 4, 2008 6:00 PM

"I like this"

on AVG update deletes critical Windows file

by nanwin | Dec 3, 2008 3:05 PM

"Concerned man's comments seem to intimate that if I'm using agents all will be well but the ..."

on Shavlik Technologies to broaden its patch management offerings

by Werner K | Nov 26, 2008 8:36 PM

Web

Hackers attack MySpace and Facebook

By Clement James
Mar 4, 2008 9:23 AM
Tags: Hackers | attack | MySpace | and | Facebook

Criminal hackers now view social networking sites as their best target for attacks, according to Rob Rachwald, director of product marketing at Fortify Software.

Part of the reason is that such sites are designed to be usable by "unsophisticated" consumers, meaning that the barrier to entry for attacks is potentially lower as users are more likely to click on a link that leads to malware.

"A buffer overflow enabled hackers to exploit the Aurigma ActiveX image uploading software used by Facebook, MySpace and other social networking sites," said Rachwald.

"The bad news is that this exploit is being used in a hacker toolkit currently being offered for download on several Chinese language sites, meaning that novices have been able to stage these attacks, and not just professional hackers."

Rachwald argued that social networking sites can no longer limit protection to their own security practices, but must take in the practices of their suppliers.

"Had Facebook and MySpace required Aurigma to provide proof of a code audit before sourcing the plug-in this latest security issue could have been avoided," he said.

Ads by Google

Thoughts on this article? Add a comment below.

Be the first to comment on this article.

Report this comment as offensive:

* Indicates information we require to process your submission.

Name: *
Email: *
Reason for offense: *
Your report will not be displayed.

Name:

Email:

(will not be displayed)

Comment:

(HTML not permitted)

Validation

Enter the code you see below:

Most Read
Most Discussed
Latest News

Vulnerabilities & Exploits Whitepapers

Hackers attack MySpace and Facebook

Sponsored Links

SC MAGAZINE SITEMAP

CATEGORIES

News

Alerts

Products

Stats

Blogs

Photo Galleries

Whitepapers

Events

Jobs

Downloads

Vulnerabilities & Exploits

Breaches & Exposures

Messaging

Mobile

Access Control

Biometrics & Forensics

Legal

Risk Management

Job Centre

Patch Management