Most Popular
| Top Stories | Latest | Featured |
Google introduces Android Market
Courts find Veoh not responsible for copyrighted content
Samsung unveils X360 ultraportable
Comcast to enforce 250GB monthly bandwidth cap
Mozilla Labs unveils Ubiquity for user-generated mash-ups
Mozilla extends search deal with Google for 3 more years
IT
MySpace and Facebook struck by security flaw
Both MySpace and Facebook have come under the security microscope with the publication of a zero-day flaw that affects both sites. The flaw lies within the image uploader that both sites use, which is obviously a very popular and commonly used function. If exploited, the flaw can result in a buffer overflow that could lead to code execution on someone's computer and ultimately machine compromise. Even less surprising, the flaw is inside an ActiveX control. Assuming you are using a browser that doesn't support ActiveX, you're out of harms way.
Secunia has rated the flaw as highly critical, and as of the time of this post no patch has been formerly announced. However, a little-known feature of ActiveX known as the kill bit can be enabled that will prevent the exploit from being able to affect you.
Related Stories
User Comments (5)
Post a comment| phantasm66 on February 1, 2008 9:00 PM | These social networking sites are such a great attack vector for malware.
|
| vocoda on February 3, 2008 8:45 PM | Actually, the networking sites are no more an "attack vector" for malware than any other website. Micro$oft Exploder and it's broken add-ons are the root cause of all malware evil.
|
| phantasm66 on February 4, 2008 6:50 AM | Yes, but if you have a social networking page, I KNOW you will visit it, and visit it often.
Therefore, if I exploit a vulnerability in Facebook, for example, and add something bad to your page for IE to run, I KNOW that you will visit that page and run the exploit code pretty soon after I place it. Not only that, but you are likely to visit your page from a number of machines. Your "friends" will also visit your page, and I can get an idea of who your friends are just by looking at your page. Additionally, I think you will find that, whilst IE does have many security issues, many of the attacks that work with social networking sites work in just about any browser. So, you see, the social networking sites are a great attack vector. They are open, accessible, public, have security issues, and you and your mates are likely to visit them and load them in your browsers often. Many security guys refuse to have a social networking site page for these reasons.
|
| madmantm on February 4, 2008 8:11 PM | I have a facebook and myspace account. I loke them but I hate people who put way to much time in them. It is a good way to keep in touch but people need to go out more. Experience life. I found a link that decribes how I feel. Its old blue eyes telling it like it is.
http://americancomedynetwork.com/animation.html?bit_id=25239
|
| vocoda on February 5, 2008 7:07 AM | Yeah I have a Facebook and MySpace account too, they are great fun compared to basic posting/blogging IMHO - and I actually do have a life offline (in the real werld!). I stopped worrying about hack-attacks once I got Firefox, Anti-Spyware, Anti-Virus, and Firewall on my PC (with regular updates). Sure, there will always be fresh exploits to deal with, but from what I've seen over the past 12 years the worst ones are thru vectors such as email, office apps, and website drive-bys when surfing from search engines. Agreed that social networkings is a good target too, but I would class this as just another website attack. ActiveX controls in particular have been problematic since day one, as evidenced by MS repeated attempts to secure them over the years. Use ActiveX at your own risk - I do 
|
