- It's the applications, stupid
- Will a whitelist save personal computing?
- Thousands of Web sites under attack
- To solve the unsolvable problem
- Re-thinking the security of virtual machines
- Security Development Lifecycle trumps code complexity
- Is your Web site FIPS compliant?
- Computer security: Why have least privilege?
- Strategic security: Get a handle on authentication
- Control user installs of software
November 11, 2006 | Comments: (0)
More information on MySpace exploit
In my previous blog entry I talked about the password exploit outcome of a recent MySpace phish attack. I neglected to mention links to related newstories.
The latest hacks are only one in an increasing series of related malicious hacks.
What's worse is that there doesn't appear to be an easy, quick fix to the hacking that's going on. MySpace allows regular end users to modify their home pages with HTML. That right leads to a lot of power and is difficult to secure appropriately against maliciousness while allowing legitimate things to run. I'm not a big MySpace user, but my advice to anyone is to avoid MySpace until they get their security act together.
My initial gut feeling is that, like a lot of vendors, MySpace is handing out functionality faster than they are thinking about security.
11/26-06 Update:
Another link to the exploit
http://www.caughq.org/advisories/CAU-2006-0001.txt
Posted by Roger Grimes on November 11, 2006 04:59 PM
RATE THIS ARTICLE:
-
- COMMENTS
TOP STORIES
HP buys EDS for $13.9 billionCorporate software spending slows
MS targets smartphone market
SOA Software buys LogicLibrary
Phishers scamming IRS rebates
Sun to clarify JavaFX plan
MS' dev tool service packs
Developers' role shifting
MS: SP3 reboots OEMs' fault
Apple: iPhone out of stock
ADDITIONAL RESOURCES
- Application Security: Threats and How to Counter Them
- Why Linux Threats Mean Business
- Minding the Machines: PC Disaster Recovery for the Enterprise
- Protect Your Data with SSL
- Prevent Your Next Microsoft Exchange Outage
- 11 Myths About Microsoft Exchange Backup & Recovery
