Yes... there's another MySpace exploit on the loose
To everyone who has a MySpace account(which is just about everyone), there's a new exploit out there that you might want to watch out for. Read info here:
http://www.f-secure.com/weblog/archives/archive-122006.html#00001038
According to this page, this is a problem with an embedded Quicktime file using Javascript:
http://blog.spywareguide.com/2006/12/myspace_phish_attack_leads_use.html
These lines stand out particularly: If you are infected "you will need to clean out your profile and check if any of your friends have also been infected - if they are, you will continue to be reinfected...most likely via the friends list itself. We have seen reports of users complaining that even when they've removed the fake navigation bar from their page, it comes right back if one of their friends is infected - so it looks like the friends list is being exploited in much the same way the Orkut worm used a similar feature to spread. Except in this case, the only option to fix the problem is get your friend to remove the infection code from their page, or remove your friend from your list indefinitely."
Wow, one exploit after another for MySpace. This leads to the question, is there a fundamental flaw with MySpace- please hold your answers to 2 paragraphs on that one, I do work, as well as go to school. =P
Is this just the case of a company growing too fast and too large to keep up with the security needs of today. Does the thought processes of "well all software has unintended features" and "the bigger you grow, the more of a target you are" apply here. Or does good old Tom need to sit down and reevaluate the way MySpace does business.
Not really certain where I'm going with that one... just thinking I guess.
http://www.f-secure.com/weblog/archives/archive-122006.html#00001038
According to this page, this is a problem with an embedded Quicktime file using Javascript:
http://blog.spywareguide.com/2006/12/myspace_phish_attack_leads_use.html
These lines stand out particularly: If you are infected "you will need to clean out your profile and check if any of your friends have also been infected - if they are, you will continue to be reinfected...most likely via the friends list itself. We have seen reports of users complaining that even when they've removed the fake navigation bar from their page, it comes right back if one of their friends is infected - so it looks like the friends list is being exploited in much the same way the Orkut worm used a similar feature to spread. Except in this case, the only option to fix the problem is get your friend to remove the infection code from their page, or remove your friend from your list indefinitely."
Wow, one exploit after another for MySpace. This leads to the question, is there a fundamental flaw with MySpace- please hold your answers to 2 paragraphs on that one, I do work, as well as go to school. =P
Is this just the case of a company growing too fast and too large to keep up with the security needs of today. Does the thought processes of "well all software has unintended features" and "the bigger you grow, the more of a target you are" apply here. Or does good old Tom need to sit down and reevaluate the way MySpace does business.
Not really certain where I'm going with that one... just thinking I guess.