Hackers attack MySpace and Facebook

By Clement James on Mar 4, 2008 9:23 AM
Filed under Web/client

Buffer overflows are at the heart of a series of attacks against Facebook and MySpace, security firm Fortify Software has warned..

Criminal hackers now view social networking sites as their best target for attacks, according to Rob Rachwald, director of product marketing at Fortify Software.

Part of the reason is that such sites are designed to be usable by "unsophisticated" consumers, meaning that the barrier to entry for attacks is potentially lower as users are more likely to click on a link that leads to malware.

"A buffer overflow enabled hackers to exploit the Aurigma ActiveX image uploading software used by Facebook, MySpace and other social networking sites," said Rachwald.

"The bad news is that this exploit is being used in a hacker toolkit currently being offered for download on several Chinese language sites, meaning that novices have been able to stage these attacks, and not just professional hackers."

Rachwald argued that social networking sites can no longer limit protection to their own security practices, but must take in the practices of their suppliers.

"Had Facebook and MySpace required Aurigma to provide proof of a code audit before sourcing the plug-in this latest security issue could have been avoided," he said.

hackers, attack, myspace, facebook

Ads by Google

What are your thoughts on this article? Add your comment below.

To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.

NOTE: You must be a registered member of SC Magazine to post a comment.

Click here to login | Click here to register

comments powered by Disqus