Friday, January 20, 2006

More social networking sites hit with XSS Worms

After the MySpace (Samy Worm) we knew more of these were coming and still think its only the beginning. I've discussed the dangers of these issues in the past many times in my Phishing with Superbait presentation. At WhiteHat Security, we make= it our business to find these types of issues for our customers before the bad guys do.

Account Hijackings Force LiveJournal Changes
"It is impossible to know how many of these are nonfunctional, but we have an 85% success rate on usage, so it may be fair to state that 85% of those are valid," one member of Bantown told Security Fix. "However, we have only used approximately five hundred of these cookies so far, so it is impossible to tell whether this sample is statistically valid. Still, a massive number have been compromised."

"Group members said they plan to turn their attention to looking for similar flaws at another large social-networking site. "

Xanga Hit By Script Worm
"Following in the footsteps of fellow blog provider MySpace, appears to have been infected with some kind of worm that compromises the accounts of blog users and replaces content on the sites in order to replicate."

No comments: