MySpace Security Vulnerability

There are vulnerabilities in Social Networking sites like Myspace.com where online criminals can easily take advantage and extract personal information. These password protected sites are highly monitored by hackers and vulnerabilities constitute a potentially bigger problem later on.

The "Zero Day" flaw, discover by Rick Deacon a 21 year old networking administrator from Beachwood, Ohio, is where a hacker takes over a person's MySpace page and adds code to steal information. This risk has only been found in an older version of the Firefox browser and not the Internet Explorer browser as of yet.

The attack uses "cross-site scripting", a weakness in Web applications to accomplish this hack. The user is required to click on a link to a Web page where the computer's "cookie" information is then taken.

Deacon discovered the problem months ago and informed MySpace of it but the company has not fixed it yet. Deacon said "Facebook and MySpace both patch things that they find, but it's like a sandbox". He also added "There's is so much. And there are probably hundreds more cross-site scripting vulnerabilities there. There's no way they can find them all."

These findings where presented by Rick Deacon at the DefCon hacker conferences. Right after the presentation he was informed that he was deleted from MySpace for violating the terms of service. MySpace did not comment on the findings and the deletion.Eric E. Rosado writes articles on topics such as Unlock Myspace and Myspace countdown Generator Visit MySpace Security Vulnerability.