PC SystemsWeb designLaptopsSupport

Accessories
All-In-One PCs
Cables & Tools
Computer Cases
Coolers
Digital & Video Cameras
Disk Drives
Flash Drives
Flash Memory
Gaming Accessories
Gaming Surfaces/Mats
Graphics Cards
Headsets
Input/Output Cards
Keyboards & Mice
Laptops
Memory
Monitors
Motherboards
Networking
Power Supplies
Software
Solid State Drives
Speakers
This site is secured using SSL encryptionCustom built laptops at affordable pricesBuild your own custom system, click here
MySpace Shockwave Flash Hack  <  Tech news  <  Support  <  Home

Support

Tech news

Latest tech news

shw
hahahahaha
Christmas opening hours 2011
Easter Opening Hours
Christmas 2009 opening hours
Windows 7 Release date.
Christmas opening hours
Internet grows up
BBC complete the online set
AVG 8 Free Edition


Browse tech news

MySpace Shockwave Flash Hack


The recent Yahoo! Mail worm, JS.Yamanner@m , is symptomatic of our increased usage and reliance on Web applications. This past weekend we saw a similar attack, but this time it was on the MySpace social networking site. Web applications are just as vulnerable to certain exploits, and even more so in some cases. In particular, services that allow people to author and post content under the service domain must always neuter any active content such as Javascript. MySpace fails to do so, allowing an attacker to automatically hijack any user's MySpace page as soon as they visit an infected MySpace page.
The attack works by using an embedded Shockwave Flash file. The MySpace site allows members to post embedded content, such as movies and Shockwave Flash files, via an HTML “embed” tag. Shockwave Flash files can contain scripting that is simply a variant of JavaScript (known as Action Script). In this case, the malicious Shockwave Flash file would send the command to start a MySpace blog post and parse the page for the viewing member's session ID parameters. With the session ID parameters, the code can do anything the viewing MySpace member can do, such as adding content to their page. The action script simply sends a request to modify the member's profile page, and then inserts an embed link to the malicious Shockwave Flash file. This way, any time another MySpace member views the newly infected page, their page then becomes infected—and so on, and so on—allowing the threat to self-replicate.
These threats are interesting because they are not “classic” threats where you must download content, save it, and execute it from your machine. These threats do not modify your local machine, but they replicate solely within the context of the service provider (in this case MySpace). So, they don't infect your machine per se, but they do infect your virtual space on the service provider's servers; leaving nothing for local machine security products such as antivirus or desktop firewalls to scan for after the space has been infected.
Thanks to http://www.chaseandsam.com/ and kinematic.theory for the initial heads-up.
21/07/2006

Your basket
0 items

£0.00

excl VAT & del

View your basket
Stock Information
Green
In stock to order. Next day delivery

Orange
On order. ETA confirmed

Red
On order. No ETA confirmed
Same day or next day delivery just £3.95All Nexus Technology orders can be tracked onlineVirus news and more in our support areaSoftwareATI graphics cards
Custom SystemsLaptopsTabletsComponentsSupportReturns policyDelivery chargesAbout usContact usLinks

VisaVisa DeltaVisa ElectronMastercardSwitch
72 London Road, Colchester, Essex CO3 4DGTel. (01206) 564124Email. sales@nexus-t.co.uk

Copyright © 2024 Nexus TechnologyTerms and conditionsPrivacy policy