Spyware Sucks

"There is no magic fairy dust protecting Macs" - Dai Zovi, security researcher and co-author of The Mac Hacker's Handbook.

"The Biblical wisdom “pride comes before a fall” needs to be foremost in the minds of security professionals. There are several aspects to this truth, but it starts with believing it is true. For one, the bad guys are always getting better and trying to get in. They are working harder than ever to defeat whatever you are doing to protect your enterprise. This knowledge alone will change your perspective on your job and when you are “done". What worked today may not work tomorrow. In this light, be careful about the promises you make to others regarding security and the protections you are deploying." - Dan Lohrmann

Once again MySpace proves to be a danger to the Internet community

Once again, the MySpace network is a danger to its visitors. WebSense Security Lab reports that it has:

"... confirmed the existence of a worm spreading on the MySpace network. This worm is exploiting the Javascript support within Apple's embedded QuickTime player (1). This is used in conjunction with a MySpace vulnerability that was announced two weeks ago on the Full-Disclosure mailing list (2). The vulnerabilities are being used to replace the legitimate links on the user's MySpace profile with links to a phishing site."

I, for one, am sick to death of the dangers being faced by MySpace users - how many people remember when 1 million PCs were infected via MySpace pages?
http://msmvps.com/blogs/spywaresucks/archive/2006/07/22/105450.aspx

What about the MySpace usersnames and passwords that were stolen:
http://msmvps.com/blogs/spywaresucks/archive/2006/11/11/274239.aspx

I wonder if MySpace still transmits logins unencrypted:
http://msmvps.com/blogs/spywaresucks/archive/2006/08/08/107051.aspx

Then there are the spoofed log-in pages that continue to be a problem:
http://msmvps.com/blogs/spywaresucks/archive/2006/10/28/216648.aspx

I cannot stress strongly enough my belief that nobody should be allowed to access MySpace via a corporate network under any circumstances, and that nobody should access MySpace via their personal computers unless their computer's security settings are locked down tighter than a vault. Don't go there unless the entire MySpace domain is in your Web browser's restricted sites zone, or don't go there at all.

Published Sat, Dec 2 2006 15:39 by sandi

Comments

# Nicholas' Blog-O-Rama - Major MySpace Worm on the Loose!

Sunday, December 03, 2006 3:41 AM by Nicholas' Blog-O-Rama - Major MySpace Worm on the Loose!

PingBack from http://www.pdsys.org/blog/2006/12/03/MajorMySpaceWormOnTheLoose.aspx

# re: Once again MySpace proves to be a danger to the Internet community

Saturday, August 09, 2008 8:59 AM by Kris

I'm in the US army I work on the networks for the Army some non classified and some classified Myspace is a very dangerous website it lurks with hackers spyware and virus its a ident theft waiting to happen and is blocked by all military and gov't global accounts (it's a free website its going to be dangerous people take it from someone who knows) I've been told that the next step is for the army IA to forbid any soldier from having a myspace account so the rumor has it. My wife has a myspace and I told her when she wakes up one morning and all the money in the bank is missing (I TOLD HER SO!!!!)

Spyware Sucks

This Blog

Syndication

Search

Tags

Community

Archives

News

Once again MySpace proves to be a danger to the Internet community

Comments

# Nicholas' Blog-O-Rama - Major MySpace Worm on the Loose!

# re: Once again MySpace proves to be a danger to the Internet community