Social networking sites may leak personal information as hackers attack targets

The intermediary transaction SEO diagnoses Taobao guest stationmaster buys the Cloud host technology Hall

Beijing Time August 4, according to foreign media reports, in this week's Black Hat Convention and Defcon hacking conference, hackers demonstrated two of potential personal users of sensitive information leakage of social networking site vulnerabilities, suggesting that social networking sites such as MySpace are emerging as a new target of computer hacking attacks.





11th session of the Black Hat Congress held in the United States Las Vegas, a total of 5 days, the official end of Thursday. This Friday, 2007 DEFCON Hacker Congress also quietly held in Las Vegas, the number of participants is expected to exceed last year's 5000 people. With the advent of social networking, how to break through password-protected social networking sites has become a subject of great interest to hackers and computer security experts.





src= "/ad/news/pic.js" type= "Text/javascript" > this year's 21-year-old Ohio hacker Rick Daiken (Rick Deacon) said he found MySpace exists "0" loophole, Hackers can exploit this vulnerability to control personal pages and even embed malicious code. So far, this vulnerability has not been fixed. Dekins plans to publicly demonstrate its findings in Sunday, but according to him, the flaw affects only older versions of Firefox, not Internet Explorer.





in such attacks, hackers exploited a vulnerability called cross-site scripting. With this vulnerability, hackers can embed malicious code into other people's Web pages. Security experts say many network applications have this vulnerability, but social networking sites are particularly prominent because users publish a lot of content every day, and service providers are hard to verify and manage effectively. Because of the vulnerability, Dekins said, "Cookie" information stored on his computer could be stolen if a user clicked on a link to another Web page.





According to Dekins, he had discovered the loophole a few months earlier and informed MySpace. But so far, MySpace has not fixed the vulnerability. "Facebook and MySpace are more willing to fix the vulnerabilities they've discovered, but their sites have hundreds of of cross-site scripting holes that can't be found on their own," he said. "MySpace spokesmen have not commented on this, but the company said in a statement:" It is our responsibility to have a fast response, All-weather security team, and we have done that. ”





Robert Graham, CEO of Errata Security, also demonstrated an attack program that could "lurk" on a public wireless network's computer, steal user "Cookie" information, or "hijack" User e-mail accounts and social networking site personal pages. He successfully intercepted an audience's Gmail account in a live display. Of course, if the audience tried the encrypted version of Gmail, Graham's program would not be successful. So far, Google has not commented on this.