Social Networking Sites Full of Security Holes

athloi writes "Social networking Web sites such as MySpace.com are increasingly juicy targets for computer hackers, who are demonstrating a pair of vulnerabilities they claim expose sensitive personal information and could be exploited by online criminals."

Re:Hey...Wait a minute

[SatanicPuppy]

Hey, you gotta give 'em credit for a quick turnaround on the openness issue...Only took 'em three hours (according to story submission time) to go from closed to too open.

In the end it's hardly surprising. These sites aren't designed with security in mind, and they allow user code on the pages. Game over man, game over. Blah blah blah SSL, blah blah blah strong passwords, blah blah blah restrict user code...This stuff is all basic.

Re:Perhaps ran into one of these

[SatanicPuppy]

It's almost always cookie cloning or password theft...That's the devil deal with Javascript, and allowing people to put their own widgets on their pages. Set up some XSS stuff, or just make a shiny widget and put in on your page and use it to snag cookie info.

Not much you can do about it other than turn of javascript by default. It's pretty annoying actually...These vulnerablities have been known forever, but patching them would break a lot of code, so they stay open.