Slashdot Mirror

← Back to Stories (view on slashdot.org)

Social Networking Sites Full of Security Holes

Posted by CmdrTaco on from the 2.0-is-harder-than-1.0 dept.

athloi writes "Social networking Web sites such as MySpace.com are increasingly juicy targets for computer hackers, who are demonstrating a pair of vulnerabilities they claim expose sensitive personal information and could be exploited by online criminals."

24 of 76 comments (clear)

  1. Hey...Wait a minute by UncleWilly · · Score: 5, Funny

    First a story about how restrictive social networking sites are.

    Now, so many holes in social networking sites your data is already in the hands of criminals.

    1. Re:Hey...Wait a minute by NeoTerra · · Score: 4, Funny

      It's VERY Restrictive Swiss Cheese. Kinda like Windows ME.

    2. Re:Hey...Wait a minute by SatanicPuppy · · Score: 4, Informative

      Hey, you gotta give 'em credit for a quick turnaround on the openness issue...Only took 'em three hours (according to story submission time) to go from closed to too open.

      In the end it's hardly surprising. These sites aren't designed with security in mind, and they allow user code on the pages. Game over man, game over. Blah blah blah SSL, blah blah blah strong passwords, blah blah blah restrict user code...This stuff is all basic.

      --
      ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
  2. My God....It's full of holes! by dave-tx · · Score: 5, Funny

    Of course it's full of holes. How else would it connect to the series of tubes?

    --

    >> "What would the robut do? Frame someone!"

    1. Re:My God....It's full of holes! by whopub · · Score: 4, Funny

      Of course it's full of holes. They probably meant assholes. That would make more sense.
  3. I'd say the real threat isn't holes, but ho's by elrous0 · · Score: 5, Insightful

    It wasn't a security hole that allowed someone to blackmail Miss New Jersey. The real danger of these networking sites are dumbasses who post embarassing pictures and blogs about themselves IN THE OPEN, not anything a hacker needs to dig for.

    --
    SJW: Someone who has run out of real oppression, and has to fake it.
    1. Re:I'd say the real threat isn't holes, but ho's by Spy+der+Mann · · Score: 3, Insightful

      Yes, but assume that some sites DO implement security features like only allowing your data to be shown to your "buddies". What happens when these security measures get broken?

      The other day i could watch a demonstration of a XSS attack on meebo due to lack of server-side validation.

      Now add a little AI / data mining to this:

      (New entry, mo/day/yr) "Here's a picture of me and my daughter Jessica playing on the NN. park" -> AI -> name: Jessica. Picture: (insert here). Last seen on: MMDDYY. Location: NN. Park.

      There! You could make a database of potential victims for threats, blackmailing, and what not. The only thing that makes me feel safe is that such AI data mining technology hasn't been developed... yet.

      As a rule of thumb, follow Murphy's law: What can go wrong, WILL go wrong (remember the recent SSN leaks?) Unless social networking sites have been PUBLICLY certified as having greater security than Fort Knox, stay away.

  4. "It's Time for Social Networks to Open Up" by Jeremiah+Cornelius · · Score: 4, Funny

    I laughed at this juxtaposition, too!

    Hey, site vulnerabilities are an API! Right?

    XSS is Web 3.0. ;-)

    --
    "Flyin' in just a sweet place,
    Never been known to fail..."
  5. Whew! I'm Glad I'm a 15-year-old girl! by filesiteguy · · Score: 4, Funny

    Fortunately, I'm only logged into those sites as a 15-year-old girl from Kansas with a dog named Toto.

    At least I don't think they can get to me!

    --
    The Kai's Semi-Updated Website Thingy
    1. Re:Whew! I'm Glad I'm a 15-year-old girl! by eln · · Score: 5, Funny

      Oh, they'll get to you.

      And your little dog, too.

  6. A Net is a Bunch of Holes Sewn Together by Doc+Ruby · · Score: 3, Insightful

    Is giving your personal data to a company that sells it to spammers or anyone else with a buck when they start going bankrupt a "security hole"?

    --

    --
    make install -not war

  7. i wouldn't be surprised by sleekware · · Score: 5, Insightful

    i wouldn't be surprised to find out that most of the hacked accounts had passwords that were something that was listed under the favorite things on a user's profile.

    1. Re:i wouldn't be surprised by Catil · · Score: 2, Insightful

      There is another possible "attack-vector" - most email-accounts still offer or even require a security-question like "what is my pet's name?"
      Some of these can porbably be answered by anyone reading the profile or blog of someone else; and once you got access to the email-account, you could use the forgot-password-option on almost all other websites, including ebay and paypal.

  8. I know, and they keep sending me Friend requests by BobMcD · · Score: 3, Funny


    Oh, wait a second, you said 'Holes'. Oh. Carry on, then...

  9. perverts? by ZOMFF · · Score: 2, Funny

    So how long till the "exploiting of the holes" gets taken out of context by parents and we're doomed to another discussion of "think of the children" and "sexual predators in the tubes".

    --
    Launch every sig.
  10. No SSL by jerbenn · · Score: 3, Insightful

    How can anyone expect to keep their myspace login credentials private when they don't even have the login page SSL'd? Those bunch of retards!

  11. Stereotyping? by Andy+Dodd · · Score: 4, Insightful

    "Yet another MySpace security hole" somehow translates to "All social networking sites are full of holes"?

    Just a LITTLE bit of stereotyping in the article title I think?

    --
    retrorocket.o not found, launch anyway?
  12. They really don't care about the end user... by DeVil.DeMonde · · Score: 2, Insightful

    What I find funny is the fact that most of the poor souls that go to such sites looking to connect with other people are on a site where the people in charge couldn't care less... I signed up for My(waste of)Space when it showed up on the net because for some people I knew it was the only means to reach them any longer. I canceled my ISP and switched since then, asking the OZ like people running the show to please update my e-mail to reflect this change, more than a year has gone by. Has my e-mail been changed? Nope. Do I waste my time on MySpace anymore? Nope.

    When you refuse to acknowledge the community you "support" sub-par quality is what you must expect. Now if those MySpace people want to reach me they have to track me down via other means. To limit yourself to one medium of communication is sad anyway. Pidgin for everybody.

  13. Re:Perhaps ran into one of these by SatanicPuppy · · Score: 3, Informative

    It's almost always cookie cloning or password theft...That's the devil deal with Javascript, and allowing people to put their own widgets on their pages. Set up some XSS stuff, or just make a shiny widget and put in on your page and use it to snag cookie info.

    Not much you can do about it other than turn of javascript by default. It's pretty annoying actually...These vulnerablities have been known forever, but patching them would break a lot of code, so they stay open.

    --
    ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
  14. Full of holes? No problem... by veganboyjosh · · Score: 5, Funny

    This error has been sent to myspace.com's technical department.

    I'm sure Tom will get right on it.

  15. Myspace hole that's funny by British · · Score: 2, Informative

    There's a feature where in Myspace you can set all your pictures to "private". But most idiots on myspace insist on having a myspace slide show on their profile page(along with 2000 other flash applets). Click on the picture in the slideshow, now you can see the album! Just use previous/next to navigate through them.

    Then there was the time I was on myspace, and a banner ad tried to send me a virus. You would think Myspace would be a bit more discretionary who it lets send banners over. Tsk tsk!

    Of course, not as fun as the images directory being left open on all angelfire pages. Some of those were fun to sort through, showing pictures not intended for the public(ie nudity, etc).

  16. Re:Perhaps ran into one of these by HeavyDevelopment · · Score: 2, Insightful

    Yes turning off Javascript pretty much invalidates the whole Web 2.0 experience doesn't it? But on the other hand, you open yourself to a bunch of security issues if you don't. Quite the little conundrum....

    --
    Badges!?! We don't need no stinking badges!
  17. user-submitted HTML content bad by rainmayun · · Score: 2, Insightful

    Well of course they are. Any site that allows random users to post HTML content that then gets embedded in the site's pages (especially as extensively as sites like Myspace, etc allow it) is going to be subject to security flaws. Moral of the story: browse such sites using a secure browser, at least as secure a browser as you can find.

  18. Try Deleting Your Facebook Account by kellyb9 · · Score: 2, Informative

    I recall reading a story recently regarding this issue. From a girl's facebook account, researchers had enough information to steal her identity in 15 minutes. On a side note: I am not able to delete my facebook account. To fully delete it, I have to remove everything from my wall and every friend, I've ever had. Don't really want to do that. I can "disable" it. Personally, i would just like to be removed from their database. No seriously - i sent them the SQL statement that would probably take care of it. I fully detest facebook.