By the time that Rick Deacon was done Sunday showing hackers in Las Vegas how to commandeer MySpace profile pages, he was evicted from the social networking Web site and the weakness fixed.
The US college student uncovered a MySpace vulnerability months ago and shared his discovery at DefCon, the largest gathering of computer hackers in the world.
"Obviously they weren't happy about it," Deacon said after he finished his presentation, checked his e-mail, and saw a message from MySpace telling him that his account was deleted for "violating terms of service."
"In retrospect, I should have used a dummy account."
Deacon's attack relied on duping MySpace users into clicking rigged links, perhaps in online forums or bulletin boards, which routed them to a file that steals passwords and identifying information stored in software "cookies."
Hackers could take control of users' profiles and use them as springboards for more attacks or to infect users' computers with viruses, according to Deacon.
"It's fixed now as far as I can tell," Deacon said. "I'm actually proud of them for finally patching it."
Deacon said that he created a new MySpace account but has no plans to hunt for a new way to hack the Web site.
"If you talk to them, tell them I'm sorry," Deacon said. "I'll keep my new MySpace account as what it should be, a place for talking to my friends."
Last Mod: 06 Ağustos 2007, 16:21