By Tom BlockleyPosted Tuesday 12th June 2007 10:12 GMT
For us lucky Firefox users, it is nice and easy to get around these problems by disabling the CSS/JS on a page, this can be done using the Web Developer toolbar.
Quite why you'd want to look around a persons myspace when they're clearly phishing is a little debatable, but just in case you want to...
CSS for mspace and hi5 have been traded privately for months. My favourite was the Hi5 CSS that was publically reported in December over at sla.ckers and went unfixed for months.
The exploit instead of stealing the victim's cookie logged the user out of the app and forced them to re-authenticate writing out user / pass to a writeable file on previously compromised webserver.
Normally the victim would be given a hi5 or you'd sign up as their myspace friend and leave a saucy note. Intriguing them to visit your profile , be mysteriously logged out when viewing certain parts of the profile then getting their account hacked later on.
Breaching Fort Apache.org - What went wrong?
Snow Leopard security - The good, the bad and the missing
US Dems fill inboxes with 419 scams
BlockMaster SafeStick hardware-encrypted USB drive
Comments on: Google goes spear phishing on MySpace
It seems MySpace users aren't a particularly cautious lot. #
By charlie wallace Posted Tuesday 12th June 2007 04:41 GMT
CSS #
By Tom Blockley Posted Tuesday 12th June 2007 10:12 GMT
CSS has been traded privately for months #
By weffew Posted Tuesday 12th June 2007 13:03 GMT