Skip to content

Biting the hand that feeds IT

The Register ®

Security:

News Tools

Reg Shops

Related Whitepapers
The Register » Security »

Comments on ‘Portuguese-speaking worm attacks Google Orkut users’

Over 655,000 served?

By Dan Goodin in San Francisco
Published Wednesday 19th December 2007 23:48 GMT

« Back to article page

login credentials and session cookies. 

By Nicky
Posted Thursday 20th December 2007 05:19 GMT
IT Angle

quote:

...it would have been relatively trivial for the authors of the Orkut worm to steal an Orkut user's logon credentials...

I'd doubt that as the logon credentials are passed at the time of login and what remains after that is only a token of authenticity in the form of browser cookies. Yes, it may be possible to steal that cookie and compromise a user's "session" which includes all of the Google services until a user logs out. I think people should stop click "Remember me on this.. " checkbox and avoid creation of a persistent cookie. Only my 2 cents.. please enlighten me if I'm wrong on this one.

Regards,

nix

Brazilian black hat community 

By Rui Ribeiro
Posted Thursday 20th December 2007 06:55 GMT

I am a manager of an ISP in a Portuguese speaking country that has the misfortune to have the same name as a Brazilian location.

So, up to the point: it is unbelievable the amount of crap that comes from brazil IP addresses. Loads of spam, and fake e-mails with custom-made trojans are the order of the day. And even tough most of them are blocked by our measures, some manage to pass. yahoo.com.br also seems not to care much about our spam complaints, unfortunately.

In my opinion, in terms of this activity, Brazil comes right next after china and russia. Or perhaps due to our peculiar case, even manages to surpass russia.

Cheers,

Rui

Should we be taking Google to court? 

By The Sceptic
Posted Thursday 20th December 2007 08:08 GMT
Flame

I think it only fair that any damage incurred on any organisations website who host these types of service be responsible for their own security, its the only way security will ever be taken seriously.

If your at work and have an accident through unsafe working practices you are entitled to claim so why not on the web? You here many stories about Microsoft security threats but not many when it comes to their own systems! I wonder if they take their own security more seriously?

Within hours . . 

By Pascal Monett
Posted Thursday 20th December 2007 20:56 GMT

Hey, Microsoft ! Did you read that ? The hole was patched WITHIN HOURS.

Not years, not months, not even days.

Does that mean ANYTHING to you, Steve ?

@Pascal 

By The_Police!
Posted Monday 24th December 2007 21:03 GMT
Flame

Really Pascal. Try comparing an Operating System patch with a patch for a website. Microsoft has to test their patches to make sure it does not break the OS. Wonder how impressed you would be if they did not test their patches.

Even Apple take their time offering patches.

The period for commenting on this story has finished

whitepaper title

Solution Brief: Reduce Energy Costs

Energy consumption has become a big issue. Dramatically increase server utilization and significantly reduce energy costs through Virtualization.. 		whitepaper title

Server Consolidation and Containment

This paper discusses how consolidation and containment solutions with a virtual infrastructure meet the challenges of server sprawl and underutilization..

Top 20 storiesAll The Week’s HeadlinesArchiveSearch