funsec mailing list archives
MySpace Accounts Compromised by Phishers
From: "Fergie" <fergdawg () netzero net>
Date: Fri, 27 Oct 2006 16:32:07 GMT
Via Netcraft. [snip] Netcraft has discovered that the social networking site, MySpace, appears to have been compromised by phishers who have presented a spoof login form on the main site. This modified login form is designed to submit the victim's username and password to a remote server hosted in France. The hackers have engineered a fake login form on MySpace's own web site. Netcraft has notified MySpace of the issue, although it currently remains live. Because the fraudulent login page is hosted on MySpace's own servers and does not exhibit any signs of external content, such as cross-site scripting (XSS) or open redirects, it is convincing and even security-conscious users are at risk of becoming victims. The attack is launched from a profile page, where the username is login_home_index_html, and uses specially-crafted HTML in order to hide the genuine MySpace content from the page and instead display its own login form. The modifed login form, hosted on myspace.com. Login details are harvested by a remote server, hosted in France. [snip] More: http://news.netcraft.com/archives/2006/10/27/myspace_accounts_compromised_by_phishers.html - ferg -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- MySpace Accounts Compromised by Phishers Fergie (Oct 27)
- Re: MySpace Accounts Compromised by Phishers Ron Bowes (Oct 27)
- <Possible follow-ups>
- Re: MySpace Accounts Compromised by Phishers Fergie (Oct 27)
- Re: MySpace Accounts Compromised by Phishers Dude VanWinkle (Oct 27)
- Re: MySpace Accounts Compromised by Phishers Ron Bowes (Oct 27)
- Re: MySpace Accounts Compromised by Phishers Valdis . Kletnieks (Oct 27)
- Re: MySpace Accounts Compromised by Phishers Dude VanWinkle (Oct 27)
- Re: MySpace Accounts Compromised by Phishers Valdis . Kletnieks (Oct 27)
- Re: MySpace Accounts Compromised by Phishers Dude VanWinkle (Oct 27)
- Re: MySpace Accounts Compromised by Phishers Brian Porter (Oct 27)
- Re: MySpace Accounts Compromised by Phishers Blue Boar (Oct 27)