Click here to receive your FREE subscription to Campus Technology
News
MySpace Hacker's Profile Deleted After DefCon Demo
9/14/2007
A demonstration by University of Akron student Rick Deacon on ways to hack MySpace accounts backfired when Deacon discovered that his own account was disabled immediately following his presentation at the recent DefCon computer security conference in Las Vegas.Deacon found a message in his MySpace inbox informing him that his account had been suspended for violation of the site's terms of use. "In retrospect, I should have used a dummy account," he told Agence France-Presse.
Deacon demonstrated a technique called cross-site scripting, which involves adding extra information to a trusted Web page in order to mislead a user via a Web browser. By tricking a victim into clicking on a link, Deacon showed that it is possible to capture the Web browser file, or cookie, which automatically logs a user into the site. This can then be used to access their account, Deacon said.
Deacon claimed that he alerted MySpace to the problem some weeks ago but that the site had not responded. Now, however, MySpace has patched the vulnerability.
Bruce Schneier, a computer security expert with BT Counterpane, told AFP that the demonstration highlights a trend in which hackers are trolling social networking sites more frequently. "It's not that MySpace is worse than anything else," he told New Scientist. "It's just that social networking sites are becoming juicier targets."
Paul McCloskey is a contributing editor for the Campus Technology group of publications.
Cite this Site
copy text (above) for proper citation
Recommended Reading
- Sentrigo Offers Help for Database Patching Woes
Sentrigo Inc. released its new Hedgehog vPatch database security software product Tuesday. The product addresses patching inconsistencies that seem to affect busy Oracle database administrators (DBAs), who don't always have time to test and patch. However, users of Microsoft SQL Server database in the enterprise can take a lesson here too.
- Starfish Launches Higher Ed Retention Solution
Software provider Starfish Retention Solutions has announced the upcoming launch of its first product, Starfish Office Hours. The company said this will be the first in a series of products intended to help higher education institutions improve retention and graduation rates by aiding in the delivery of programs designed to help at-risk student populations.
- Unisys Offers Free Unified Communications Trial
Unisys announced Monday that it is offering companies a free 30-day unified communications trial using Microsoft solutions. The offer is currently available through Microsoft's sales personnel.
- New Mexico Launches Statewide eLearning Initiative
As part of its Innovative Digital Education and Learning initiative (IDEAL-NM), New Mexico is launching a statewide program to standardize on a single electronic learning platform--Blackboard--spanning K-12, higher education, adult education, and government. The initiative will also support a new statewide virtual high school.
- North Carolina Adopts Blackboard for Higher Ed
The University of North Carolina and the North Carolina Community College System have signed on with Blackboard to deploy that company's electronic learning platform across 68 individual campuses.
- Semantic Search: Could the Web Think?
Semantics is a sub-field of linguistics that focuses on meaning making in language. Therefore, the Semantic Web we're still reaching for will be based on a set of definitions, languages, and standards that can base a search on the detection of meaning and not just on a simple character string. The Semantic Web will at least be smarter than the current Web.
