MySpace Hacker's Profile Deleted After DefCon Demo

• By Paul McCloskey
• 09/14/07

A demonstration by University of Akron student Rick Deacon on ways to hack MySpace accounts backfired when Deacon discovered that his own account was disabled immediately following his presentation at the recent DefCon computer security conference in Las Vegas.

Deacon found a message in his MySpace inbox informing him that his account had been suspended for violation of the site's terms of use. "In retrospect, I should have used a dummy account," he told Agence France-Presse.
 
Deacon demonstrated a technique called cross-site scripting, which involves adding extra information to a trusted Web page in order to mislead a user via a Web browser. By tricking a victim into clicking on a link, Deacon showed that it is possible to capture the Web browser file, or cookie, which automatically logs a user into the site. This can then be used to access their account, Deacon said.

Deacon claimed that he alerted MySpace to the problem some weeks ago but that the site had not responded. Now, however, MySpace has patched the vulnerability.

Bruce Schneier, a computer security expert with BT Counterpane, told AFP that the demonstration highlights a trend in which hackers are trolling social networking sites more frequently. "It's not that MySpace is worse than anything else," he told New Scientist. "It's just that social networking sites are becoming juicier targets."