BreachExchange mailing list archives
Re: Teen MySpace ignored "private"
From: "B.K. DeLong" <bkdelong () pobox com>
Date: Thu, 31 Aug 2006 08:14:20 -0400
It looks like the method used to "hide" the data was pretty pathetic. I wouldn't even call it a security hole - using the CSS property display:none; is Web design and simply does not display anything in that block, leaving the content in the original source code. At 08:05 AM 8/31/2006, lyger wrote:
(fringe dataloss topic, not to be included in DLDOS, but possibly of interest - lyger)From Al Mac (macwheel99_at_sigecom.net):A security hole in the popular MySpace social networking site allowed users to view entries marked "private, for months before it was fixed. {...} http://www.net-security.org/news.php?id=12151 _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tracking more than 142 million compromised records in 321 incidents over 6 years.
-- B.K. DeLong (K3GRN) bkdelong () pobox com +1.617.797.8471 http://www.wkdelong.org Son. http://www.haloworldwide.com Work. http://www.bostonredcross.org Volunteer. http://www.brain-stream.com Play. PGP Fingerprint: 38D4 D4D4 5819 8667 DFD5 A62D AF61 15FF 297D 67FE FOAF: http://foaf.brain-stream.org _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tracking more than 142 million compromised records in 321 incidents over 6 years.
Current thread:
- Teen MySpace ignored "private" lyger (Aug 31)
- Re: Teen MySpace ignored "private" B.K. DeLong (Aug 31)