BreachExchange mailing list archives

Re: Teen MySpace ignored "private"

From: "B.K. DeLong" <bkdelong () pobox com>
Date: Thu, 31 Aug 2006 08:14:20 -0400



It looks like the method used to "hide" the data was pretty pathetic. 
I wouldn't even call it a security hole - using the CSS property 
display:none; is Web design and simply does not display anything in 
that block, leaving the content in the original source code.

At 08:05 AM 8/31/2006, lyger wrote:

(fringe dataloss topic, not to be included in DLDOS, but possibly of
interest - lyger)

From Al Mac (macwheel99_at_sigecom.net):


A security hole in the popular MySpace social networking site allowed
users to view entries marked "private, for months before it was fixed.

{...}

http://www.net-security.org/news.php?id=12151
_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss
Tracking more than 142 million compromised records in 321 incidents 
over 6 years.


--
B.K. DeLong (K3GRN)
bkdelong () pobox com
+1.617.797.8471

http://www.wkdelong.org         Son.
http://www.haloworldwide.com            Work.
http://www.bostonredcross.org           Volunteer.
http://www.brain-stream.com             Play.


PGP Fingerprint:
38D4 D4D4 5819 8667 DFD5  A62D AF61 15FF 297D 67FE

FOAF:
http://foaf.brain-stream.org 

_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss
Tracking more than 142 million compromised records in 321 incidents over 6 years.

Current thread:

Teen MySpace ignored "private" lyger (Aug 31)
- Re: Teen MySpace ignored "private" B.K. DeLong (Aug 31)