funsec mailing list archives

Previous By Date Next
Previous By Thread Next

MySpace plugging photo peephole

From: Juha-Matti Laurio <juha-matti.laurio () netti fi>
Date: Mon, 10 Nov 2008 23:40:10 +0200 (EET)
"MySpace was working to plug a hole on Tuesday that allows anyone to view members' private photos without being friends 
with them.

The vulnerability, reported to CNET News by Canadian computer technician Byron Ng, was easy to exploit by plugging a 
member's ID number into a specific MySpace URL.
However, someone would have to know which URL to use to be able to see the private photos."
--clip--

More at
http://news.cnet.com/8301-1009_3-10082538-83.html?tag=mncol

It appears that Mr. Ng is a man behind similar Facebook vulnerability too:
http://www.msnbc.msn.com/id/23785561/

Juha-Matti
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Previous By Date Next
Previous By Thread Next

Current thread: