Hacking accounts and communities with XSS
In 2005 dozens of communities' ownership was hacked by a Computer Security expert known as Shamsher Terror to demonstrate the undiscovered security vulnerabilities. A similar feat was performed by a Brazilian hacker called Vinícius K-Max , using a cross-site scripting (XSS) vulnerability. Eventually, various phishing sites were developed with the intent of stealing other people's accounts and communities.
MW.Orc worm
On June 19, 2006 FaceTime Security Labs' security researchers Christopher Boyd and Wayne Porter [discovered a worm], dubbed MW.Orc.[5]
The worm steals users' banking details, usernames and passwords by propagating through Orkut. The attack was triggered as users launched an executable file disguised as a JPEG file. The initial executable file that causes the infection installs two additional files on the user's computer. These files then e-mail banking details and passwords to the worm's anonymous creator when infected users click on the "My Computer" icon.
The infection spreads automatically by posting a URL in another user's Orkut Scrapbook, a guestbook where visitors can leave comments visible on the user's page. This link lures visitors with a message in Portuguese, falsely claiming to offer additional photos. The message text that carries an infection link can vary from case to case.
In addition to stealing personal information, the malware can also enable a remote user to control the PC and make it part of a botnet, a network of infected PCs. The botnet in this case uses an infected PC's bandwidth to distribute large, pirated movie files, potentially slowing down an end-user's connection speed.
The initial executable file (Minhasfotos.exe) creates two additional files when activated, winlogon_.jpg and wzip32.exe (located in the System32 Folder). When the user clicks the "My Computer" icon, a mail is sent containing their personal data. In addition, they may be added to an XDCC Botnet (used for file sharing), and the infection link may be sent to other users that they know in the Orkut network. The infection can be spread manually, but also has the ability to send "back dated" infection links to people in the "friends list" of the infected user.
According to statements made by Google, as noted in Facetime's Greynets Blog the company had implemented a temporary fix for the dangerous worm.[5]
HTTPS Not Obvious
On and around April 17, 2007 users began reporting that secure (https) access to the orkut login server was no longer available. This led to some users cancelling accounts, because of fears that insecure access could lead to compromise of Orkut accounts and by extension Google accounts as well as Gmail accounts since the password for login is transmitted as clear text.
In fact, Google had changed the main login page to http rendering to improve efficiency, but the actual login is still secure using https in an iframe [7]. This information has not been well published by Google, and does not give the users the reassurance of seeing the "secure connection" padlock in the browser. On Friday 17 July 2007 a revised logon page, which is rendered in https was brought in, addressing these issues. Next
No comments:
Post a Comment