Hackers Target MySpace and Facebook 93
Stony Stevenson writes "The security firm Fortify Software has warned against a series of attacks against Facebook and MySpace. Buffer overflows that enabled hackers to exploit the Aurigma ActiveX image uploading software used by social networking sites were at the heart of the assault. 'Criminal hackers now view social networking sites as their best target for attacks ... [partially because] such sites are designed to be usable by "unsophisticated" consumers, meaning that the barrier to entry for attacks is potentially lower as users are more likely to click on a link that leads to malware.'"
Internet Explorer based exploit (Score:5, Insightful)
"Legitimate" businesses target young people too. (Score:5, Insightful)
Cable, telco and banks and apparel vendors all have young people in their sites. Predatory lending credit cards, special internet "deals" with students and massive advertising budgets that should make the companies involved blush, are aimed at people ages 14 to 25.
Why? because that's where the money is.
Why do the theives use ActiveX exploits? Because they can.
Sheep, meet Mr. Slaughter. Mr. Slaughter .... gross!
Comment removed (Score:5, Insightful)
In other words.. (Score:1, Insightful)
Seriously though, who here actually granted MySpace or Facebook access to your email account in order to find your "friends"? Anything else (the social website has access to) is butter in the frosting
It really amazes me just how much personal information people are willing to put on the internet these days. Even if said information is not explicitly granted to a particular website, a great deal can be inferred by people's, for lack of a better term, "blogging" habits.
Re:so what you are saying is.... (Score:3, Insightful)
Re:"Legitimate" businesses target young people too (Score:2, Insightful)
Do your friends and family a favor: educate them on the inherent risks present in the software applications they use on a daily basis. Computer security starts with the user acting in a responsible manner to secure his/her system. If securing the system proves too difficult or time-consuming, maybe it's time to try a different system.
Re:"Legitimate" businesses target young people too (Score:2, Insightful)
Re:That... (Score:5, Insightful)
Linux, Macintosh, BSD Unix, and Non-Windows systems do not support ActiveX controls anyway so it is mostly Windows systems that are effected by the exploit, and only Windows users who use Internet Explorer and not those who use Firefox.
I am guessing that a lot of 12 to 24 year olds that have their own credit card or their parent's credit card or bank account or somehow work an have their own bank account are the ones targeted by this, as people aged 12 to 24 are most likely to use Windows with Internet Explorer and not know about the exploits out there, and just surf and click on anything they want.
A lot of family members and friends have children aged within that range who use their family's computer and after it gets so infected with malware that they cannot use it, they call me to come over and fix it for them. Nope, Linux, BSD Unix, or switching to a Mac is not an option for them, in some cases I switched them to Linux only to have them make me switch them back to Windows because certain web sites only work with Internet Explorer, or certain games they bought won't run under WINE or they have no idea how to configure WINE to run them for them. Dual-Booting just confuses them more, as does running Windows in a virtual machine. If they bought a Mac, a few weeks later they'd tell me to remove OSX off it and put Windows on it. So basically, they stick to Windows and Internet Explorer, even if I install Firefox for them. Also I install the Google Pack with StarOffice, but of course they want MS-Office instead because their friends and co-workers don't know how to open up ODT open text format documents, and they keep forgetting to "Save As" into MS-Word 97-2002 Format so their coworkers and friends can read their documents.
Re:That... (Score:2, Insightful)
Re:Internet Explorer based exploit (Score:2, Insightful)
Re:This is going to sound harsh, but.. (Score:3, Insightful)
I ran two computer companies, and you'd think that people always having problems by using their computers improperly would make more money than a Ghostbusters business in getting rid of ghosts would. But people tend not to pay their bills after you fix their systems, and make the same bad choices/actions as they did before and get infected again. My fault for not having a credit card machine and being nice and offering credit and no terms and pay when you have the money, etc.
Life is like that, a majority of the people in the USA make bad choices/actions. They don't save money for retirement, have unprotected sex with multiple partners and get STDs and AIDS as a result, eat fast food like there is no tomorrow and wonder why they are overweight, do more drugs than Cheech and Chong and wonder why they are so sick as a result, ignore their children and don't raise them right and wonder why they grow up to be sociopaths and do school shootings or end up in a gang, but someone has to fix all of that. The rest of the world is no different. People just don't take responsibility for their choices and actions anymore, and just blame someone else. They act as if George W. Bush ruined their career, made them sick, etc but ignore that it was their own choices/actions that made them the way they are and George W. Bush had nothing to do with 20, 30, 40, years of their own stupidity. In fact we elected a scape-goat instead of a President every four years anyway. Someone to blame for when things go wrong.
Not just client-side ActiveX issues on Facebook (Score:4, Insightful)