[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[WEB SECURITY] MySpace "private" profiles unmasked

From: Jeremiah Grossman <jeremiah@xxxxxxxxxxxxxxx>
Subject: [WEB SECURITY] MySpace "private" profiles unmasked
Date: Wed, 30 Aug 2006 09:22:25 -0700

From the scant technical details, it appears to be an Insufficient Authorization using a basic URL number manipulation.


Teen data on Myspace compromised
http://www.theregister.co.uk/2006/08/30/myspace_teen_data_hacked/


I tracked back the digg.com references to here:

Myspace closes GIANT SECURITY hole http://grownupgeek.blogspot.com/2006/08/myspace-closes-giant-security- hole.html

Security hole exposes private Myspace profile information
http://grownupgeek.com/view-private-comments


Regards,


Jeremiah Grossman
Chief Technology Officer
WhiteHat Security, Inc.
http://www.whitehatsec.com/

---------------------------------------------------------------------------- The Web Security Mailing List: http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives: http://www.webappsec.org/lists/websecurity/archive/ http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Prev by Date: Re: [WEB SECURITY] Article about HttpOnly
Next by Date: [WEB SECURITY] AT&T Online store hacked (19,000 exposed CC #'s)
Previous by thread: [WEB SECURITY] Time Parameter For Expiration of the Session
Next by thread: [WEB SECURITY] AT&T Online store hacked (19,000 exposed CC #'s)
Index(es):
- Date
- Thread

Brought to you by http://www.webappsec.org