Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Increase in buffer overflow attacks on social networking sites.

Fortify : 29 February, 2008  (Technical Article)
Freely available hacking software leads to series of hack attacks on social networking sites causing problems across the whole of the web community.
Fortify Software says that buffer overflows are at the heart of a series of hacks against the Facebook and MySpace social networking sites.

'A buffer overflow enabled hackers to exploit the Aurigma ActiveX image uploading software used by these two and other social networking sites,' said Rob Rachwald, Fortify Software's Director of Product Marketing.

'The bad news is that this exploit is being used in a hacker toolkit currently being offered for download on several Chinese language hacker sites, meaning that novices have been able to stage these attacks, and not just professional hackers,' he added.

According to Rachwald, criminal hackers now view these social networking sites as their best target for attacks.

'Part of the reason for this is that the sites are designed to be usable by `unsophisticated' consumers. This means that the barrier to entry for attacks is potentially lower, as users are more likely to click on a link that leads them to malware,' he explained.

Rachwald argues that the social networking sites can no longer restrict their concerns solely to their own security practices, but now take in the practices of their suppliers.

'It's the whole `make sure you and your partner gets tested principal. Had Facebook and MySpace required Aurigma to provide a proof of a code audit before sourcing the plug-in, this latest security issue could have been avoided,' he said.
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo