|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Dataloss] Teen MySpace ignored "private"
From: B.K. DeLong (bkdelong
pobox.com)
Date: Thu Aug 31 2006 - 07:14:20 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
It looks like the method used to "hide" the data was pretty pathetic.
I wouldn't even call it a security hole - using the CSS property
display:none; is Web design and simply does not display anything in
that block, leaving the content in the original source code.
At 08:05 AM 8/31/2006, lyger wrote:
>(fringe dataloss topic, not to be included in DLDOS, but possibly of
>interest - lyger)
>
> >From Al Mac (macwheel99_at_sigecom.net):
>
>A security hole in the popular MySpace social networking site allowed
>users to view entries marked "private, for months before it was fixed.
>
>{...}
>
>http://www.net-security.org/news.php?id=12151
>_______________________________________________
>Dataloss Mailing List (datalossattrition.org)
>http://attrition.org/dataloss
>Tracking more than 142 million compromised records in 321 incidents
>over 6 years.
--
B.K. DeLong (K3GRN)
bkdelongpobox.com
+1.617.797.8471
http://www.wkdelong.org Son.
http://www.haloworldwide.com Work.
http://www.bostonredcross.org Volunteer.
http://www.brain-stream.com Play.
PGP Fingerprint:
38D4 D4D4 5819 8667 DFD5 A62D AF61 15FF 297D 67FE
FOAF:
http://foaf.brain-stream.org
_______________________________________________
Dataloss Mailing List (datalossattrition.org)
http://attrition.org/dataloss
Tracking more than 142 million compromised records in 321 incidents over 6 years.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]