[Dataloss] Teen MySpace ignored "private"
B.K. DeLong
bkdelong at pobox.com
Thu Aug 31 08:14:20 EDT 2006
It looks like the method used to "hide" the data was pretty pathetic.
I wouldn't even call it a security hole - using the CSS property
display:none; is Web design and simply does not display anything in
that block, leaving the content in the original source code.
At 08:05 AM 8/31/2006, lyger wrote:
>(fringe dataloss topic, not to be included in DLDOS, but possibly of
>interest - lyger)
>
> >From Al Mac (macwheel99_at_sigecom.net):
>
>A security hole in the popular MySpace social networking site allowed
>users to view entries marked "private, for months before it was fixed.
>
>{...}
>
>http://www.net-security.org/news.php?id=12151
>_______________________________________________
>Dataloss Mailing List (dataloss at attrition.org)
>http://attrition.org/dataloss
>Tracking more than 142 million compromised records in 321 incidents
>over 6 years.
--
B.K. DeLong (K3GRN)
bkdelong at pobox.com
+1.617.797.8471
http://www.wkdelong.org Son.
http://www.haloworldwide.com Work.
http://www.bostonredcross.org Volunteer.
http://www.brain-stream.com Play.
PGP Fingerprint:
38D4 D4D4 5819 8667 DFD5 A62D AF61 15FF 297D 67FE
FOAF:
http://foaf.brain-stream.org
More information about the Dataloss
mailing list