NOW READ THIS
("Security Advisory")

Go Back

Submitted by: Bill Hickey
NCVA List Master

NRT-0390 Critical Flaws Found in MySpace and Facebook:


Bugs in the ActiveX controls on popular social networking sites Facebook and MySpace can be used by hackers to snatch control of Windows PCs, security experts said. Initially made public by researcher Elazar Broad on the Full Disclosure security mailing list, the vulnerabilities are in a pair of ActiveX controls that Facebook and MySpace provide to users for uploading images to their pages via Microsoft's Internet Explorer (IE) browser. Both controls are based on a commercial ActiveX control dubbed Image Uploader from Aurigma Incorporated, a developer in Tacoma, Washington, according to follow-up analysis done by Symantec Corporation. Symantec speculated that a probable attack would be based on a malicious web site; the hacker would trick users into visiting that site, which would then call on the buggy ActiveX controls. The president of Aurigma's North American operations and one of the company's founders would not confirm or deny that Facebook and MySpace even licensed its Image Uploader ActiveX control. However, she did say that Aurigma is aware of the vulnerability reports and is addressing the problem.

(ComputerWorld 31JAN08)


Valid XHTML 1.0! Valid CSS! Counter Image
Last Modified: Sunday, 17-Feb-2008 13:55:36 EST