myspace Antiphishing Departement
March 17th, 2007In the last few months, very many social networking sites added features allowing the users to create a custom link to their profiles, for example having URLs like http://www.myspace.com/<yournickgoeshere> for user <yournickgoeshere>’s profile.
Overall, a pretty nice idea, but huh? What if someone would use this for bad purposes? Would you trust content placed at a location like http://www.myspace.com/antiphishing?
I definately would, and that’s the problem with these types of profile links: If custom CSS and some HTML code is allowed on the user’s profiles, you are able to do evil things because the user trusts the link.
Did you Like this Post? Try these ones! :)
res:// File Enumeration. Not on Windows, not using IE - but hell, it works! on July 26th, 2007
Yahoo! Blogs are open to Attacks on August 9th, 2007
Akismet v2.0.2 "Link on Dashboard" Workaround on May 14th, 2007
2123 Nearly Compromised Blogspot Blogs on August 10th, 2007
How to find other local area network (LAN) computers in Ubuntu Linux? on September 19th, 2007
March 24th, 2007 at 10:41
[…] with our Myspace Antiphishing Departement (blogged here), the hi5 Antiphishing Departement proves, that Homepages that allow content and design entirely […]
April 4th, 2007 at 11:38
Beni, that was some sloppy overlay on that antiphising myspace page..lol
April 6th, 2007 at 09:42
haha .. yeh I’m really sorry but I forgot my myspace password so I wont change it
FORGIVE ME!