blogs.guardian.co.uk — F-Secure has spotted an outbreak of a Javascript exploit that uses flaws in Apple's Quicktime to grab MySpace profile data. It's not easy to explain, but it's a form of phishing: you visit what looks like a normal MySpace page, but the links have been altered to take you off-site (though that still looks like MySpace)
Dec 4, 2006 View in Crawl 4
pcgeek101Dec 4, 2006
Apple software has flaws? Awww, I thought only Microsoft's did ... :-)
scottschillerDec 5, 2006
Good find, unfortunate hole. Enabling plug-ins to call javascript directly (or rather, building them with that in mind) in the browser is just another potential attack vector that has to be considered.I'm not sure of the exact details, but Flash 8+ has the same capabilities with ExternalInterface (bi-directional js-> flash and flash-> js), and Flash for years has been able to call external javascript: URLs. Since the script runs within the context of the host page, it is able to do anything it wants. I *think* Flash 9 fixes this with the allowScriptAccess attribute on the object/embed tag or some other update. MySpace I believe recently pushed Flash 9 for their site recently to get around this issue.
smackjackDec 5, 2006
Here's how the latest worm worked.<a class="user" href="http://forum.myspace.com/index.cfm?fuseaction=messageboard.viewThread&entryID=1816574&adTopicID=27&categoryID=67&IsSticky=0&Mytoken=47FCD1B2-4BE4-4085-9815CCD8FA3DBB8A63876045">http://forum.myspace.com/index.cfm?fuseaction=messageboard.viewThread&entryID=1816574&adTopicID=27&categoryID=67&IsSticky=0&Mytoken=47FCD1B2-4BE4-4085-9815CCD8FA3DBB8A63876045</a>
ohnoessDec 5, 2006
omg my internet account!
motheroatsDec 5, 2006
whell this sort of thing almost happend to me, u go on a certan persons myspace, then u click "home" and it asks u to login in again, so i did, and then OH SNAP it wasn't a myspace link! so i went and changed my password, and now the people trying to login to my myspace are now saying OH SNAP!
akanDec 6, 2006
are you kidding me? this is JUST being patched? this has been going on for YEARS. finally someone picked up the pace a little *rolls eyes*.
ducksofanaheimDec 9, 2006
RDF is the idea that Steve Jobs is able to convince people to believe almost anything with a skillful mix of charm, charisma, slight exaggeration, and clever marketing.
el3ctroDec 9, 2006
dude this concept is nothing new, this crap has been around for a while now.... k ..how stupid can people be ? i guess pretty stupid
el3ctroDec 9, 2006
dude this concept is nothing new, this crap has been around for a while now.... k ..how stupid can people be ? i guess pretty stupid all this is , is just uneducated users... the users need to realize that viruses are out there, and usually can be very similar in form ... in many ways .. dude... im terrible at explaining crap, but this has nothing to do with quicktime sucking, or apple sucking, or myspace or WHATEVER dude... this could happen with any program any website..... holes happen, and uneducated users happen. its inevitable no matter the program or the website.i love how i talk about uneducated users, and manage to double post, ROFL
johny900Apr 19, 2007
ahh finally i understand what happened to my account at myspace.Johny - Flash games<a class="user" href="http://flashgamesite.com">http://flashgamesite.com</a>
topicnationMay 1, 2007
Perfect post! Wow, these are cool!