Social sites become more dangerous
Own "spaces" on MySpace, your video clips on YouTube, personal blogs on LiveJournal ... Social sites, where each user can independently create web content, choose their surroundings, become extremely popular. But their insecurity causes more and more excitement.
It is the heightened attention of users to those services where the audience independently forms the content of the site, which has led to the fact that an increasing number of intruders want to “take advantage” of the same services, both from hooligan motivations and for profit. There are more and more examples of this.
Last weekend, a considerable number of MySpace users “donated” access to their accounts: the service pages were infected with a virus that replaced links to a page usually used to enter a login and password. As a result, obscene video materials and links to sites, including child pornography, appeared on the victims' pages. Invitations to visit porn sites are also sent on behalf of victims. The attackers used both the vulnerabilities of MySpace itself and the flaws in Apple's QuickTime Player. As a result, the “friends” of the affected users are also infected, as they view the contents of the infected pages in their friend tape.
')
Last month, Websense reported that video clips appeared on MySpace, when viewing them, “adware” is installed on the local computer - adware. Attackers exploited a vulnerability in the Windows Media Player license management system.
MySpace is the “favorite goal” of attackers - which is not surprising: its popularity allows it to “cover” the maximum number of “victims”. For example, a year ago, a java-script “walked” through the users' pages, adding Samy to the “friends”. Then the administration of the service simply deleted the user - and refused to comment on the situation.
Of course, not only MySpace remains vulnerable to such attacks. Online encyclopedia, add and edit the content of which anyone can - Wikipedia is also faced with similar problems. In November, a link to the site allegedly containing a “cure” for the MSBlast virus was posted on the German version of Wiki. The attackers were not limited to “reference vandalism”: they sent emails inviting them to visit the wiki page. Users who would hardly have believed a direct link to an unknown site, used data from a well-known network encyclopedia - and infected their computers.
And the virtual world of the network game Second Life once was covered with “gray goo” . In various parts of the "world" began to appear strange golden rings, multiplying with great speed. After some time, the game servers simply stopped coping with so many new objects - and the game stopped for about half an hour. The danger was quickly resolved - but experts say that writing a new script for such an infection will not take much time. It is worth noting that only in the fall on Second Life three attacks had already been carried out, in particular, in September, hackers were able to hack more than 600,000 player accounts .
Free sites for blogs are also easy to become "peddlers" of fraudulent information. During their research , Microsoft security specialists discovered a whole network of sites that, using spam (both via email and trackbacks), lured visitors to sites that sold illegal software. About 17.000 such sites are located on the Blogger service. However, this service of Google has repeatedly come across vulnerabilities: users occasionally find other people's posts on their pages, and once the attackers were able to post false information in the official Google blog .
Developers do not seem to think much about the question: how to control what was previously not required to control? Content posted by users can be much more dangerous than MySpace or Blogger owners assume. The vulnerabilities of social sites cause damage not only to their owners, but also to users. In addition, they can cause losses to third-party companies, so once News Corp. or Google may well become defendants in a high-profile lawsuit, if they do not really start to take seriously security issues on their social services.
It is the heightened attention of users to those services where the audience independently forms the content of the site, which has led to the fact that an increasing number of intruders want to “take advantage” of the same services, both from hooligan motivations and for profit. There are more and more examples of this.
Last weekend, a considerable number of MySpace users “donated” access to their accounts: the service pages were infected with a virus that replaced links to a page usually used to enter a login and password. As a result, obscene video materials and links to sites, including child pornography, appeared on the victims' pages. Invitations to visit porn sites are also sent on behalf of victims. The attackers used both the vulnerabilities of MySpace itself and the flaws in Apple's QuickTime Player. As a result, the “friends” of the affected users are also infected, as they view the contents of the infected pages in their friend tape.
')
Last month, Websense reported that video clips appeared on MySpace, when viewing them, “adware” is installed on the local computer - adware. Attackers exploited a vulnerability in the Windows Media Player license management system.
MySpace is the “favorite goal” of attackers - which is not surprising: its popularity allows it to “cover” the maximum number of “victims”. For example, a year ago, a java-script “walked” through the users' pages, adding Samy to the “friends”. Then the administration of the service simply deleted the user - and refused to comment on the situation.
Of course, not only MySpace remains vulnerable to such attacks. Online encyclopedia, add and edit the content of which anyone can - Wikipedia is also faced with similar problems. In November, a link to the site allegedly containing a “cure” for the MSBlast virus was posted on the German version of Wiki. The attackers were not limited to “reference vandalism”: they sent emails inviting them to visit the wiki page. Users who would hardly have believed a direct link to an unknown site, used data from a well-known network encyclopedia - and infected their computers.
And the virtual world of the network game Second Life once was covered with “gray goo” . In various parts of the "world" began to appear strange golden rings, multiplying with great speed. After some time, the game servers simply stopped coping with so many new objects - and the game stopped for about half an hour. The danger was quickly resolved - but experts say that writing a new script for such an infection will not take much time. It is worth noting that only in the fall on Second Life three attacks had already been carried out, in particular, in September, hackers were able to hack more than 600,000 player accounts .
Free sites for blogs are also easy to become "peddlers" of fraudulent information. During their research , Microsoft security specialists discovered a whole network of sites that, using spam (both via email and trackbacks), lured visitors to sites that sold illegal software. About 17.000 such sites are located on the Blogger service. However, this service of Google has repeatedly come across vulnerabilities: users occasionally find other people's posts on their pages, and once the attackers were able to post false information in the official Google blog .
Developers do not seem to think much about the question: how to control what was previously not required to control? Content posted by users can be much more dangerous than MySpace or Blogger owners assume. The vulnerabilities of social sites cause damage not only to their owners, but also to users. In addition, they can cause losses to third-party companies, so once News Corp. or Google may well become defendants in a high-profile lawsuit, if they do not really start to take seriously security issues on their social services.
Source: https://habr.com/ru/post/4790/
All Articles