MySpace Scripting Attack

It seems that MySpace has a security vulnerability that allows attackers to hijack user profiles and homepages to make them redirect to anti-war propaganda.

And it also appears that this is not new. Many hackers have been using it to send out messages about spam, make money fast scams, and even racist rants.

No word as yet on when MySpace will close the hole that allows this attack to occur. Normally, I would say that MySpace users get what they pay for. MySpace is rife with horribly coded eyesore pages, teen angst and stupidity. But there are some people who use MySpace to promote music and other arts, and this will impact their business.

Hat tip to Trench for the story, but the best write-up is at Cameron Kollwitz’s site here.

The whole scripting thing XXXX was referring to was that MySpace compromised themselves when the developers decided to use Cold Fusion. It s been an on going rant with some of my coding buddies in the IRC rooms. We all agree that the entire site should be switched over to PHP rather than Cold Fusion for the sake of speed and security. Perhaps this will give their development team a kick start in doing so.

I think the whole site should be switched over to plain text like Craig’s List.