Categories

BitTorrent
Conferences
Direct Revenue
Julie Amero
Myspace
Podcasts
Postbag
The Big Ones
The Fourth Wall
Yapbrowser
Zango

Creative Commons License
All articles licensed
under a Creative
Commons License.  








Home | About me | Press | The Fourth Wall | Links

Monday, November 19, 2007

Myspace Band Hacks: How they did it, revealed? And...a curious twist

Today was weird. All this time during the band pages on Myspace being whacked, nobody ever seemed to know exactly what had happened with regards their mangled Myspace page. Was it Phishing? Hacking? Mind control? A combination of all three?

Someone, somewhere in a band who'd been whacked would know some specifics. The problem was, trying to find that random individual. More than a fortnight with no luck. And then today, just like that, everything changed.

First I got a friend request from a band on Myspace, Seagull Strange - then we exchanged a few PMs where I asked them if they had any idea what had happened to their page. You might recall I mentioned them a week or so ago - their page was carrying one of the redirects to the Chinese domain pushing fake media codecs.

Well, some guy out of the band told me this:

"Yes actually it wasn't a hack at all but an XSS attack. The XSS automatically posted additional CSS via javascript which replaced all <> tags on the page with the target pointing to their server. The script was called by being logged in as us and one of our band members clicking a link from an affected page. Hackers just don't hack myspace anymore. Short of social engineering the attack or guessing security responses and passwords it's just too tight. As the code is very simple and uses an exploit in CSS it isn't actually myspaces fault. Short of myspace banning all custom CSS code it isn't going to go away. Regards Seagull Strange"

Now, if what they're saying is correct - that the page is hijacked purely through clicking a link while logged in - then I would quibble over how someone using a cross site scripting attack to automatically overwrite tags on a page supposedly isn't classed as "hacking" - or how Myspace is supposedly "tight" (remember the Quicktime Worm attacks and how the security team responsible for "fixing" the problem was,like 3 outsourced guys with no support?) - or how the people likely behind this (professional hackers via the Russian Business Network) don't somehow qualify as "hackers targeting Myspace" but whatever. The point is, someone has come out with some information that's actually useful, and point to something potentially other than "It's all down to Phishing. We think".

However.

At around the same time the above was sending me messaged signed "Regards, Seagull Strange" - I'm zinged by a Google Alert aaaaand.....

Here is (what I assume is the same guy, though I could be wrong) attempting to tear me a new one on his LiveJournal page.

That's pretty.....weird. Right?

Meh, whatever.

Update - Looks like the page got deleted, probably due to the fact he noticed I posted a comment there. Here's a screenshot instead.


Labels:

posted by paperghost at 8:04 PM | Digg it!

All Content © Vitalsecurity.org 2006. The content of this site is entirely the opinion of Paperghost, and is in no way endorsed by FaceTime Communications. In other words - have a problem, come see me.