June 30, 2007
A researcher Susam Pal published today an interesting advisory about some vulnerabilities affecting Orkut – the famous social networking website, owned by Google. There are several cases like -Sometimes the application may lock out the user to the main page when an operation fails, asking the user to login again, but failing to logout the [...]
Read the full article →
June 30, 2007
Stealing accounts and communities with XSS On January 1, 2005 a Brazilian hacker called Vinícius K-Max attacked Orkut, stealing community ownership rights, using a cross-site scripting (XSS) vulnerability. Eventually, various phishing sites were developed with the intent of stealing other people’s accounts and communities. MW.Orc worm On June 19, 2006 FaceTime Security Labs’ security researchers [...]
Read the full article →
