Fortify Software Says Buffer Overflows Scupper Facebook and MySpace

Criminal hackers now view these social networking sites as their best target for attacks

(17.03.08) - Fortify Software says that buffer overflows are at the heart of a series of hacks against the Facebook and MySpace social networking sites. "A buffer overflow enabled hackers to exploit the Aurigma ActiveX image uploading software used by these two - and other - social networking sites," said Rob Rachwald, Fortify Software's Director of Product Marketing.

"The bad news is that this exploit is being used in a hacker toolkit currently being offered for download on several Chinese language hacker sites, meaning that novices have been able to stage these attacks, and not just professional hackers," he added.

According to Rachwald, criminal hackers now view these social networking sites as their best target for attacks.

"Part of the reason for this is that the sites are designed to be usable by `unsophisticated' consumers. This means that the barrier to entry for attacks is potentially lower, as users are more likely to click on a link that leads them to malware," he explained.

Rachwald argues that the social networking sites can no longer restrict their concerns solely to their own security practices, but now take in the practices of their suppliers.

"It's the whole `make sure you and your partner gets tested principal. Had Facebook and MySpace required Aurigma to provide a proof of a code audit before sourcing the plug-in, this latest security issue could have been avoided," he said.

For more on the latest Facebook and MySpace buffer overflow issues: http://tinyurl.com/362ytu . (Fortify: ra)