Social networking sites such as Myspace and Facebook are being targeted by hackers. According to security firm Fortify Software, hackers have indentified an easy way to attack such sites by exploiting buffer overloads in software such as Aurigma ActiveX, used for uploading images.
Rob Rachwald, director of product marketing at Fortify Software, warned that the instructions for exploiting Aurigma using buffer overloads are available in a hacker toolkit on a number of Chinese language websites, meaning that hackers don’t have to be experienced to exploit it in this way.
Social networking sites are more vulnerable than most to attacks by hackers are they are used a large number of customers without technical knowledge of computers and are designed to be easy to use. This means that one of the users is more likely to click on a link installed by hackers which leads to malware.
One way of solving the problem would be for social networking sites to expand their protection policies to include those of their suppliers, and requiring the suppliers to meet certain requirements. Rachwald pointed out that ‘had Facebook and MySpace required Aurigma to provide proof of a code audit before sourcing the plug-in this latest security issue could have been avoided.’