April 11th
http://momby.livejournal.com/
Myspace.com provides a site navigation menu near the top of every page.
Users generally use this menu to navigate to the various areas of the website. The first link that the menu provides is called "Home" which navigates back to the user's personalized Myspace page which is essentially the user's "home base" when using the site. As such this
particular link is used quite frequently and is used to return from other areas of the website, most importantly from other user's profile pages.
A content-replacement attack coupled with a spoofed Myspace login page can be used to collect victim users' authentication credentials. By replacing the navigation menu on the attacker's Myspace profile page, an unsuspecting victim may be redirected to an external site of the attacker's choice, such as a spoofed Myspace login page. Due to Myspace.com's seemingly random tendency to expire user sessions or log users out, a user being presented with the Myspace login page is not out of the ordinary and does not raise much suspicion on the part of the victim.
-------------------------------------------
What is not noted in the MOMBY post is that this attack vector was used in last 2006 in conjunction with a pretty serious Quicktime flaw to spread a worm.
So this Myspace flaw should be seen as "in the wild".
No comments:
Post a Comment