MySpace Hacker’s Profile Deleted After DefCon Demo
Author: Dave Lewis
And who says that MySpace doesn’t have a vindictive side? A hacker who gave a presentation about hacking MySpace accounts experienced some punitive blow back after he spoke at DefCon. Who didn’t see that reprisal coming?
A demonstration by University of Akron student Rick Deacon on ways to hack MySpace accounts backfired when Deacon discovered that his own account was disabled immediately following his presentation at the recent DefCon computer security conference in Las Vegas.
Deacon found a message in his MySpace inbox informing him that his account had been suspended for violation of the site’s terms of use. “In retrospect, I should have used a dummy account,” he told Agence France-Presse.
Deacon demonstrated a technique called cross-site scripting, which involves adding extra information to a trusted Web page in order to mislead a user via a Web browser. By tricking a victim into clicking on a link, Deacon showed that it is possible to capture the Web browser file, or cookie, which automatically logs a user into the site. This can then be used to access their account, Deacon said.
Deacon claimed that he alerted MySpace to the problem some weeks ago but that the site had not responded. Now, however, MySpace has patched the vulnerability.
Tags: MySpace Hacker, MySpace Reprisal, Social Networking Security, Social Networks, MySpace
