This is a well-done video from the
Exploit Prevention Labs Blog by Roger Thompson about the recent hack of Alicia Keys' MySpace page:
Again, frankly, this isn't new, and it isn't rocket science. In fact, it's a text book web hack. It's malicious code loaded onto a web site via a social networking site, in hopes that someone will click on just the right link to download the malware, in this case, a bad ActiveX codec.
And, again, this isn't some shady porn or obscure gambling site. It's a heavily trafficked site of a major entertainer.
Here's details from
Computer World,
Information Week and
Network World.
With that in mind, you might be thinking, especially if you're in a corporate IT department, that it would be wise to block access to social networking sites, like MySpace, from your company. Not so fast, says Paul Johns, Chief Marketing Officer for Complinet, writing in
SC Magazine. Johns makes some good arguments both for and against the practice.
On the other side of the fence,
Tony Bradley, gave some tips on his About.com site, Internet/Network Security, about protecting yourself when using social networking sites.