Security Breach in Ning (Largest Platform for Creating Social Websites) 100 Million Users Affected
Social networking company Ning is reportedly suffering from security problem that could affect 100 million users. Three students from the junior college Media College Amsterdam (MA) together discovered five security holes in Ning. They found those security vulnerabity immediately after the social network platform launched at their school. In a report Dutch security firm - Angelo Geels and Alex Brouwer have exploited cookies to gain login control over Ning user accounts. They used a proof of concept that showed they could access 90,000 accounts and 100 million users, but had no intention of exploiting it for malicious purposes.
The first problem was that the boys were not so serious but annoying. People who can put a blog which is to deface the site through the HTML section on the website the html element 'div' with content sites. Thus, for example, an overlay on the website come with in the case of the website of the Media College a cat Nyan. Then became the administrator of the website is still unknown hackers through the community called for pie for dinner. The boys did, admitted that they had hacked the code, but then decided to go further to look for any other problems on Ning, so said the hackers in an extensive interview with Webwereld.
Soon they discovered that Ning sites very susceptible to cross site scripting (XSS). The MBO students of 17 and 18 were four non-persistent or reflective cross-site scripting vulnerabilities in the site. Which run over several pages on the website. For example, via a link to a specific comment, so with code, or a cancel link containing a standard URL to the previous page. For detail information about the story click here.
The first problem was that the boys were not so serious but annoying. People who can put a blog which is to deface the site through the HTML section on the website the html element 'div' with content sites. Thus, for example, an overlay on the website come with in the case of the website of the Media College a cat Nyan. Then became the administrator of the website is still unknown hackers through the community called for pie for dinner. The boys did, admitted that they had hacked the code, but then decided to go further to look for any other problems on Ning, so said the hackers in an extensive interview with Webwereld.
Soon they discovered that Ning sites very susceptible to cross site scripting (XSS). The MBO students of 17 and 18 were four non-persistent or reflective cross-site scripting vulnerabilities in the site. Which run over several pages on the website. For example, via a link to a specific comment, so with code, or a cancel link containing a standard URL to the previous page. For detail information about the story click here.