News: Firefox attack targets Myspace

This is just a reminder to be careful when using social networking websites. Just like any other community there are people here that want to cause harm.

The PC Advisor reports that:

The flaw lies in Firefox’s Password Manager software, which can be tricked into sending password information to an attacker’s website, said Robert Chapin, president of Chapin Information Services.

For the attack to work, attackers need to be able to create HTML forms on the website, something that’s allowed on blogging and social-networking sites.

This approach was used in a MySpace phishing attack reported in late October. In that attack, users registered a MySpace account named login_home_index_html and used it to host a fake log-in page that exploited the flaw.

Currently firefox is treating this as a critical bug and will hopefully have a fix for it soon.

To read the entire article: click here.

Technorati Tags: phishing, myspace, firefox, security flaw