Skip to main content

Buffer overflows scupper Facebook, MySpace says software firm

Fortify Software says that buffer overflows are at the heart of a series of hacks against the Facebook and MySpace social networking sites.

"A buffer overflow enabled hackers to exploit the Aurigma ActiveX image uploading software used by these two - and other - social networking sites," said Rob Rachwald, Fortify Software's Director of Product Marketing.

"The bad news is that this exploit is being used in a hacker toolkit currently being offered for download on several Chinese language hacker sites, meaning that novices have been able to stage these attacks, and not just professional hackers," he added.

According to Rachwald, criminal hackers now view these social networking sites as their best target for attacks.

"Part of the reason for this is that the sites are designed to be usable by `unsophisticated' consumers. This means that the barrier to entry for attacks is potentially lower, as users are more likely to click on a link that leads them to malware," he explained.

Rachwald argues that the social networking sites can no longer restrict their concerns solely to their own security practices, but now take in the practices of their suppliers.

"It's the whole `make sure you and your partner gets tested principal. Had Facebook and MySpace required Aurigma to provide a proof of a code audit before sourcing the plug-in, this latest security issue could have been avoided," he said.

Désiré has been musing and writing about technology during a career spanning four decades. He dabbled in website building and web hosting when DHTML and frames were en vogue and started writing about the impact of technology on society just before the start of the Y2K hysteria at the turn of the last millennium. Following an eight-year stint at where he discovered the joys of global tech-fests, Désiré now heads up TechRadar Pro. Previously he was a freelance technology journalist at Incisive Media, Breakthrough Publishing and Vnunet, and Business Magazine. He also launched and hosted the first Tech Radio Show on Radio Plus.