| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri Jan 6 20:00:06 2006 From: compromise at gmail.com (Xavier) Subject: FW: myspace - add hundreds of friends instantly and automatically with this awesome tool Debasis, it looks like the 'bot' simply automates the process in which friends are invited, or at least thats what the FAQ seems to make one think: "Q: Picture varification code comes up while adding friends why? A: One of Myspace's new security features. It pops up every once in a while, just punch the numbers in and the program is good to keep going." if this bot indeed exploited some sort of XSS hole, and propagated, or used some sort of attack technique to automatically invite users without acceptance of the target user -- then that'd be interesting to dissect. however I do not think that is the case: "Q: It stoped adding friends. What happened? A: MySpace.com has limits in their site where you can only add so many at a time. Try to stay under 450 per day and you sould be fine." as for that 'virtually invisible' part, now I'd like to know what the author of that site meant by that -- unless a second account is created to send the invites from, and within the invites themselves contained the real user seeking friends. *shrug* -- Xavier. On 1/6/06, Debasis Mohanty <mail@...kingspirits.com> wrote: > > > > Although I am not much familiar with myspace and have never used it but the samy's outbreak was really interesting and dragged my attention a little towards such worms. > > > > It seems 'samy' is not alone in this field and there are couple of bots seems to be still exploiting myspace. http://myfriendadder.com/index.html > > The interesting part is this particular bot claim to make the attacker's login ID invisible to the admins - > > > > http://myfriendadder.com/faq.html > > <snip> > > Q: Can I be banned by using this program? > A: This version of the program makes you invisible to > myspace.com admins making you 'virtually unbannable'. > > </snip> > > > > A myspace friend adder bot project bid can seen here > > http://www.getafreelancer.com/projects/Visual-Basic/MySpace-Friend-Adding-Bot.html > > > > A quick googling result > > http://www.google.co.in/search?q=myspace+bot&btnG=Search&hl=en > > > > > > - Debasis > > > ________________________________ > From: myspace technical group [mailto:support@...pace.com] > Sent: Friday, January 06, 2006 1:33 AM > To: mail@...kingspirits.com > Subject: myspace - add hundreds of friends instantly and automatically with this awesome tool > > > This message was brought to you from your subscription to myspace > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > >
Powered by blists - more mailing lists