> Date: Fri, 27 Oct 2006 15:52:06 -0400 > From: "Dude VanWinkle" <[EMAIL PROTECTED]> > To: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> > Subject: Re: [funsec] MySpace Accounts Compromised by Phishers > Cc: [email protected] > > On 10/27/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > > On Fri, 27 Oct 2006 15:15:58 EDT, Dude VanWinkle said: > > > On 10/27/06, Fergie <[EMAIL PROTECTED]> wrote: > > > > Good question. :-) > > > > > > > > > > a better question is why the hell would you jack a myspace page? > > > > > > is there any way to make money off it? What are the incentives? > > > > You jack a page, now you have a starting point to feed IE exploits at > > all the victim's friends when they visit. You get lucky and nail somebody > > with 2,349 "friends", that's a lot of leverage. Especially if part of the > > thing you shoot them is something to whack *their* Myspace page and go viral. > > > > High hit rates by people who are likely not security/privacy conscious. > > What's not to like about it if you're a black hat trying to monetize it? :)
Something else he didn't mention... The users probably have the same user name and password for MySpace that they have for other online services. Thus, capturing those may give an 'in' to other, more lucrative, prospects. ------------------------------------------------------------------- I am perfectly capable of learning from my mistakes. I will surely learn a great deal today. "A democracy is a sheep and two wolves deciding on what to have for lunch. Freedom is a well armed sheep contesting the results of the decision." - Benjamin Franklin "The best we can hope for concerning the people at large is that they be properly armed." --Alexander Hamilton _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
