I have admit to tell you, I am MySpace junkie who visit this site occasionally. Why is that? Because I like to share my real-life profile to people, like to keep in touch with old faces from my elementary through college to keep in touch and share their pictures. I usually to check if there are new comment/message/pictures from friends who-I-know in this site.
According to Alexa.com as of January 16 2006, MySpace.com ranked #6 most visited website in globally behind Yahoo, Google, MSN and YouTube.
If you happen to be MySpace addiction, log in every day to get comment, message from your profile and its pictures, post your personal blog entry, view friends contacts across the social networking. You might never know something is bad happen to you and others inside MySpace site.
Today on my new day of the week, I went to MySpace.com site, click to login into the page, enter my email address and password to log into my splash profile page.....
I usually check if there is new bulletin board, comment and message on my profile from my contacts (who I know). I see bulletin board from a girl who-I-know-that-person named "Rosey", subjected, "new pics...comment!!!!"
And I opened this board message and it said: new pics up on my profile, comment or else!!!!! http://viewmorepics.myspace.com/index.cfm[.....]
After I clicked this link, and it appears that I had to login in again to see Rosey's pictures...and wait a minute, I suspected I had to login again right AFTER I clicked the bulletin board? I suspect... take a look upper big red arrow and lower small arrow..
Poof! Firefox caught my attention that this site is suspected forgery:
I looked the URL web address in my Firefox web browser:
http://myimyspace.com/index.cfm/?fAs you see the first domain, myimyspace.com is not official myspace.com domain name, then that means it is truly forgery.
As I am using Firefox 2.0 with powerful site forgery/phishing tools enabled, it appears that this site truly 100% forgery. From the words of F-Secure blog:
Firefox 2.x and Internet Explorer 7 also have their own anti-phishing filters built into the browsers. IE7 checks against locally stored files, then against the URL Reputation Web Service (URS) hosted by MSN, and then uses built-in heuristics to validate the URL. Firefox 2.x has two options – either it checks against Google's AntiTrust database, or it uses a downloaded list of suspected sites. The site list is local to the user's hard drive, so anyone concerned about privacy might prefer this method. The download file is updated frequently.
How did Rosey post this bulletin, and he/she knew that she never did? MySpace have many security vulnerabilities, example such as worm that possibly infect her MySpace profile.
My advice: Do not use your same password from MySpace, bank website, email web service, etc or else you will get screw up. You will never know the MySpace intruder could take your name (email) and password, the intruder can access email web service with same password.
Keep in mind to yourself: Protect your identify from networking!
del.icio.us
| Permalink
