MySpace weakness patched, hacker's profile deleted

LAS VEGAS (AFP) - By the time Rick Deacon was done showing hackers in Las Vegas how to commandeer MySpace profile pages, he was evicted from the social networking website and the weakness fixed.

The US college student uncovered a MySpace vulnerability months ago and shared his discovery at DefCon, the largest gathering of computer hackers in the world.

"Obviously they weren't happy about it," Deacon said after he finished his presentation, checked his e-mail and saw a message from MySpace telling him his account was deleted for "violating terms of service."

"In retrospect, I should have used a dummy account."

Deacon's attack relied on duping MySpace users into clicking rigged links, perhaps in online forums or bulletin boards, which routed them to a file that steals passwords and identifying information stored in software "cookies."

Hackers could take control of users' profiles and use them as springboards for more attacks or to infect users' computers with viruses, according to Deacon.

"It's fixed now as far as I can tell," Deacon told AFP. "I'm actually proud of them for finally patching it."

Deacon said he created a new MySpace account but has no plans to hunt for a new way to hack the website.

"If you talk to them, tell them I'm sorry," Deacon said. "I'll keep my new MySpace account as what it should be, a place for talking to my friends."

Show comments