Video: It’s easier than ever to hack user-generated content sites
Nathan Hamiel (right) and Shawn Moyer (left) love social sites from MySpace to Facebook. But at the Defcon and Black Hat security conferences this year, they gave talks about how easy it is to compromise web sites that accept user-generated content.
The arms race to aggregate content into social sites is leading to a “broader attack surface.” Virus creators know they can get a better payoff if they exploit social networking to help spread their wares.
The two security researchers are no strangers to the topic. Last year, they gave a talk about hacking MySpace and called it “Satan is on my friends list.” They found that user-generated content introduced a whole set of security concerns because it brings in content from third parties who may or may not be reliable. One way to exploit user-generated content sites is with cross-site request forgery, which gets around authentication methods.
This year, they introduced MonkeyFist, a tool that automates the process of doing cross-site request forgeries. In other words, you still can’t trust your friends list.
Nathan Hamiel and Shawn Moyer on hacking Web 2.0 from Dean Takahashi on Vimeo.
Next Story: Midomi lets you identify and search for music, hits No. 1 iPhone paid music app
Previous Story: PayPal blackout hits e-commerce
About the Author, Dean Takahashi
Dean is lead writer for GamesBeat at VentureBeat. He covers video games, security, chips and a variety of other subjects. Dean previously worked at the San Jose Mercury News, the Wall Street Journal, the Red Herring, the Los Angeles Times, the Orange County Register and the Dallas Times Herald. He is the author of two books, Opening the Xbox and the Xbox 360 Uncloaked. Follow him on Twitter at @deantak, and follow VentureBeat on Twitter at @venturebeat.
-
ericmoritz
-
ShawnM
-
Name