Security Risk in Orkut

[sganesh]

Security Threats in Orkut

Breaking - XSS in Scrapbook . If You Open Your Scrapbook You Can Be Hacked!
This is true. You can now get hacked even if you try to read your scraps. There is an XSS prevailing in the scrapbook, which allows the execution of malicious script, which can preform following actions:

* Stealing your cookies
* Logging you out and redirecting you to a fake page (screenshot)
* Logging you out and redirecting you to a
page which automatically installs keylogger, viruses in your computer system.

Solution-> The latest series of firefox comes with an inbuilt feature of httpOnly which encrypts your cookies so that the information in the cookie cannot be read. This may result to be a boon for orkut users.
Article read from
*orkutplus.blogspot.com/2007/12/breaking-xss-in-scrapbook-if-you-open.html

 

[Garbage]

Thanks for info that XSS works on Orkut...

 

[gagan007]

wow ganesh...nice finding

 

[iMav]

Google row it is so safe

 

[The_Devil_Himself]

^^what?

 

[sganesh]

Eventhough google claims orkut to be safe,Hackers are growing their strength day by day.
The real problem is,orkut doesnt check scripts which are good or malicious to execute

 

[thecreativeboy]

good information really nice.

 

[phreak0ut]

Time to move to FF for me till the hole is plugged. I hope Opera also has good protection for this.

 

[naveen_reloaded]

I hate orkut in the first place

 

[nvidia]

I hate orkut in the first place

+1

 

[enticer86]

the best thing to do is NOT to open any links!

 

[Voldy]

oh boy its good for me that iam not so much visiting that site
Thanks for the info buddy nice job ! to alert the visiters.

 

[The Incredible]

i just wanna know whether it is safe to use orkut with opera 9.25 or IE6 or shall i've to move to firefox???

 

[sganesh]

i think its better to use firefox,it has got many awards as most secure web browser,
me haven't tried opera,How is it?