56,000 usernames and passwords published

MySpace users at risk: 56,000 usernames and passwords published

http://tech.monstersandcritics.com/news/article_1247243.php/MySpace_users_at_risk_56000_usernames_and_passwords_published

When does the line between security research and malicious criminal intent blur? When does proof-of-concept become targeted and dangerous? The answer: when you set out to exploit two publicly known holes in two different browsers, and then post the results to a public mailing list.

The website link and name of the mailing list will remain unknown for this article. Monsters and Critics will not spread the information any more than it already has leaked over the internet. The information is a list; one that contains fifty-six thousand usernames and passwords for accounts on the popular social-networking site MySpace.

How did this happen? This was allowed to happen because Internet Explorer versions 6 and 7, as well as Firefox versions 1.5.x and 2.0.x, are open to an exploit that is yet unpatched by either vendor. Both vendors are aware of these exploits and both have been repeatedly warned about these flaws and the risk they pose; code to prove these exploits have been around the web several times. These proof-of-concept codes exist to serve two things, prove to the vendor the threat is real and to allow others to gain insight on how the vulnerability works.
-----------------------------------------------

A better Browser ... http://www.opera.com ... But that's just my opinion

:)

.

compromised might want to be able to check, and know, one way or another...

I use Firefox and the Windows version of IE only to test out web sites I design. I write for Safari, generally the most standards-compliant browser, then correct for Firefox and (especially) AIIIIIEEEEEEEEE

know if they tried it on Opera's Wand. Of couse, the Wand isn't automatic, which helps a lot. This is a phishing scheme where they set up a phony site to harvest the info, and the only "security" I can think of for that is the warning popups that the site is phishy-- and don't automatically log on. Dunno about IE, but Opera and FF have that-- you just gotta believe the warnings. (Eudora has such phishfinding stuff built into it, too, btw, but all the talk is about Thunderbird.)

I agree about Opera and have been using it since 3.x as my primary browser. Who but us knew about tabs and tiled windows back then, eh? Every so often they hint that they're falling far enough behind that they might stop development, and that bothers me. I'm finding more and more sites written for IE and FF now, and there are some really neat extensions for FF. For a while, you needed to dig around for extensions to get the stuff Opera had built in, but FF has reached the point where geekdom is doing some serious development.