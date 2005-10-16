With the advent of social networking sites, becoming more popular is as easy as crafting a few lines of JavaScript code, it seems.
One clever MySpace user looking to expand his buddy list recently figured out how to force others to become his friend, and ended up creating the first self-propagating cross-site scripting (XSS) worm. In less than 24 hours, "Samy" had amassed over 1 million friends on the popular online community.
http://www.betanews.com/article/CrossSite_Scripting_Worm_Hits_MySpace/1129232391
More Microsoft holes pending
While Microsoft has released nine patches for October 2005, eEye Digital Security has released an advisory noting the large number of critical holes it has found in Microsoft products that have not yet been addressed. eEye informed Microsoft March 29, 2005 (197 days old) of flaws affecting default installations of Internet Explorer and Outlook that could let an attacker execute malicious code. eEye also informed Microsoft of another flaw in Explorer and Outlook that has gone unpatched for 160 days, and a third for 107. eEye says RealNetworks and Macromedia also have "serious" flaws that have gone unpatched for nearly 107 days. eEye has a policy of informing companies of flaws and waiting for a patch before releasing details to the public. Public disclosure of flaws has been a hotly debated issue in the software industry, leading major developers to create the Organization for Internet Safety to promote rational disclosure standards.
http://www.smh.com.au/news/breaking/more-microsoft-holes-pending/2005/10/14/1128796681908.html