Screenshot - WashingtonPost
A Quick introduction to the Post:
- Something was wrong on orkut
- Members were unable to un-join the community.
- Surprisingly, the community featured 400,000 members in 12 hours of it's creation
Note: The so called 'worm' was harmless, but it it raised serious questions on orkut security features.
How Did it all happen?
You read about our warning, an XSS in the scrapbook. Evil minds used this for unethical purposes, but one mind thought the other way. He used this flaw to create a history, turning orkut upside down and leaving them puzzled for sometime.
What Was in His Mind?
Rodrigo Narrates, August 8, 2006 he came to know about an XSS but at that point of time he didn't have perfect programming skills to exploit the hole. He says, at that time he wanted to hack as many communities and profiles as he could on orkut. The hole was fixed soon.
December 19, 2007 , he came across a similar XSS and this time he had proper programming skills to do what ever he wanted to. But his state of mind was a bit different this time. His attempt was not to hack or hurt anyone but wanted to show how destructive this can be if used for evil purposes. He created a fake community -Infectados pelo VĂrus do Orkut which has hit the headlines everywhere.
SCREENSHOT OF NO OF MEMBERS
12 Hours, and the Community with 400,000 Members - How Did He Do It?
- Member Received a Scrap
- That scrap had an embed code.
- That code embed a JavaScript, which was decompressed twice.
- The JavaScript performed following functions:
-> It Automatically Joins a Member to a specific community
-> Member unknowingly sends scrap all to all his friends - with that code embed
-> Scrap is then deleted automatically.
-> So all his friends would do the same and thus, it was a fire spreading rapidly.
-> This came to a halt, when orkut finally fixed the XSS.
REGARDS:-ORKUT PLUS
