Orkut is hit by worm

Chandra — Wed, 19 Dec 2007 16:46:31 +0000

Yes, Orkut is hit by a self spreading worm which did not do any major damages(hopefully) except sending out scraps to your friends on behalf of you. This process repeats itself when someone views an infected scrapbook.

External links on this story:

http://www.pcworld.com/article/id,140653-c,worms/article.html

http://orkutplus.blogspot.com/2007/12/breaking-xss-in-scrapbook-if-you-open.html

Orkut allows embedding html into the scrapbook. One can add falsh objects also. It seems that the worm creator exploited this option to create the worm.

Seems Google guys have fixed it now, but it reminds everyone about how complex web application security is. Primarily handling Cross Site Scripting(XSS) attacks is very crucial for safe web applications.

As most of the Orkut users use the same gmail account with Orkut, Google should be very careful with Orkut and exploits like these can lead to great damages for the users. Imagine giving out your gmail authentication information to someone who you do not know, how bad it will be. These exploits can be such dangerous. Google guys should spend some of there bucks into safeguarding Orkut from further exploits. Wakeup Google, OpenSocial is not the only stuff you have to take care about Orkut, there is something more demanding your attention.

I suggest changing your Orkut or Google Account password regularly if it is the primary email you use it daily. Change your password at least once in two weeks.

Fake and Unreal Profiles: Serious threat for Orkut - Thoughts and Solutions

Chandra — Mon, 15 Oct 2007 19:13:13 +0000

Any useful new technology or any new invention is abused or used for evil purposes. We have seen this through out our history. After all, Orkut is no exception. Fake profiles and the profiles created by marketers to promote their products are few of the serious issues need to be addressed by Google if they want to scale Orkut and become number one in the social networking space.

Fake profiles are usually created to impersonate a real person. They are usually created by the people who know the personal details of a user and create a profile to impersonate him or her and there by causing all sorts of problems for the victim. In February 2007, the father of a South Delhi schoolgirl has approached the Cyber Cell of the Delhi Police’s Economic Offenses Wing complaining against a fake profile of his daughter posted on Orkut. Two men knocked at the girl’s door one day claiming she had invited them through Orkut for discreet intimate relationship. Though the cops can find out the prankster, the victim will suffer a lot socially and even at a personal level. This is a real threat.

Unreal profiles are usually created by real persons who try to act as someone who does not exist in the reality. One kind of these profiles are created by marketers and other people to promote their products and services on Orkut. There is no real harm except getting spam messages and scraps which can easily be avoided by enabling corresponding privacy options. But the real threat with unreal profiles comes into play when a profile is created by a real person to impersonate a non existing person. For example, creating a person’s profile who in the reality does not exist and trying to fool the people and exploit them as if the person actually exists in the reality. This kind of exploiting was very common when the Instant Messaging was introduced and it still continues to exist.

Lets see how Orkut can put some authentication processes in place to combat this serious threat. I have thought of a simple solution and I am sure Google might be trying to implement some kind of solution to tackle this problem.

(more…)

Orkut Apps » Security

Orkut is hit by worm

Fake and Unreal Profiles: Serious threat for Orkut - Thoughts and Solutions