haCk's Tools

You can import posts and comments from a previously exported Blogger blog, export this blog, or permanently delete it.

Thursday, August 27, 2009

Hacking MySpace with Google?

I was actually searching for php code snippets to do legal stuff last night when I came across a series of article relating to hacking MySpace profiles.


Not having a MySpace profile I can't really vouch as to whether or not it really works. It still makes some interesting reading.

You first start of by opening a tab in your browser and go to www.google.com.

Here are a few of his tactics he used by typing the words in Bold into the search bar:

www.myspace.com "my phone number is"

This will review the numbers of people who are actually stupid enough to include their private phone number as part of their profile content. Never a good idea.

I ran a search and got about 8 000 results, a lot of them contained Profile names and numbers.

Try it and see for yourself. Next up we have:

www.myspace.com "my address is"

Now this one yielded about 24 000 result but it is a borderline query to run as some people refer to address as their physical address - very stupid - and most refer to address as their email. In both cases it is a little stupid. The one resulting in mad men and crazy stalkers showing up at your door step and the other in a swarm of spam coming to your mailbox.

If you wonder how it happened you should not be on the net.

I wouldn't put the blame on Google at all, neither on MySpace since they do exactly what they should be doing. The one is a posting board displaying what the user puts in and the other crawls that page and returns with results to index and display to the searching community.

Facebook contain some other security flaws due to some of the third party user apps being created on the site. One of these are the "Moods" application where they make use of Limelight.

It is important to understand that this is not a true site hack but an application hack. One should feel that Facebook would enforce a set of code checking to make sure its members are protected.

The bottom line is to keep your private information private and not publish it to the public domain. Once on the net nothing is really private.

Labels:

0 Comments:

Post a Comment

Subscribe to Post Comments [Atom]

<< Home