Rick Deacon, a 21-year-old network administrator from Ohio, will talk today at Defcon about a zero-day flaw (unpatched problem) in MySpace that lets the hacker take control of your page. It's yet another XSS (cross-site scripting) vulnerability that requires MySpace users to click on a link to a site where their cookies can be stolen.
A few caveats, however,: it only works in older versions of Firefox and doesn't work in IE at all. The obvious solution to this one - if you use MySpace or most other social networks - is to upgrade to the latest version of Firefox. But no action is really going to help evade the scores of security problems that keep springing up on MySpace: with technically inexperienced users and the ability to place code on pages, vulnerabilities abound on social networks. In mid-July, for instance, we were told about a vulnerability involving Slide.com and hi5: a Slide slideshow placed on a profile could automatically redirect visitors to any site.