Yes…This is true. You can now get hacked even if you try to read your scraps. There is an XSS prevailing in the scrapbook, which allows the execution of malicious script, which can preform following actions:

• Stealing your cookies
• Logging you out and redirecting you to a fake page (screenshot)
• Logging you out and redirecting you to a page which automatically installs keylogger, viruses in your computer system.

» Safety Measures

• Get Firefox – Latest Version

» Why?

The latest series of firefox comes with an inbuilt feature of httpOnly which encrypts your cookies so that the information in the cookie cannot be read. This may result to be a boon for orkut users.

» Download

You Can download the latest version of firefox from getfirefox.com

• FlashBlock Firefox Addon

» Why

This add on will ensure that no flash file will execute without your prior consent. this is a must install in this case. This is the actual precaution in this issue.

» Download

You can download flashblock from official Firefox addons page – Flashblock addon

» Notes

We have already notified orkut about this loop hole

Gaurav Dua – Orkut Guru – 539 Points
22, Webmaster and Businessman. Based in Jammu, J&K – India
Gaurav has written 507 Articles, posted 322 Comments.

•  
•  
•  
•  
•  
•  
•  
•  
•  
•  
•  
•  
•  
•  
•  
•  
•  
•