Social networking Web sites such as MySpace.com are increasingly juicy targets for computer hackers, who are demonstrating a pair of vulnerabilities they claim expose sensitive personal information and could be exploited by online criminals.
The flaws are being demonstrated this week at the Black Hat and Defcon hacker conferences, which draw thousands of people to Las Vegas each year for five days of training and demonstrations of the latest exploits.
Black Hat, the more genteel of the two events with heavy industry sponsorship and big admission fees, ended Thursday with some 4,000 attendees. Defcon, larger and more roguish, started smoothly Friday, without any of the registration problems that irked fire officials last year and caused lengthy delays. Organizers said more than 6,800 people attended the first day, with more expected Saturday.
There was a moment of drama in the afternoon when organizers received a tip that an undercover NBC producer was covertly filming some of the sessions. The woman was identified during one of the presentations, and she hustled away from the convention site without comment.
An NBC spokeswoman said the network doesn't comment on its newsgathering practices. Defcon organizers said NBC had been offered press credentials but declined.
Infiltrating password-protected social networking sites has been an increasingly fruitful area of study for hobbyists and professional computer security researchers.
One hacker, Rick Deacon, a 21-year-old network administrator from Beachwood, Ohio, says he's discovered a so-called "zero-day" flaw -- or a problem that hasn't been patched yet -- in MySpace that allows intruders to commandeer personal Web pages and possibly inject malicious code.
Deacon is scheduled to present his findings Sunday. So far, it only affects older versions of the Firefox Web browser and does not affect Internet Explorer, he said.
The attack uses a so-called "cross-site scripting" vulnerability, a common type of flaw found in Web applications that involves injecting code onto someone else's Web page.