DO IT YOURSELF social networking company Ning is reportedly suffering from a slight security problem that could affect 100 million users.
Ning lets people set up their own gasbag social networking channels and is used by people like the pop group Radiohead. According to a Dutch report a problem with its security could leave them wide open to account hijackers.
A Dutch web site called Web Wereld says that two students, Angelo Geels and Alex Brouwer have exploited cookies to gain login control over Ning user accounts. They used a proof of concept that showed they could access 90,000 accounts and 100 million users, but had no intention of exploiting it for malicious purposes.
They did suggest that if others were able to use it then they could take over Ning accounts. "You can build an application that automates acquisition of an identity," said Geels in the report.
The students told Ning about the exploit last month and since then the firm has worked to fix it. This is not the first time that security students have worked with Ning, and last year students reported five vulnerabilities that included the threat of credit card theft. µ
Sign up for INQbot – a weekly roundup of the best from the INQ