Security Threats in Orkut
Breaking - XSS in Scrapbook . If You Open Your Scrapbook You Can Be Hacked!
This is true. You can now get hacked even if you try to read your scraps. There is an XSS prevailing in the scrapbook, which allows the execution of malicious script, which can preform following actions:

* Stealing your cookies
* Logging you out and redirecting you to a fake page (screenshot)
* Logging you out and redirecting you to a
page which automatically installs keylogger, viruses in your computer system.
Solution-> The latest series of firefox comes with an inbuilt feature of httpOnly which encrypts your cookies so that the information in the cookie cannot be read. This may result to be a boon for orkut users.
Article read from
http://orkutplus.blogspot.com/2007/1...-you-open.html