by Playfuls Staff |
18th March 2007
Who are those two? Well, just a couple of hackers that you can see in the picture, who claim the popular social site MySpace.com is full of security vulnerabilities and plan to reveal them. One bug at [more] a time.
They claim on their blog that April 2007 will be the Month of Myspace Bugs, - in their words a “whiny, attention-seeking ploys for acceptance”.
“The purpose of the exercise is not so much to expose Myspace as a hive of spam and villainy (since everyone knows that already), but to highlight the monoculture-style danger of extremely popular websites populated by users of various levels of sophistication. We could have just as easily gone after Google or Yahoo or MSN or ZDNet or whatever. Myspace is just more fun, and is becoming notoriously dickish about responding to security issues.”
Actually, the reasons for going after MySpace are more: the News Corp-owned domain is the biggest social site in the world, thus bringing a lot of profits to its owners. There have also been many scandals in the past concerning MySpace’s security against phishing attacks and against sexual predators.
MySpace.com discovered that some of the profile pages representing police or sheriff's departments on the popular Internet networking site are fakes.
While MySpace has encouraged police to have a presence on the site as a way to deter pedophiles, it was discovered that at least six of the 16 law enforcement profile pages on MySpace were bogus.
Mondo Armando and Müstaschio plan to attract attention to themselves by revealing at least a bug daily, following the model of the famous hacker HD Moore, who started a fashion last year in July with the publication of one browser bug per day. Since then, we’ve witnessed entire months dedicated to the unraveling of bugs in Apple’s software, in Linux kernel or in PHP.
The two are also accepting bugs signaled by others, but “while heap overflows and format strings and integer wraps are great and everything, we don't intend to have too many "real" bugs. Most of what we intend to publish are silly XSS/misleading CSS style bugs that Myspace users may actually be able to use for a little while, and that involve only Myspace.com stuff.”
They also want to unveil bugs from QuickTime or Flash, but all bugs are welcome: “all are fine, even though they're third party. Bugs in MySpace skinning services or whatever is ideal, especially if most users would blame Myspace for the problem.”
Apparently, there are considering the job a joke rather than a serious matter: “If it ends up being just as lame as the Month of Apple Bugs, then we haven't really missed the mark. If it's funnier, then great. If it kills this Month of Whatever fad, then hurray for everyone, it's over.”
The start (or not) will be given on April 1: “April 1, 2007. Yes, we know. No, it's serious. No, not really…”
Washington Post reports that although they might be trying to fool everyone, they are doing an excellent job. It appears that since last Thursday, when they’ve launched their project, they have been in contact with Robert Hansen, chief executive of Sectheory.com, who declared that: "Those guys and I have been keeping in touch. It's funny but it's not a joke."
