MySpace Bug Alerts Could Trigger Mischief
MySpace joins other popular Web sites whose security vulnerabilities form the basis for a so-called "month of bugs" Web site, according to two anonymous hackers who announced the MySpace project on Monday. Though these high-profile stunts call attention to cybercriminals, security experts are nonetheless paying close attention to the results.
Mar 19, 2007 11:56 AM PT
A pair of hackers has threatened to engage in a self-described "attention-seeking ploy" next month by exposing security holes in social networking Web site MySpace.
The duo, who call themselves "Mondo Armando" and "Mustachio," say they will launch attacks against the popular Web site each day in the month of April and then publish a list of the discovered vulnerabilities online.
The results will be published on their Month of MySpace Bugs blog, according to Mondo Armando and Mustachio.
The blog mentions that the Month of MySpace Bugs project is intended to expose what they termed "silly bugs" such as scripting and XML annoyances, but that each submitted MySpace hack must include a proof of concept.
"The purpose of the exercise is not so much to expose MySpace as a hive of spam and villainy (since everyone knows that already), but to highlight the monoculture-style danger of extremely popular Web sites," the pair announced on their blog.
In the blog, the hackers suggest the idea behind their mission is altruistic -- but Parry Aftab, an online security and cyberlaw consultant, disagrees.
"If they are serious about making it safer, this won't help," Aftab told TechNewsWorld. "This will help cyber-stalkers and pedophiles manipulate the site. It's dangerous."
Instead, the hackers should be working with MySpace to better protect its users. "They need to reach out to MySpace," she said. "They really do care."
Popularity Brings Trouble
The exploding popularity of MySpace has yielded 140 million users and counting as well as an increasing number of security issues, most notably phishing scams and viruses that affect many MySpace users.
Last December, a fast-spreading worm jolted MySpace, swamping users with spam and copying a malicious QuickTime file throughout the MySpace network.
Currently, security experts are paying close attention to threats such as those announced by Mondo Armando and Mustachio, as the free-flow of shared content on MySpace has led to a rise in vulnerabilities and, likewise, hacker attacks.
MySpace "is not designed to be a secure place," said Aftab. "It is place where people want to share information with others. It is a networking community."
Recently, the rise of "month of bugs" Web sites -- such as the Month of Apple Bugs, in which hacker HD Moore published one Web browser-related bug per day during the month of July 2006 -- has attracted the mainstream news media, which also calls attention to the hackers.
These high-profile stunts are becoming a way for hackers to call attention to security problems in certain products or Web sites.
In their blog, Mondo Armando and Mustachio said they considered targeting the security problems at any of several Web sites, but they claimed to chose MySpace because it has become becoming notoriously obstinate in responding to security issues.
News Corp., the owner of MySpace, did not immediately respond to requests for comment.