Please support our Tech Talk advertiser:
Featured Entry 
Mar 19th, 2007, 2:09 am
According to ComputerWorld, MySpace seems like the next target for the now-famous "month of bugs" project. The hackers are of course, anonymous, which is perhaps part of the fun of doing such a project. They say that they're going to expose a new bug every day for a whole month, just like the other "month of bugs" projects have done (for example: Month of Apple Bugs and Month of Kernel bugs).
As much fun as it seems, I'm skeptical on how successful and how much of an impact this project is going to have on MySpace. One point that I have to make is that the viewers on MySpace probably couldn't care less about security. Sure, no one wants to have their account hacked, but the measures they take to prevent something like that are quite low, if that is any indication of people's views of security on MySpace. And although the hackers seem like they are trying to make people aware of the bugs, I sort of doubt it's going to work, especially since kiddies are unlikely to read such reports anyway.
I'm also critical of the bugs that they are looking for. In the article, they stated that they are searching for "cross site scripting bugs, which can allow an attacker to execute malicious script within a victim's browser" and "bugs that affect browsers or technologies like Flash or QuickTime". Well, there are definitely security holes in MySpace, but how much different are most of these bugs than the ones that people can implement on their own servers? My suspicion is that a huge amount of these bugs are browser-specific, and are simply filler for when the hackers can't find a "good" bug to post on a particular day.
That being said, I'm beginning to get tired of these "Month of xxx bugs". All too often, the hackers seem to be craving attention for themselves, or to bring bad publicity on the products themselves. Is that a bad thing? Well, it would be if they found "good" bugs. I don't think that to be the case here. For example, one of the hackers even talks about "if it ends up being just as lame as the Month of Apple Bugs...". Exactly. I prove my point.
So I'm not saying that we should choose to ignore the bugs that exist in MySpace, but simply that it's not probable to have much success, and will likely do little to improve MySpace's security (or people's awareness of it). What's wrong with a simple bug submission for heaven's sake?
As much fun as it seems, I'm skeptical on how successful and how much of an impact this project is going to have on MySpace. One point that I have to make is that the viewers on MySpace probably couldn't care less about security. Sure, no one wants to have their account hacked, but the measures they take to prevent something like that are quite low, if that is any indication of people's views of security on MySpace. And although the hackers seem like they are trying to make people aware of the bugs, I sort of doubt it's going to work, especially since kiddies are unlikely to read such reports anyway.
I'm also critical of the bugs that they are looking for. In the article, they stated that they are searching for "cross site scripting bugs, which can allow an attacker to execute malicious script within a victim's browser" and "bugs that affect browsers or technologies like Flash or QuickTime". Well, there are definitely security holes in MySpace, but how much different are most of these bugs than the ones that people can implement on their own servers? My suspicion is that a huge amount of these bugs are browser-specific, and are simply filler for when the hackers can't find a "good" bug to post on a particular day.
That being said, I'm beginning to get tired of these "Month of xxx bugs". All too often, the hackers seem to be craving attention for themselves, or to bring bad publicity on the products themselves. Is that a bad thing? Well, it would be if they found "good" bugs. I don't think that to be the case here. For example, one of the hackers even talks about "if it ends up being just as lame as the Month of Apple Bugs...". Exactly. I prove my point.
So I'm not saying that we should choose to ignore the bugs that exist in MySpace, but simply that it's not probable to have much success, and will likely do little to improve MySpace's security (or people's awareness of it). What's wrong with a simple bug submission for heaven's sake?
This blog entry was written by John Altenmueller, staff writer aka John A. It has received 1,719 views, 0 comments, and 14 linkbacks. 3 voters have rated this entry an average of 4.67 out of 5 stars. It was promoted to featured status Mar 19th, 2007.
•
•
•
•
api blogging browsing bugs ccna community computer corporation creepy developer elgg engineering facebook facelift family firefox google hacking internet journalism legal linus torvalds linux mapping mcse messaging mozilla myspace network networking networks news offenders open source persuade post to programming quicktime rules safety security social social network social networking survey teens virtual workplace worm
All Recent Tags Post Comment
•
•
•
•
Only community members can start a blog or comment on blog entries. You must register or log in to contribute.
•
•
•
•
•
•
•
•
DaniWeb Tech Talk Marketplace
Related Blog Entries
- It's True -- Some People Want You Kept in the Dark (16 Hours Ago)
- Virtual physios to soothe stroke recovery (1 Day Ago)
- AMDS Gloomy Future. (1 Day Ago)
- Don't Allow Security Breaches to Rip Your Britches (3 Days Ago)
- Internet Speed Tests Provide Misleading Results (4 Days Ago)
- Microsoft's Photosynth Will Fail (4 Days Ago)
- Swedes test faultless iPhone 3G and surprisingly find no faults (4 Days Ago)
- Redhat and Fedora Servers breached (5 Days Ago)
- Charge Your Laptop Without Plugging In: Intel (7 Days Ago)
- As Palm Releases Treo Pro, Its Future May Rely on One (7 Days Ago)
Related Forum Threads
- "Save Target As.." isn't working in IE6 (Web Browsers)
- Error while trying the update query (ASP)
- Check existing users in the database (ASP)
- When a host says "included scripts" (Networking Hardware Configuration)
- IE "cannot find server" after sp2 (Web Browsers)
- Italicized text, and a "refresh install" (Windows NT / 2000 / XP / 2003)
- Win2000's "Task Manager" Grayed out (Windows NT / 2000 / XP / 2003)
- Hotmail "error on page" problem (Web Browsers)
- NetZero..."high speed"? (Techies' Lounge)
