According to ComputerWorld, MySpace seems like the next target for the now-famous "month of bugs" project. The hackers are of course, anonymous, which is perhaps part of the fun of doing such a project. They say that they're going to expose a new bug every day for a whole month, just like the other "month of bugs" projects have done (for example: Month of Apple Bugs and Month of Kernel bugs).

As much fun as it seems, I'm skeptical on how successful and how much of an impact this project is going to have on MySpace. One point that I have to make is that the viewers on MySpace probably couldn't care less about security. Sure, no one wants to have their account hacked, but the measures they take to prevent something like that are quite low, if that is any indication of people's views of security on MySpace. And although the hackers seem like they are trying to make people aware of the bugs, I sort of doubt it's going to work, especially since kiddies are unlikely to read such reports anyway.

I'm also critical of the bugs that they are looking for. In the article, they stated that they are searching for "cross site scripting bugs, which can allow an attacker to execute malicious script within a victim's browser" and "bugs that affect browsers or technologies like Flash or QuickTime". Well, there are definitely security holes in MySpace, but how much different are most of these bugs than the ones that people can implement on their own servers? My suspicion is that a huge amount of these bugs are browser-specific, and are simply filler for when the hackers can't find a "good" bug to post on a particular day.

That being said, I'm beginning to get tired of these "Month of xxx bugs". All too often, the hackers seem to be craving attention for themselves, or to bring bad publicity on the products themselves. Is that a bad thing? Well, it would be if they found "good" bugs. I don't think that to be the case here. For example, one of the hackers even talks about "if it ends up being just as lame as the Month of Apple Bugs...". Exactly. I prove my point.

So I'm not saying that we should choose to ignore the bugs that exist in MySpace, but simply that it's not probable to have much success, and will likely do little to improve MySpace's security (or people's awareness of it). What's wrong with a simple bug submission for heaven's sake?

About the Author