Myspace is the next bug target

Slashdot It! MySpace joins other popular Web sites whose security vulnerabilities form the basis for a so-called "month of bugs" Web site, according to two anonymous hackers who announced the MySpace project on Monday. Though these high-profile stunts call attention to cybercriminals, security experts are nonetheless paying close attention to the results.

Malicious Code

The results will be published on their Month of MySpace Bugs blog, according to Mondo Armando and Mustachio.

The blog mentions that the Month of MySpace Bugs project is intended to expose what they termed "silly bugs" such as scripting and XML annoyances, but that each submitted MySpace hack must include a proof of concept.

"The purpose of the exercise is not so much to expose MySpace as a hive of spam and villainy (since everyone knows that already), but to highlight the monoculture-style danger of extremely popular Web sites," the pair announced on their blog.

In the blog, the hackers suggest the idea behind their mission is altruistic -- but Parry Aftab, an online security and cyberlaw consultant, disagrees.

Instead, the hackers should be working with MySpace to better protect its users. "They need to reach out to MySpace," she said. "They really do care."

Popularity Brings Trouble

The exploding popularity of MySpace has yielded 140 million users and counting as well as an increasing number of security issues, most notably phishing scams and viruses that affect many MySpace users.

Last December, a fast-spreading worm jolted MySpace, swamping users with spam and copying a malicious QuickTime file throughout the MySpace network.

Currently, security experts are paying close attention to threats such as those announced by Mondo Armando and Mustachio, as the free-flow of shared content on MySpace has led to a rise in vulnerabilities and, likewise, hacker attacks.

MySpace "is not designed to be a secure place," said Aftab. "It is place where people want to share information with others. It is a networking community."

Opportunistic Hackers

Recently, the rise of "month of bugs" Web sites -- such as the Month of Apple Bugs, in which hacker HD Moore published one Web browser-related bug per day during the month of July 2006 -- has attracted the mainstream news media, which also calls attention to the hackers.

These high-profile stunts are becoming a way for hackers to call attention to security problems in certain products or Web sites.

In their blog, Mondo Armando and Mustachio said they considered targeting the security problems at any of several Web sites, but they claimed to chose MySpace because it has become becoming notoriously obstinate in responding to security issues