Slashdot Mirror

← Back to Stories (view on slashdot.org)

April to See Month of MySpace Bugs

Posted by Zonk on from the next-up-a-month-of-teddy-bear-bugs dept.

An anonymous reader passed us a link to PC World's coverage of the upcoming Month of MySpace bugs. Organized by a pair of wiseacre hackers tired of the 'Month of X Bugs', they are set up to 'highlight the monoculture-style danger of extremely popular websites.' Though it's supposed to be funny, outside security analysts have apparently been consulted on the project. "Though the project, which launches on April 1, has all the appearance of a practical joke one well-known hacker said he'd been contacted by the Month of MySpace team with legitimate security questions. 'Those guys and I have been keeping in touch,' said Robert Hansen, chief executive of Sectheory.com. 'It's funny but it's not a joke.'"

7 of 165 comments (clear)

  1. But April only has 30 days by Anonymous Coward · · Score: 5, Insightful

    You'd think they'd do a year of MySpace bugs.

  2. clown shoes security? by sfjoe · · Score: 5, Insightful

    I don't use MySpace so I know nothing of their security. But this guy's statement struck me, "Even when they have countermeasures in place... it's trivial to obfuscate to evade their detection mechanisms."
    If their security model is based on detecting patterns, then they will never be able to get out of the Red Queen's Race. A properly designed web app has as its core philosophy, "that which is not explicitly allowed is denied". Ttrying to detect all the possible variants of hacking and denying them then is a fool's errand.

    --
    It's simple: I demand prosecution for torture.
  3. Re:Why is it "funny" to exploit security bugs? by QuantumG · · Score: 2, Insightful

    Because they claim they are secure. It's like if someone was to build a big fence around their property, place armed guards, security cameras, attack dogs, and then boast in a local newpaper that they are secure.. you'd have a nice good laugh if it turns out their cleaning lady stole their diamonds.

    --
    How we know is more important than what we know.
  4. Re:Why is it "funny" to exploit security bugs? by robla · · Score: 2, Insightful

    I might experience a little schadenfreude, but I also would happily approve of the cleaning lady being thrown into the clink.

  5. Re:Why is it "funny" to exploit security bugs? by SadGeekHermit · · Score: 2, Insightful

    It has been long established that it is simply NOT POSSIBLE to write software without bugs.

    The best that any developer can hope for is to find the bugs quickly and remove them.

    Stunts like this only serve to attack a development project without doing anything productive to help fix it.

    Your own comment shows that you think the same way: "These guys are idiots, switch to someone else".

    They're not idiots. They're just the guys who happened to be arbitrarily chosen for public attack.

    And it IS perfectly arbitrary.

    Don't try to turn attention-whoring into some noble quest. It's not and never will be.

    --
    NO CARRIER
  6. Re:Why is it "funny" to exploit security bugs? by Watson+Ladd · · Score: 2, Insightful

    The point is to put pressure on an unresponsive vendor or one with a bad track record to improve. And if you have insecure products on a network you deserve getting hacked. OpenBSD/RBASC are free, and they are never attacked successfully. Attackers are part of the internet environment now, and complaining about it is like complaining about rain making your expensive suit wet when you forgot an umbrella. Sure, it might be expensive to be secure, but that's the tradeoff, and it is not going to change.

    --
    Inventions have long since reached their limit, and I see no hope for further development.-- Frontinus, 1st cent. AD
  7. Quick easy one line fix for all Myspace bugs by britneys+9th+husband · · Score: 2, Insightful

    127.0.0.1 myspace.com

    --
    Hear recorded Slashdot headlines on your phone! New service beta testing. Just call (248) 434-5508