Slashdot Mirror

← Back to Stories (view on slashdot.org)

MySpace Private Pictures Leak

Posted by ScuttleMonkey on from the if-you-don't-want-it-shared-don't-put-it-out-there dept.

Martin writes "We all heard about the MySpace vulnerability that allowed everyone to access pictures that have been set to private at MySpace. That vulnerability got closed down pretty fast. Unfortunately though (for MySpace) someone did use an automated script to run over 44,000 profiles that downloaded all private pictures which resulted in a 17 Gigabyte zip file with more than 560,000 pictures. The zip file is now showing up on popular torrent sites across the net."

6 of 405 comments (clear)

  1. Re:Trap! by Firehed · · Score: 2, Interesting

    I know the legal answer is yes, but should it really count if they take and post the pics themselves?

    --
    How are sites slashdotted when nobody reads TFAs?
  2. Re:Solution: by mstahl · · Score: 2, Interesting

    Really? I think it just shows that MySpace is not (nor is it intended to be) a high security repository.

    With underage kids able to post whatever photos they want without moderation, it needs to be, though. If myspace can't hold their shit together with this then they're going to either have to start moderating photos somehow, start verifying ages somehow, or not allow youngin's to join at all. I doubt any of those is particularly palatable with them, but really this is just a consequence of appealing to the super-young crowd anyway. It's become a haven for all manner of shadiness.

  3. Re:Trap! by MBGMorden · · Score: 5, Interesting

    Ironic. It's little known that parents are explicitly allowed to have nude photos of their kids as long as they are obviously not being abused and the pictures are not distributed. It keeps all the parents with the pictures of babies in the bathtub from going to jail. Kinda stupid that your parent can have a picture of you naked but this girl gets charged with child porn charges for having pictures of HERSELF.

    --
    "People who think they know everything are very annoying to those of us who do."-Mark Twain
  4. Re:Dueling compression algorithms by syukton · · Score: 4, Interesting

    Those multiple .RAR files most likely originated on Usenet, where corruption-resistance is very important (indeed, the .RAR files are often accompanied by .PAR parity files as well).

    The .torrent was probably just created from a usenet download, omitting the .PAR files (which are unnecessary when using Bittorrent).

    --
    Reinvent the wheel only at either a lower cost, greater effectiveness, or your own personal enrichment and satisfaction.
  5. Re:Static Content Server by Bri3D · · Score: 2, Interesting

    Yes. This is how MySpace, Facebook, Photobucket, etc. are designed. It'd be very database-intensive and difficult to handle sessions/permissions every single time someone requested a static image.
    It's not a big deal in the case of MySpace and Facebook; the images are randomly-enough named that I don't think anyone's figured out the scheme (if there is one). Basically all it does is let you and your friend trade images of people one of you already knows, which isn't too bad considering that anyone who posts images anywhere on the internet with any expectation of privacy is pretty silly to start with.
    However, in Photobucket (which is insecure in general; they still store plaintext passwords amongst other issues), which doesn't rename uploaded images, it results in an amusing hobby called "fuskering" where common image sequences (i.e DCIMxxxx.JPG, etc.) can be sequentially requested from a user's account until one matches.

  6. Re:Trap! by aminorex · · Score: 2, Interesting

    Do you mean that Rupert Murdock is distributing c.p.?

    --
    -I like my women like I like my tea: green-