April to See Month of MySpace Bugs 165
An anonymous reader passed us a link to PC World's coverage of the upcoming Month of MySpace bugs. Organized by a pair of wiseacre hackers tired of the 'Month of X Bugs', they are set up to 'highlight the monoculture-style danger of extremely popular websites.' Though it's supposed to be funny, outside security analysts have apparently been consulted on the project. "Though the project, which launches on April 1, has all the appearance of a practical joke one well-known hacker said he'd been contacted by the Month of MySpace team with legitimate security questions. 'Those guys and I have been keeping in touch,' said Robert Hansen, chief executive of Sectheory.com. 'It's funny but it's not a joke.'"
Re:well (Score:5, Interesting)
Which is all the more reason to make sure that no software ever has a really huge user base. It's bad for everybody.
Right now, one major thing that keeps Myspace's user base so incredibly high is the lack of a widely adopted technology like OpenID [openid.net]. Many people get Myspace accounts because they're forced into it in order to communicate reasonably with a friend, and then decide "Oh, what the heck." and build content of their own there as well. I know that's why I have a MySpace account (and, strangely enough, Omnifarious on MySpace isn't me).
Re:MySpace's Microsoft-backed infrastructure. (Score:2, Interesting)
Root/Administrator is a design flaw.
All the platforms you mention have holes in them.
And PHP is a crock, steer well clear. See http://www.php-security.org/ [php-security.org]
Re:well (Score:3, Interesting)
How are Myspace and OpenID remotely related? A decentralized social network would be nifty, but OpenID definitely isn't one. In the mean time, better social networks offer open APIs [facebook.com] that let you access their friend data.
Re:Why is it "funny" to exploit security bugs? (Score:5, Interesting)