March 16th, 2007

Up next: Month of MySpace bugs

Posted by Ryan Naraine @ 7:53 am

Categories: Apple, Botnets, Browsers, Data theft, Exploit code, Hackers, Metasploit, Patch Watch, Responsible disclosure, Spam and Phishing, Spyware and Adware, Viruses and Worms, Vulnerability research

Tags: Bug, MySpace, Ryan Naraine

The month-of-bugs phenomenon is showing no signs of slowing down. Next up: MySpace.

During the month of April, hackers plan to expose security vulnerabilities in the popular social networking portal.

The idea behind the planned Month of MySpace Bugs, according to the organizers, is to publish "silly XSS/misleading CSS style bugs" that affect MySpace user pages.

But in the end, the only requirement is that all bugs posted as part of MOMBY must have an attached PoC that touches MySpace.com, somewhere. So, browser bugs, Flash bugs, QT bugs, all are fine, even though they're third party. Bugs in MySpace skinning services or whatever is ideal, especially if most users would blame Myspace for the problem.

MySpace has had its share of security hiccups as malware writers and spyware purveyors take advantage of poor coding practices and the willingness of end users to click and accept untrusted executables.

Ever since hacker HD Moore started the MoBB (month of browser bugs) project last July, we've seen copycat projects exposing security holes in OS kernels, the Mac OS X ecosystem and flaws in the the PHP scripting language.

[UPDATE: March 16, 2007, 2:37 PM] Chances are this is a hoax.  April 1st start date, etc.  The organizers, responding to an e-mail query, insists it's real.  Who knows?  Take with a grain of salt.