Up next: Month of MySpace bugs

Summary:The month-of-bugs phenomenon is showing no signs of slowing down. Next up: MySpace.

The month-of-bugs phenomenon is showing no signs of slowing down. Next up: MySpace.

During the month of April, hackers plan to expose security vulnerabilities in the popular social networking portal.

The idea behind the planned Month of MySpace Bugs, according to the organizers, is to publish "silly XSS/misleading CSS style bugs" that affect MySpace user pages.

But in the end, the only requirement is that all bugs posted as part of MOMBY must have an attached PoC that touches MySpace.com, somewhere. So, browser bugs, Flash bugs, QT bugs, all are fine, even though they're third party. Bugs in MySpace skinning services or whatever is ideal, especially if most users would blame Myspace for the problem.

MySpace has had its share of security hiccups as malware writers and spyware purveyors take advantage of poor coding practices and the willingness of end users to click and accept untrusted executables.

Ever since hacker HD Moore started the MoBB (month of browser bugs) project last July, we've seen copycat projects exposing security holes in OS kernels, the Mac OS X ecosystem and flaws in the the PHP scripting language.

[UPDATE: March 16, 2007, 2:37 PM] Chances are this is a hoax.  April 1st start date, etc.  The organizers, responding to an e-mail query, insists it's real.  Who knows?  Take with a grain of salt.

Topics: Social Enterprise


Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.