With equal doses of satire and self-denigration, two anonymous hackers announced a plan last week to make April a month of daily MySpace vulnerability disclosures.
The duo--who use the online names "Mondo Armando" and "Müstaschio"--outlined the plan to release daily flaws in MySpace's online social networking software on their Web site, while poking fun at the whole Month of Bugs phenomenon. Calling the effort MOMBY for "Month of MySpace Bugs, Yuss," the two hackers stated that the effort is less motivated by security concerns and more designed to head off thoughts of any future Month of Bugs projects.
"If it ends up being just as lame as the Month of Apple Bugs, then we haven't really missed the mark," wrote "Mondo Armando" on the site. "If it's funnier, then great. If it kills this Month of Whatever fad, then hurray for everyone, it's over."
The effort, if indeed it happens, will be the fifth Month of Bugs in the last year. In July, security researcher HD Moore started the trend with a Month of Browser Bugs, in November came the Month of Kernel Bugs, followed by the Month of Apple Bugs in January and the Month of PHP Bugs in March.
Beseiged MySpace has become a popular target for security researchers and malicious coders. Two Web worms have infected users of the social-networking site: The Samy worm spread quickly in October 2005 and the Quickspace worm wended through the company's servers last December. MySpace has also come under fire over fears that sexual predators are using the site to find young victims online and has irked security researchers with some of its aggressive tactics.The Month of MySpace Bugs will focus on relatively easy to find cross-site scripting (XSS) vulnerabilities, the hackers said. XSS flaws were by far the most common software vulnerability found in 2006.
Posted by: Robert Lemos