Hackers Promise Month of MySpace Bugs

Two hackers, known as Mondo Armando and Müstaschio, don't want to disclose their real names but promise to begin disclosing security vulnerabilities in MySpace, every day in April. "The purpose of the exercise is not so much to expose MySpace as a hive of spam and villainy (since everyone knows that already), but to highlight the monoculture-style danger of extremely popular websites. We could have just as easily gone after Google or Yahoo or MSN or IDG or whatever. MySpace is just more fun, and is becoming notoriously [obnoxious] about responding to security issues," wrote Mondo Armando.

The MySpace hackers launched their project late Thursday expressing simultaneous enthusiasm and disdain for the task ahead. They intend to primarily publish cross site scripting bugs, which can allow an attacker to execute malicious script within a victim's browser, but they may also publish bugs that affect browsers or technologies like Flash or QuickTime. Although there are sceptics on what will happen on April Fool's day, based on the duo's blog it appears they are serious about the task at hand. Who wants to take bets on the number they'll find in the first month?

View: Mondo Armando and Müstaschio's Blog
News source: PC World

Report a problem with article
Previous Story

Intel Outlines Latest vPro Platform

Next Story

Vehicle warning system trialed

39 Comments

Commenting is disabled on this article.

What is funny is those people with all the "customized" layouts and "index" pages with over 6-10 Mb of useless things like fifty links to youtube, the bundled mp3 player playing a song in the background and ten thousand images popping on your screen... it is really annoying

Interesting, lets see what the duo can come up with

My space= kiddie lover's playground

I hardly ever go on it, some of my friends have one but, I am not into it. I would like to see some jokes on April fools day, that'd be funny.

You wanna know whats funny about all (most) of you people? You don't seem to understand that, being a website for geeks, of course we all understand that there are a million different better alternatives to myspace. Yes, myspace is a buggy, laggy, spam infested hole of a social networking site; but you should realize that obviously the majority of people don't care. There are people who have myspaces that barely even use computers. I was amazed to learn that pretty much everyone I know at work that are nearly computer illiterate still manage to set up on myspace *and* customize their sites with music, themes, etc. Do you think people like that comprehend how truly terrible myspace is? Do they care? They don't know any better. But just look at the sheer number of people that use myspace and it blows everything else out of the water.

And sure, if you're adding completely random people as friends, you are probably going to be adding a lot of weirdos and pedophiles. Just stick with people you know. Hell, the only real reason I use myspace is simply for the fact that practically everyone I know has one, and its just one more way of keeping in touch.

I like the way the guys are dressed like the Beastie Boys from the music video Sabotage.

It's advertising, look at their names, look at their blog, go read it.

I creased up reading their blog.

I highly dislike the site; but I find the artist pages are pretty cool sometimes. New music. It's been over a year since I deleted my account there though.

cool i hope they blow that site away lol.

i never used it myself although my sister does and so do some of my cousins etc.

i just think it's a bloated site in general this is a BIG reason i dont like it, plus it's just crappy looking and non profesional looking... plus i HATE how people put MP3's in there damn website, just bogs down the internet connection even more. ... but i guess the bottom line as to why it's popular is cause it's fairly easy to use and it just works in terms of letting people share pictures chat etc.

me personally i just prefer actual chatting programs like AIM-MSN-YAHOO (well GAIM is what i use) .. to talk to people online.... and if i need to upload a pic or something i just use imageshack.us etc.

i guess i dont really care what happends to myspace.... but it's like someone said instead of those hackers trying to do it to make people take security more seriously im guessing there doing it for the fame .. which is a bad thing.

Why is it that neowin says

We could have just as easily gone after Google or Yahoo or MSN or IDG or whatever.

and http://momby.livejournal.com/ says

We could have just as easily gone after Google or Yahoo or MSN or ZDNet or whatever.

Does neowin not like ZDNet or something?

I use myspace to talk to all my buddies during breaks and what not, with over 270 of them I know, it's kind of hard to keep in touch. I hope myspace does get rid of the spammers, fakes, and all that good stuff.

Myspace, in all honesty, really isn't a good site at all. Hendrix only knows how such a shotty site ended up becoming this bed of cultural B.S. It's lame, its design isn't uniform. Its interface isn't useful. It isn't customizable. It just sucks.

So more power to these people.

It's an excellent site (albeit not executed in the best of ways). That's why it ended up so popular. It's EXTREMELY customizable (which is a huge part of its issues), and it's very useful for getting in touch with your friends.

I take it you've never used it.

Oh, and I am a web developer, so don't think I'm praising the way it works.... I'm just saying that it does a great job at helping people get in touch with others, which is what it was made for.

pixels said,
It's an excellent site (albeit not executed in the best of ways). That's why it ended up so popular. It's EXTREMELY customizable (which is a huge part of its issues), and it's very useful for getting in touch with your friends.

I take it you've never used it.

Oh, and I am a web developer, so don't think I'm praising the way it works.... I'm just saying that it does a great job at helping people get in touch with others, which is what it was made for.

The design is lousy period, I have been a programmer, coder,developer for 25 years it sucks. But the main problem is their security is lousy and the site will continue to have issues untill they fire their i.t. team and hire a real network security engineer along with people who sit and look and find bugs daily in the code. THat would be their only job. companies used to do that now with trying to save all the bottom line profit margins you end up with bloated sites with loust design and even worse security enough said.

pixels said,
It's an excellent site (albeit not executed in the best of ways). That's why it ended up so popular. It's EXTREMELY customizable (which is a huge part of its issues), and it's very useful for getting in touch with your friends.

I take it you've never used it.

Oh, and I am a web developer, so don't think I'm praising the way it works.... I'm just saying that it does a great job at helping people get in touch with others, which is what it was made for.


OH MY GOD! You're a web developer and you think that MySpace is "EXTREMELY customizable"? How long have you been a "developer"? 1 month? 2 months?

I barely know anything about being a developer. Only some stuff I tried to teach myself a few years ago. But even I can see how completely screwed that site is by them making it soo customizable.

It's also true that it's mostly kiddies and pedophiles on there looking for those kiddies

Krome said,

OH MY GOD! You're a web developer and you think that MySpace is "EXTREMELY customizable"? How long have you been a "developer"? 1 month? 2 months?

How is putting in your own CSS not customizable? It's far too customizable to the point where it creates problems.

I've been a designer and developer for over 3 years now, thank you. I think I know what I'm talking about.

mircleman said,

The design is lousy period, I have been a programmer, coder,developer for 25 years it sucks. But the main problem is their security is lousy and the site will continue to have issues untill they fire their i.t. team and hire a real network security engineer along with people who sit and look and find bugs daily in the code. THat would be their only job. companies used to do that now with trying to save all the bottom line profit margins you end up with bloated sites with loust design and even worse security enough said.


Hence the fact that I said I wasn't praising the way it works. And I never praised its design. I said it does an excellent job at what it's meant for, which is connecting people and letting them communicate with one another. You can't argue against that.

No the article has that exact question, for the first month... Funny thing is it states earlier that they'll find one per day... April has 30 days, so it's safe to guess 30

I dont care too much about MySpace, but it would be totally funny to see it get blown away. Thats got nothing to do with meaning of life, just appreciation of a damn good laugh.

There are alot of fake people on myspace.. and alot of people that think myspace is heroin for teens (need it everyday) and also.. believe it or not, there are some .. SOME decent people on myspace. But at the end of the day.. who really cares, its just a social networking site.

It's another.. use it or ignore it thing i believe.

I'm confused on whether people like this want the fame or just want companies to take security more seriously, sadly I'm leaning to the former rather than the latter.