Not just words yelled by boys to one another on a school playground anymore but it may be true if your mom has a Myspace account.
A bug discovered over the past few months and finally fixed last week exploited a backdoor in the design of MySpace that allowed anyone to see your photos, even in private profiles. Third party websites started popping up when the bug was first discovered making it even easier to exploit the bug and view photos. To no surprise, many of the sites sold themselves as “voyeur” and pedophile type sites focusing on viewing photos in private profiles of MySpace members under 18. By default, a profile owned by a user under 16 is set to private. According to MySpace, this should allow only MySpace friends you allow access to the ability to view your profile information and photos.
The exploit was mainly targeted at MySpace users who have their profiles set to “private”. Clicking on the photo link of a private profile should normally give non-friends this message, “This profile is set to private. This user must add you as a friend to see his/her profile.” But using this exploit anyone with or without a MySpace account can access the photo by replacing the friend ID in the URL with the friend ID of the user whose profile they are trying to view.
The only users safe from this exploit are those who specifically set their MySpace photo galleries to private in addition to their profile security settings. This comes at a bad time for MySpace. Though this exploit didn’t just target underage users, MySpace had already been under a microscope for other pedophile related investigations. MySpace had reached agreements with 49 state attorney generals this week that was hopefully going to bring agreements to allow MySpace to make it’s site safer for underage users.
This exploit has been around for over 3 months now. MySpace shouldn’t have been in the dark on this issue. I can understand a company not being aware of a zero day exploit or maybe even a first week exploit, but 3+ months? Not only has it been circulating around message boards this entire time but (ad driven) 3rd party websites have been profiting off this exploit and making it easier to view private photos and profiles. You think with all of this going on SOMEONE at MySpace would have jumped on this and fixed it. This shows MySpace still has a long ways to go before users, parents and government agencies can trust MySpace to do a proper job of ensuring the safety and privacy of it’s users.
Kevin Blanchard MySpace, social networking
It seems your friendly neighborhood eye in the sky [the NSA] has made it into the news not once but twice in the past month or so.
Recently New Scientist Tech had an article about how the Pentagon’s National Security Agency is setting its sights on social networking websites. Now to others already in the security field, this is a “well duuuh” moment. The best piece of advice I ever heard someone give to a friend who had recently discovered the “internet” was “don’t put anything on the internet you don’t want everyone in the world to know.” Truer words were never spoken. Now I am not saying secure data is impossible over the internet. I mean if that was the case, guys like me would be out of a job,lol. But… for your average user of social networking sites, it’s a fair assumption that it’s out in the open and more then likely, people are putting information about themselves, their wild weekends, etc without realizing the full scope of their actions. As I said, if you are already in the security or privacy mindset it’s a “well duuuhh” statement. To most users, they just don’t think that way. I am hoping with blogs like mine and others like myself that we can help educate average users and hopefully put them more in a mindset where they think before they post. Whether it be the government, a hacker, or maybe that creepy guy from the bar you refused to give your number to, do you really want them having access to everything you post on your myspace page? Most people put that information up assuming that the only one who would be interested in that info would be other friends or [insert average 16 year old girl myspace user] *giggle* that cute boy from home room with the dreamy eyes. You get the idea. I think it’s up to all of us to help educate these people and remind them to think twice before posting personal information on these sites. Read over the article, it’s a good read.
New Scientist Tech also had another article. Last month, people were amazed (well some people *snicker*) when it was revealed that the NSA has been collecting records of domestic and business phone calls since shortly after the terrorist attacks of 11 September 2001. I will not go into detail too much on this one. The article sums it up nicely, plus it starts walking that line between keeping this blog technical and not discussing topics relating to any particular political view. This is more of a “discuss with friends” or a topic to let marinate in your head a bit and draw your own conclusions. I will mention that the NSA has been collecting this info WITHOUT (WIRETAP) WARRANTS, a step deemed necessary after 9/11 by some. In fact, some in the current administration seem to think that this should become more of a standard as they feel current wiretap laws are insufficient in this post 9/11 America. Where do we draw the line? Decide for yourself.
Kevin Blanchard NSA, social networking