Hackers begin ‘Month of MySpace Bugs’

By Megan Kelly

Two hackers who call themselves Mondo Armando and M staschio plan to reveal security vulnerabilities in the popular social networking Web site MySpace every day this month for a project they call the “Month of MySpace Bugs.”

“The purpose of the exercise is not so much to expose MySpace as a hive of spam and villainy (since everyone knows that already), but to highlight the monoculture-style danger of extremely popular Web sites,” said Armando in an e-mail interview with Macworld.com.

Since April 1, the hackers have published one bug a day on their LiveJournal for other hackers to use to their advantage. They plan to mainly publish cross-site scripting (XSS) bugs, which can crash computers and steal personal data.

University students have to use common sense and caution when using electronic devices, said Michael Corn, the director of security services and information privacy at Campus Information Technologies and Educational Services.

“There is a huge number of students here who use MySpace,” Corn said. “They may have high privacy settings on their sites and think they are safe. However, if there is a security problem and a hacker breaks in, every user’s account has the potential of being hacked regardless of security.”

MySpace estimates that over 150,000 of the site’s user names and passwords have been stolen since October 2006. If the “Month of MySpace Bugs” is successful, identity thieves will have an even easier time obtaining users’ personal information.

“That’s unfortunate to hear,” said Morgan Zeeb, a junior in AHS. “It upsets me that this is what the world is coming to. It’s so childish, ridiculous and sad.”

Corn urged MySpace users to go to their profiles and review the information they’re sharing.

“You have to ask yourself, ‘If my data is exposed to organized crime or even just to malicious teenagers, will I have a problem?'” Corn said.

Matthew Hofner, a freshman in LAS, recently deleted his MySpace.

“I always knew MySpace was vulnerable and not a totally safe place for my identity,” Hofner said. “I mostly deleted it because it wasn’t worth the risk.”

MySpace users are not the only people who need to be concerned about safety. Although the hackers’ target is MySpace, students who use Facebook, Friendster and other social-networking sites should exercise caution as well.

“If I were a hacker and someone told me of a weakness on MySpace, I’d see if Facebook had the same weakness,” Corn said. “There could be a ripple effect.”

Corn, along with CITES Security, will continue to watch over the “Month of MySpace Bugs” closely for potential security threats. However, even if new dangers do not appear, it is still important for people to protect their identities and to limit or minimize the personal information displayed when using the Internet.

“Every employer I know checks MySpace and Facebook for individuals before they hire them,” Corn said. “If there is a picture of you and your friends drunk on spring break, that may be the first impression your future employer will have of you.”