Want to know something cool?

One point of view, taking note of sundry "cool" things that affect-- or could affect-- the education business.


Monday, August 28, 2006

Dramatic MySpace Vulnerability Exposed, Closed

Members or readers of social network site digg.com are today engaging in some self-congratulation. Seems the "digg effect" was in play Sunday, whereby a digg user posted a blog post about a major security hole in MySpace. Turns out, all you had to do was append a few letters to the end of a "private" MySpace url and you could see everything that was intended to be password-protected. In other words, "private" was really public, with the simplest of hacks. Literally all you had to do was enter a few characters at the end of the url in your browser; this is something anyone could have done, and probably "anyone" was doing it.

Apparently the vulnerability was originally discovered in April of 2006, and was-- allegedly-- brought to the attention of MySpace administrators. But it took something of a wake-up call to get the MySpace techies mobilized, it seems. After months of inaction, someone posted the details of the vulnerability on digg, where the story received thousands of diggs (votes) and which doubtless generated hundreds of hits to MySpace to try the hack. The story appeared on digg on August 27.

By the following day, the vulnerability had been plugged, at least temporarily, by an abashed MySpace. Digg users, naturally, claim credit for bringing focus to the issue and forcing MySpace to do something about it. There isn't an obvious mention of the issue on the front pages of myspace; it's unclear whether there's any way to tell if a user's "private" content was viewed by someone using the exploit.

This is yet another example of the potential "dangers" of online social networks, but it's also a great example of how another social network (digg) was able to rally their user base and create a positive outcome. While it's scary that lots of private data may have been compromised, it's also good to know that there are enough "good guys" out there to rally around an issue that needs attention, and bring about a resolution (however belated). Let's hope the diggers and other networks like them keep a weather eye open for John Q Public. And for heaven's sake, PLEASE be smart about what you post to your online presence-- even private stuff is likely to be viewed by people you don't know. Be smart, and don't post anything online that you wouldn't put on a billboard along a major highway.

Source ...

digg this post


Post a Comment

Links to this post:

Create a Link

<< Home