MySpace Quietly Fixes Bug that Gave Voyeurs Access to Teens' Private Photos
MySpace Quietly Fixes Bug that Gave Voyeurs Access to Teens' Private Photos - Via Threat Level:
I reported yesterday on a bug in MySpace's architecture that allowed strangers to peer inside the MySpace photo galleries of some private profiles, despite assurances from MySpace that those pictures can only be seen by people on a user's friends list.
The bug had been around since at least October (Thanks to Rose for tipping me off), during which time it had been gleefully exploited by voyeurs, hackers, entrepreneurs and lechers; you can find pages and pages of public message board comments around the web in which posters are peeking in on 14 and 15-year-old girls and sharing what they find.
Ad-supported web sites with names like Can't Hide and MySpacePrivateProfile.com emerged to earn a buck off the glitch. One such site reports that its users have accessed, or attempted to access, 77,000 private profiles -- 3,000 of them today.
While all this going on more-or-less in plain sight, you have to wonder where MySpace's safety and security team was. Was this glitch that hard to fix?
Apparently not. Barely 24 hours after my story hit the front door of Wired.com, MySpace has, without comment, closed the backdoor, and the websites that were exploiting it are no longer delivering private photos. That seems to leave just two possibilities:
- MySpace didn't know this was going on before.
- MySpace knew about it, but didn't take action until the press noticed.
I'll have more next week.
See Also:
- MySpace Bug Leaks 'Private' Teen Photos to Voyeurs
- More Charges in MySpace Cyber Stalking Case
- Convicted Hacker Charged With Extortion After Attack On Model's MySpace Account
- Federal Grand Jury Issues Subpoenas in Teen Cyberbullying Case
- 29,000 Sex Offenders Found on Myspace
- No Charges Will Be Filed In Cyberbullying Case
- MySpace to Purge Sex Offenders
(Read Original Article - Via Threat Level.)
Recent blog posts
- In Bid to Sway Sales, Cameras Track Shoppers
- Unprecedented 25-Year Sentence Sought for TJX Hacker
- EFF Appeals Dismissal of Warrantless Wiretapping Case
- Viacom Makes Its Case Against Yesterday's YouTube
- Obama supports Senators draft plan to rework U.S. immigration policy - Includes National Biometric ID card for all.
- Domain Names Can't Defend Themselves
- Hacker Disables More Than 100 Cars Remotely
- Judges Approves $9.5 Million Facebook ‘Beacon’ Accord
- Hooking Up The Big Brother Machine... And Fighting It
- Court: State Can Dump Non-Sex Offenders Into Registry