Speak of the Devil...
and hear wings rustle.
It's been another interesting discovery day in the world of Myspace, whom I happened to elude to yesterday albeit on a different point.
I maintain that if I were them I'd be flapping hard, despite how the only way entrepeneurs are directly monetizing them is (to my knowledge) in pushing profile tweaks and lookie-loo webcam sites via fake profiles (areas which unto themselves have some serious coin in them): RSnake's Fierce has revealed now their "Content Take-Down Tool"...
also their Site Admin...
and the location of their Webmail...
and... sheesh. Hopefully they're hiring Engineers as aggressively as they say they're hiring Sales reps. 😛
I really don't know much about Web security or IT but meself, I'd have thrown some spider traps on all this. Also, their public site's robots.txt is surprisingly simple and inviting for the business they're in. There are ton of sites who are spit in the ocean compared to Myspace that are more secure. It wouldn't be hard for them to just let in the major SE bots and feed aggregators and as for the rest of them, well screw 'em, in order to keep out unidentified crawling objects. Up there with Yahoo and Ebay, they're the one of the most visited sites on the Web already, and their brand is one of the most searched-on queries any given week or month. So sure, it would hamper their traffic some but IMHO it would be a small price to pay to sleep easier at night.
Maybe I'm just paranoid... Whenever I register a domain and put the DNS on anything other than the registrar's park page, it doesn't take but days or weeks before some hoser, proxified via the PRC, Turkey, Singapore, The United Arab Emirates or some other place, sends something wriggling through me trying to find vulnerabilities in things that don't even exist yet, i.e. before I've installed any software or databases on the host whatsoever. This moreover sometimes happens before I've published any content or set up any inbound links on the greater Web. That's how aggressive and thoroughly automated some people are.
Anyway, I'm not the only one with misc. feelers out there aiming to keep a finger on the pulse of things from ongoing research, polite observation, and info-power perspectives. So if people like me are becoming aware of this stuff without specifically trying, think what professional hackers are up to right about now with it. My guess: Shifting attention from developing various XSS methods that work on Myspace's public-facing stuff (a handful of which seem to appear monthly) over to targeting their back-end. At this rate it's probably just a matter of time until someone comes up with something that does a lot more damage than what Samy did.
With Web 1.0 hyper-growth was a lot about content management, handling loads on infrastructure etc. ... With 2.0 though, given the new democratic openness and the methods facilitating that, the watchword now is security for sure.
About this entry
- Published:
- 16.01.07 / 3pm
- Category:
- Tools
No comments
Jump to comment form | comments rss