GhettoWebmaster.com

Another good idea is proving to be problematic when put into action on MySpace. They have an image filtering solution in place which (in theory) converts TOS violating images into a little image which simply has the text “Terms of Service Violation” on it. It does so by checking urls within image tags against a blacklist and replacing blacklisted image urls with the url to their TOS image.

Example:
If a MySpace admin adds http://www.ghettowebmaster.com/images/naked-dead-hooker.gif to the blacklist…

this…
<img src="http://www.ghettowebmaster.com/images/naked-dead-hooker.gif" />

will be converted into this…<img src="http://x.myspace.com/images/tos.gif" />
…every time someone attempts to post it.

All instances of the original image posted before the url is added to the blacklist will remain as-is. The only exception to this is instances of the original image posted as part of a profile. In that case, the image will remain as-is until the profile is updated.

This system is currently filtering images on profiles, profile comments, groups, forums, and picture comments. MySpace blogs and their comments are still free from image and url filtering.

Good idea, right? I’ll gladly argue you into the ground if you think otherwise. So, where’s the problem? Many of the computers used by MySpace admins are infected with a serious case of the PEBKAC Virus. For those of you that don’t know and are too lazy to click that last link, PEBKAC is an acronym which stands for “Problem Exists Between Keyboard And Chair”. Some of the MySpace admins are being insanely overzealous with their magical image censorship wands.

— FAIR WARNING —

*** Scrolling Further Down Will Reveal Images MySpace Has Deemed Obscene ***

— FAIR WARNING —

*** The Below Makes Cable TV Look Like Hardcore Porn ***

— FAIR WARNING —

*** [Insert Something Witty Here] ***

— FAIR WARNING —

*** [Insert Something Here That Makes You Question My Comedic Ability] ***

— FAIR WARNING —

*** [Insert Something Here That's Hilarious When Coupled With That Last Line] ***

— FAIR WARNING —

………………………………..

……………………….

………………..

…………

…….

….

Blacklisted Image URL:

http://critiquesdemusic.canalblog.com/images/Nirvana_Nevermind_Front.jpg

Image Hosted There:

I have to agree with Kurt on this one…

Geffen prepared an alternate cover without the penis, as they were afraid that it would offend people, but relented when [Kurt] Cobain made it clear that the only compromise he would accept was a sticker covering the penis that would say “If you’re offended by this, you must be a closet pedophile.” – Wikipedia

Blacklisted Image URL:

http://img59.imageshack.us/img59/6387/velveeta7an.jpg

Image Hosted There:

That’s not an old ad by Kraft. It’s a piece by artist Mel Ramos from 1965. He was part of the artistic movement from which Andy Warhol is most famous.

The above examples were posted in this group thread.

Another Filtered Image:
I don’t have the blacklisted image url for this one.

I had an image on my profile that someone apparently took offense to, so MySpace replaced it with their “Terms Of Service Violation” picture (a gif that says Terms Of Service Violation in black letters on a white background…

Oh, I forgot to mention a couple of things about the picture. It was of a painting of Eve and the serpent representing the beginning of sin, and was in fact called “The Sin” (Die Sünde in German). It was painted by the German artist Franz Von Stuck in 1893, and is currently located in the Neue Pinakothek, a museum in Munich, Germany. The museum describes itself as, “the Neue Pinakothek is now the most important museum of art of the nineteenth century in the world”. – RaScarabous

Modern Nipples However Are Not Obscene:
What was the most popular MySpace blog entry on May 26 of 2007?

I’m glad you happened to ask…

I got a bunch of messages that day from people bitching about a nipple making an appearance in those “Hot Preview Pics”. MySpace surely got a bunch of messages about it too. They have always turned a blind eye towards the Suicide Girls though. Why? Those chicks all have TONS of friends on MySpace and produce thousands upon thousands of page views everyday. So, it’s a money thing. And, the Suicide Girls are one of the many things that helped MySpace build up traffic / members in the first place.

The picture in question is still posted on that “blog entry” (ad for their softcore porn site).

Not That It Matters:
I really don’t know why anyone would bother but the filtering can easily be circumvented. The blacklist is comprised of strict urls, so simply adding a “www” prefix to the Nirvana album cover got it through. Tossing one (or several) extra backslashes into a url will also do the trick…

http://www.ghettowebmaster.com//////////images//////naked-dead-hooker.gif

In Summary:
I think the image filtering solution is a good idea. MySpace just needs to police / train their admins better and only filter images which blatantly violate their TOS.

…yet their blog entry about this missed some key points. And, it’s odd that they were reluctant to post all the information on their findings: full urls, search strings used to get those numbers, the “certain social networking site” in question when they were clearly writing about MySpace, etc. Such cloak and dagger stuff isn’t productive and it caused legitimate confusion among other security researchers. Silly Symantec.

The Basic Gist:

• URLs on some nondescript numeric .cn domains (91872802.cn, 5187622.cn, etc) are being used as landing pages for a phishing campaign on MySpace.
• The urls are structured via subdomain usage in a way so that they mimic legitimate MySpace profile urls with the second-level domain / numeric portion serving as the spoof MySpace friend ID number…
  Real profile url structure:
  profile.myspace.com/index.cfm?fuseaction=user.viewprofile&friendid=[ID #]
  Fake profile / phishing page url structure:
  profile.myspace.com.index.cfm.fuseaction.user.viewprofile.friendid.[.cn domain]
• Said urls are posted (typically as text) along with some teaser text in the comment section of MySpace user profiles from accounts on their friend list which have already been compromised.
• Besides hosting the spoof login pages, those urls are packed with some other nasty exploits aimed at fuckerizing (technical speak :P) a visitor’s PC.

Key Points Symantec Missed:

• By posting the urls as text (forcing users to cut and paste them into their browser’s address bar) this phishing campaign slips right past MySpace’s (thus far extremely ineffective and counterproductive) link filtering and external link warning page nonsense.
• The bad guys have sank to a whole new yet extremely effective level with varying teaser text suggesting that the link goes to the profile of a recently deceased MySpace user…

  

  Such text is sure to generate more interest in the spoof login url from passersby who are stalking taking a look at someone’s profile.

• There is a slight variation going around where that it’s an actual link using a properly structured MySpace profile url as the anchor text. And, it completely circumvents MySpace’s filtering and external link warning when clicked via one of many methods currently being employed by MySpace spammers.

  Example:
  http://profile.myspace.com/index.cfm?fuseaction=user.viewprofile&friendid=[ID #]

  In action, the above link would contain some extra code which allows it to be posted on MySpace without being converted into a msplinks.com link (MySpace’s lackluster url filtering solution). By default, this also bypasses MySpace’s new external link warning:

  

  Since MySpace users are accustomed to external links being converted into MSPLinks.com links and having to pass through that new warning page, malicious links coded to circumvent those systems appear to be legitimate internal MySpace urls.

• Some might argue that the urls posted as text cannot be as effective as clickable links since they require a MySpace user to cut and paste the url into their address bar. This is true to a point but MySpace’s insanely glitchy link filtering solution regularly filters non-malicious urls. This has created an environment where that some MySpace users familiar with this issue simply post urls as text to avoid any possible filtering. So, many users are now accustomed to copying and pasting urls posted as text.

Symantec’s Numbers:
They got their “more than five million” figure by simply doing an internal MySpace search (powered by Google) with “profile.myspace.com.index.cfm.fuseaction.user.viewprofile.friendid.” (with quotes) as the search string. When I did the same search the results were numbered at 5,490,000.

In Summary:
MySpace’s ill-fated security measures are adding perceived legitimacy to this widespread phishing scheme. Symantec left a bunch of security researchers scratching their heads by posting an oddly goofy blog entry. And, ninjas are freaking awesome.

I’m insanely ill at the moment so excuse any typos and whatnot. Here’s the skinny…

1. I booked a round-trip flight with US Airways to spend my birthday with the girlfriend.

2. On Saturday morning (Feb 2) I woke up feeling like absolute shit. Body aches, chills, and a fever which broke 104 at one point. I was supposed to be leaving the next day so…

3. I called US Airways and rescheduled my flight home for Wednesday (today). There was a $20-ish price difference for the new flight. And, they were waiving a $100 fee normally associated with changing your flight.

4. My girl brought me to the emergency room where they pooh poohed my I have Pneumonia theory. They said it’s a “viral illness”. So, it’s a common cold on steroids kinda thing and is contagious.

5. Wednesday is here and I’m still in bed. My girlfriend is sick now too. I called US Airways to see about getting the flight rescheduled again. I was told that the $100 fee could not be waived a second time. I asked if they’d rather knowingly have someone with a contagious illness on two of their flights today. That question was met with silence. So, I asked if a manager could override the charge. After being placed on hold I was told once again that they wouldn’t override it… “Well, I’ll see you guys later today.”

If they were dealing with flights that were near capacity I would be more sympathetic. That’s not the case though…

So, what should a ninja do???

Update (5pm):
In spite of all the votes saying I should catch that flight and cough on people, I’m simply going to book with a different airline once I’m feeling better.

Sometimes when I’m alone, I Google myself. I have no shame. :P

I’ve seen duplicates in the SERPs before, but a search this morning left me scratching my head with a dumb look on my face. Results number 10, 20, 30, 40, 50, and 57 are all the same for the term “ghettowebmaster” at the moment:

WTF?