A few weeks back I posted this blog entry predicting that QuickTime embeds would be used for upcoming MySpace worms and other evilness. Sure enough, ten days later I broke the story of the latest worm to hit MySpace. After my buddy PaperGhost wrote about it on his personal and company blogs it exploded all over the interwebz.
The cleanup process has been laughable at best so far. Brian Krebs over at the Washington Post slammed Apple and MySpace for the “yes, we is be retarded” move of having MySpace distribute a patch for QuickTime. And, MySpace has been playing the blame game by insinuating that Apple is at fault for the worm.
When I first saw headlines with MySpace blames Apple in them, I thought they were unfair. Sure, there were articles floating around that mentioned MySpace had asked Apple for a patch, but there wasn’t any real finger pointing going on. Then, I read MySpace Tom’s blog where he urged people to download the temporary QuickTime patch. The very first line of it read: “the security problems this weekend were related to a hole in activex quicktime installer”. Besides being factually incorrect and downright retarded sounding (what exactly is a “hole in activex quicktime installer”, lolz), it sure got one point across: “it ain’t our fault, it’s a screwup in QuickTime”.
I updated my original entry here and posted a blog on MySpace about Tom’s finger pointing. A few minutes later I stumbled across a blog entry by a MySpace employee who also did some finger pointing. My MySpace blog made the rounds on MySpace and PaperGhost’s blog entry about that employee’s blog landed on Digg’s homepage. Needless to say, MySpace looked like a bunch of clowns in front of the whole interwebz.
The result?
MySpace Tom edited that first line of his blog entry (update: the blog entry was deleted). It now reads: “the security problems this weekend were related to a people exploiting a feature in QuickTime”. Although that sentence is a grammatical nightmare at best, it’s factually correct. Now, if someone would only explain to him that images uploaded to the net shouldn’t be 2461.91 KB in size.
/Pwned…
—
In related news, I signed into my MySpace via IE7 today to see if I could get that IE-only patch to finally install. Still no dice.
Related Articles
4 brave souls have commented on this post
That’s because that JPG is actually a BMP.
What a moron. I can’t even get MySpace to cancel my account.
I hate tom!!!
Wow… they’re incompetent….
Yeah, sure. It’s a hole in ACTIVEXQUICKTIMEINSTALLER! Where to begin? The obvious starting point is that ActiveX is, of course, a MICROSOFT technology, not an APPLE technology. There’s no way an Apple product would have ActiveX. The second thing is that part of the security hole is likely to be IE. My question is, “Why do people still use IE on MySpace?” Unfortunately, I have some friends that the only contact I have with them is through MySpace, so I must keep my account. Long ago, I switched to Firefox + AdBlocker +NoScript. MySpace is completely worthless, especially with all the ads. AdBlocker rectifies that. And I have NO idea why people don’t surf with NoScript. Since the scripts were from a domain outside of MySpace, NoScript would, by default, block them! Seriously, most people I’ve met have no tech sense, Tom included.
Speak Your Mind