This is a repost from my MySpace blog. The only reason I posted it here also is the tidbit of info I added at the bottom.

MySpace still thinks it’s a sweet idea to let every freaking employee run around with “delete user privileges”.

“If you give rank-and-file employees the power to delete profiles, it’ll fuck everything up,” [LoLo] said. - XFanz

This account has been deleted / restored three times over nonsense. Kevin from Pointless Banter went through the same BS once.  And, my future ex-wife friend Alyssa currently has the record with somewhere around 10 trillion deletions / resurrections. Countless others have been deleted and had to start over with new accounts or just say “Screw you guys, I’m outta here”.

Here’s the latest “we is do be the stupiderest” deletion made by what had to be a regular rank and file kid over at MySpace….

continue reading "MySpace “employees” still deleting user accounts left and right"

The not-so-cute image to your left has been spammed all over MySpace via comments for months now. It’s generally posted from legit accounts that have been phished. And, it’s hyperlinked to a php file that prompts a person to download a payload of evilness when clicked. My buddy PaperGhost has dissected this toad three times now. Why three times? Asshats like to change up the payloads of poo they’re spreading from time to time. Zango and all sorts of other craptastic (technical term for “Evil Evil Bad Bad”) stuff has been bundled in this download every time. As an added bonus, it has a neat little thing built into it to phish your MySpace account info so it can spam itself from your account.

Bottom line: When you see it, you should “Run, Forrest! Runnnn!”.

PaperGhost’s latest dissection:
ProfileWatcher: The Saga Continues

Random tidbit:
The Department of Defense started blocking access to a ton of social networking sites and whatnot. So, our boys and girls over in that dreaded sandbox can no longer visit MySpace, YouTube, etc… They claim that this is being done due to bandwidth (money) and network security issues. That’s obviously a big load of BS. Sean from SocialHam.com summed it up pretty well.

Safe guards are important to protect our troops however its pretty clear they are also concerned about stopping the next Abu Grab picture/video leak
~ SocialHam.com

Protect our troops? Yeah, that’s the big one in my eyes. The DoD would have been shunned as assholes if they stated the obvious though… Yes, it’s inevitable that one of our troops would have pulled a retarded Geraldo Rivera move on YouTube or elsewhere.

“Hey Mom, we’re going raid that little village over there tomorrow. Wish me luck!!!1″

I told you so:
Really, I did. From a recent post of mine on MySpace:

Will there still be spam on here?
Yup. You can expect a lot more spam profiles and messages with the whole “You’re Cute!!! My MSN and AIM name is WebCamDoubleDD, hit me up sum time”. So, you can all have more hot sex talk with bots about monkeys.

continue reading "MySpace ‘Profile Watcher’ comment spam and some other stuff…"

Last night The X-Generation of Smileys messaged me with what I assumed to be total BS / lameness…

Check this out, there’s a profile with a Gucci bag spam comment from Tom.

I’ve seen fake Tom comments, bulletins, blog entries, and forum posts on MySpace a zillion times. The better ones use various CSS / HTML hackery to make his avatar link back to his real profile and everything. So, it’s not uncommon for MySpace users to think that spam is being posted from Tom Anderson’s real account. The guy who sent that message over isn’t an eTard though, so I checked out the profile in question via the blog that first posted the link.

After looking over the source of that page, I can assure you that the comment spam was posted from Tom’s real account.

continue reading "Spam Sent From Tom’s MySpace Account"

Jim and James over at HotOrNot.com just made some major changes…

Just wanted to drop you a note to let you know that we’ve made HOTorNOT free! You no longer need to buy a star membership in order to write your double matches ;)

We’ve made a lot of changes to the site recently and much more is in the works. So if you haven’t been on in a while, log back in and check it out!

The free as in beer thing was inevitable with all the social networking sites now. The only surprise was that it didn’t happen sooner. The “lot of changes” line piqued my interest enough to log in to see what was up though. That’s where I found the huge surprise: a site finally managed to be less secure than MySpace. Seriously, it’s that bad. The new Hot or Not is wide open to massive spam campaigns, XSS worms, and all sorts of tomfoolery. It is nothing short of being the Script Kiddies and Spammers Paradise of the moment.

After giving myself a two minute self tour, this is what I discovered and was able to do:

The “lot of change” that opened the flood gates is their new “Super Profiles”. There’s nothing really super about them. They are just profile pages with some extremely basic social networking features. Just like in MySpace Land, the user customization is where it gets ugly.

continue reading "Hot or Not Revamped: Script Kiddies and Spammers Paradise"

* Links which are not safe for viewing at work are marked as “NSFW” *

The gist:
My buddy Rudy runs one of the many porn site YouTube clones, xxxuploads.com (NSFW). On Easter Sunday he woke up to all sorts of fun. His two media servers had been hacked and over 7500 videos were deleted. The only thing left on those subdomains were index pages entitled “STOP PORNO” with the below message and Muslim Prayer Call video embedded from YouTube:

In the name of Allah, Most Gracious, Most Merciful

No big deal. He could surely just restore everything from his backups, right? Wrong. His admin set them up wrong, so nothing had ever been backed up. Well, couldn’t he just do a restore? Nopers, those boxes were setup with ext3 filesystems. So, he had to start from scratch and all the sites that have pre-hack videos embedded from his site are screwed.

How it was done:
The sysadmin went through the logs and there was no evidence of anyone logging in via SSH or anything like that. His best guess is that they gained FTP access via a proftpd exploit.

continue reading "Online Jihad: Porn site hacked on Easter Sunday"