Check this out, there’s a profile with a Gucci bag spam comment from Tom.
I’ve seen fake Tom comments, bulletins, blog entries, and forum posts on MySpace a zillion times. The better ones use various CSS / HTML hackery to make his avatar link back to his real profile and everything. So, it’s not uncommon for MySpace users to think that spam is being posted from Tom Anderson’s real account. The guy who sent that message over isn’t an eTard though, so I checked out the profile in question via the blog that first posted the link.
After looking over the source of that page, I can assure you that the comment spam was posted from Tom’s real account.
Jim and James over at HotOrNot.com just made some major changes…
Just wanted to drop you a note to let you know that we’ve made HOTorNOT free! You no longer need to buy a star membership in order to write your double matches ;)
We’ve made a lot of changes to the site recently and much more is in the works. So if you haven’t been on in a while, log back in and check it out!
The free as in beer thing was inevitable with all the social networking sites now. The only surprise was that it didn’t happen sooner. The “lot of changes” line piqued my interest enough to log in to see what was up though. That’s where I found the huge surprise: a site finally managed to be less secure than MySpace. Seriously, it’s that bad. The new Hot or Not is wide open to massive spam campaigns, XSS worms, and all sorts of tomfoolery. It is nothing short of being the Script Kiddies and Spammers Paradise of the moment.
After giving myself a two minute self tour, this is what I discovered and was able to do:
The “lot of change” that opened the flood gates is their new “Super Profiles”. There’s nothing really super about them. They are just profile pages with some extremely basic social networking features. Just like in MySpace Land, the user customization is where it gets ugly.
* Links which are not safe for viewing at work are marked as “NSFW” *
The gist:
My buddy Rudy runs one of the many porn site YouTube clones, xxxuploads.com (NSFW). On Easter Sunday he woke up to all sorts of fun. His two media servers had been hacked and over 7500 videos were deleted. The only thing left on those subdomains were index pages entitled “STOP PORNO” with the below message and Muslim Prayer Call video embedded from YouTube:
In the name of Allah, Most Gracious, Most Merciful
No big deal. He could surely just restore everything from his backups, right? Wrong. His admin set them up wrong, so nothing had ever been backed up. Well, couldn’t he just do a restore? Nopers, those boxes were setup with ext3 filesystems. So, he had to start from scratch and all the sites that have pre-hack videos embedded from his site are screwed.
How it was done:
The sysadmin went through the logs and there was no evidence of anyone logging in via SSH or anything like that. His best guess is that they gained FTP access via a proftpd exploit.
There’s a huge difference between harmless internet trolling (which some retards consider art) and being a senseless, heartless, steaming pile of shit to people who are grieving. I just got a message on MySpace from my buddy Chelly about the latter…
I’ve emailed customer service before, and they seem unwilling/unable to care/do anything. whatever… i sent them an email earlier today, but i doubt they even read it.
i looked up one of the victims of monday’s massacre, and in her blog comments, found two posts i just couldn’t believe. yeah “freedom of speech” is great, and all that, but some things are just *morally* wrong.
any ideas? i just can’t stand the thought that this girl’s family might log in and see those comments. Here u go, check ‘em for yourself:
*Links removed (no sense in pointing other retards in that direction)
Seeing that Zango (I’d link to their Wikipedia article, but they keep editing it themselves) was a member of the Better Business Bureau was a big laugh from get-go. I came across that tidbit of info back in November when I saw a BBBOnline Reliability Program seal on Seekmo – one of Zango’s properties. Doing a quick search on TheBBB.org revealed that Zango was in fact a member back then. Not just regular members though, those asshats were in the President’s Club of the BBB!
“We’re beginning to wonder whether George Bush is going to get around to declaring in a State of the Union speech that Zango belongs to the Axis of Evil.”
- The Guardian
How exactly does a company with such a super-duper-scumtastic reputation gain membership to the BBB? And, what retard over there approved their application for the President’s Club? It’s not like they hadn’t already been outed for being downright thieves and interweb hoodlums while operating under the name 180solutions.