GhettoWebmaster.com

Another good idea is proving to be problematic when put into action on MySpace. They have an image filtering solution in place which (in theory) converts TOS violating images into a little image which simply has the text “Terms of Service Violation” on it. It does so by checking urls within image tags against a blacklist and replacing blacklisted image urls with the url to their TOS image.

Example:
If a MySpace admin adds http://www.ghettowebmaster.com/images/naked-dead-hooker.gif to the blacklist…

this…
<img src="http://www.ghettowebmaster.com/images/naked-dead-hooker.gif" />

will be converted into this…<img src="http://x.myspace.com/images/tos.gif" />
…every time someone attempts to post it.

All instances of the original image posted before the url is added to the blacklist will remain as-is. The only exception to this is instances of the original image posted as part of a profile. In that case, the image will remain as-is until the profile is updated.

This system is currently filtering images on profiles, profile comments, groups, forums, and picture comments. MySpace blogs and their comments are still free from image and url filtering.

Good idea, right? I’ll gladly argue you into the ground if you think otherwise. So, where’s the problem? Many of the computers used by MySpace admins are infected with a serious case of the PEBKAC Virus. For those of you that don’t know and are too lazy to click that last link, PEBKAC is an acronym which stands for “Problem Exists Between Keyboard And Chair”. Some of the MySpace admins are being insanely overzealous with their magical image censorship wands.

— FAIR WARNING —

*** Scrolling Further Down Will Reveal Images MySpace Has Deemed Obscene ***

— FAIR WARNING —

*** The Below Makes Cable TV Look Like Hardcore Porn ***

— FAIR WARNING —

*** [Insert Something Witty Here] ***

— FAIR WARNING —

*** [Insert Something Here That Makes You Question My Comedic Ability] ***

— FAIR WARNING —

*** [Insert Something Here That's Hilarious When Coupled With That Last Line] ***

— FAIR WARNING —

………………………………..

……………………….

………………..

…………

…….

….

Blacklisted Image URL:

http://critiquesdemusic.canalblog.com/images/Nirvana_Nevermind_Front.jpg

Image Hosted There:

I have to agree with Kurt on this one…

Geffen prepared an alternate cover without the penis, as they were afraid that it would offend people, but relented when [Kurt] Cobain made it clear that the only compromise he would accept was a sticker covering the penis that would say “If you’re offended by this, you must be a closet pedophile.” – Wikipedia

Blacklisted Image URL:

http://img59.imageshack.us/img59/6387/velveeta7an.jpg

Image Hosted There:

That’s not an old ad by Kraft. It’s a piece by artist Mel Ramos from 1965. He was part of the artistic movement from which Andy Warhol is most famous.

The above examples were posted in this group thread.

Another Filtered Image:
I don’t have the blacklisted image url for this one.

I had an image on my profile that someone apparently took offense to, so MySpace replaced it with their “Terms Of Service Violation” picture (a gif that says Terms Of Service Violation in black letters on a white background…

Oh, I forgot to mention a couple of things about the picture. It was of a painting of Eve and the serpent representing the beginning of sin, and was in fact called “The Sin” (Die Sünde in German). It was painted by the German artist Franz Von Stuck in 1893, and is currently located in the Neue Pinakothek, a museum in Munich, Germany. The museum describes itself as, “the Neue Pinakothek is now the most important museum of art of the nineteenth century in the world”. – RaScarabous

Modern Nipples However Are Not Obscene:
What was the most popular MySpace blog entry on May 26 of 2007?

I’m glad you happened to ask…

I got a bunch of messages that day from people bitching about a nipple making an appearance in those “Hot Preview Pics”. MySpace surely got a bunch of messages about it too. They have always turned a blind eye towards the Suicide Girls though. Why? Those chicks all have TONS of friends on MySpace and produce thousands upon thousands of page views everyday. So, it’s a money thing. And, the Suicide Girls are one of the many things that helped MySpace build up traffic / members in the first place.

The picture in question is still posted on that “blog entry” (ad for their softcore porn site).

Not That It Matters:
I really don’t know why anyone would bother but the filtering can easily be circumvented. The blacklist is comprised of strict urls, so simply adding a “www” prefix to the Nirvana album cover got it through. Tossing one (or several) extra backslashes into a url will also do the trick…

http://www.ghettowebmaster.com//////////images//////naked-dead-hooker.gif

In Summary:
I think the image filtering solution is a good idea. MySpace just needs to police / train their admins better and only filter images which blatantly violate their TOS.

…yet their blog entry about this missed some key points. And, it’s odd that they were reluctant to post all the information on their findings: full urls, search strings used to get those numbers, the “certain social networking site” in question when they were clearly writing about MySpace, etc. Such cloak and dagger stuff isn’t productive and it caused legitimate confusion among other security researchers. Silly Symantec.

The Basic Gist:

• URLs on some nondescript numeric .cn domains (91872802.cn, 5187622.cn, etc) are being used as landing pages for a phishing campaign on MySpace.
• The urls are structured via subdomain usage in a way so that they mimic legitimate MySpace profile urls with the second-level domain / numeric portion serving as the spoof MySpace friend ID number…
  Real profile url structure:
  profile.myspace.com/index.cfm?fuseaction=user.viewprofile&friendid=[ID #]
  Fake profile / phishing page url structure:
  profile.myspace.com.index.cfm.fuseaction.user.viewprofile.friendid.[.cn domain]
• Said urls are posted (typically as text) along with some teaser text in the comment section of MySpace user profiles from accounts on their friend list which have already been compromised.
• Besides hosting the spoof login pages, those urls are packed with some other nasty exploits aimed at fuckerizing (technical speak :P) a visitor’s PC.

Key Points Symantec Missed:

• By posting the urls as text (forcing users to cut and paste them into their browser’s address bar) this phishing campaign slips right past MySpace’s (thus far extremely ineffective and counterproductive) link filtering and external link warning page nonsense.
• The bad guys have sank to a whole new yet extremely effective level with varying teaser text suggesting that the link goes to the profile of a recently deceased MySpace user…

  

  Such text is sure to generate more interest in the spoof login url from passersby who are stalking taking a look at someone’s profile.

• There is a slight variation going around where that it’s an actual link using a properly structured MySpace profile url as the anchor text. And, it completely circumvents MySpace’s filtering and external link warning when clicked via one of many methods currently being employed by MySpace spammers.

  Example:
  http://profile.myspace.com/index.cfm?fuseaction=user.viewprofile&friendid=[ID #]

  In action, the above link would contain some extra code which allows it to be posted on MySpace without being converted into a msplinks.com link (MySpace’s lackluster url filtering solution). By default, this also bypasses MySpace’s new external link warning:

  

  Since MySpace users are accustomed to external links being converted into MSPLinks.com links and having to pass through that new warning page, malicious links coded to circumvent those systems appear to be legitimate internal MySpace urls.

• Some might argue that the urls posted as text cannot be as effective as clickable links since they require a MySpace user to cut and paste the url into their address bar. This is true to a point but MySpace’s insanely glitchy link filtering solution regularly filters non-malicious urls. This has created an environment where that some MySpace users familiar with this issue simply post urls as text to avoid any possible filtering. So, many users are now accustomed to copying and pasting urls posted as text.

Symantec’s Numbers:
They got their “more than five million” figure by simply doing an internal MySpace search (powered by Google) with “profile.myspace.com.index.cfm.fuseaction.user.viewprofile.friendid.” (with quotes) as the search string. When I did the same search the results were numbered at 5,490,000.

In Summary:
MySpace’s ill-fated security measures are adding perceived legitimacy to this widespread phishing scheme. Symantec left a bunch of security researchers scratching their heads by posting an oddly goofy blog entry. And, ninjas are freaking awesome.

The skinny:

1. Some eTards decided to harass Officer John Nohej for having a MySpace friend who linked to adult content when he was simply trying to reach out to kids at the middle school he is assigned to.

2. Hilarity ensues as netizens rip the eTards apart for this retardedness. The school he works at? They had a link to a domain parking page from a belly up clip art site they linked to. What ads were splashed across that domain parking page? Gay porn, seriously. It got worse for them when I pointed out that the technology-challenged “elite cyber crimes task force” investigating Officer Nohej is guilty of all sorts of stuff that also doesn’t matter on MySpace.

3. In their infinite wisdom, they decided to (screw up while trying to) hide their own “misdeeds”…

Their friend list from a few days back:

Their friend list and comments now:

What the hell?

They ran to another third party site and got code to hide their friend list and comments. And, once again… they didn’t remove the extra code included which links to a site pushing adware:

What kind of places does that site link to?

Yuppers, the ad network that site does business with serves up a ton of Zango banners. Nice.

I think it’s time for this “elite” interweb task force to go ahead and ask one of the kids they are supposedly protecting to help them out with their MySpace.

Update:
They went ahead and deleted every comment from their MySpace page. lolz

I stole this blog’s title from the ending thought Alex Eckelberry (someone who understands the interweb) left on his latest blog entry. He gives a solid overview of the current retardedness being shown by law enforcement (people who don’t understand “that interweb thingy”). The last big story like this was the Julie Amero case. Just like in Julie’s case, John Nohejl is being fed to the wolves over total BS.

Kevin Poulsen (he really understands the interwebs, too) explains:
Gulf Middle School resource officer John Nohejl didn’t have porn on his MySpace profile, and he didn’t link to porn. But one of the 170-odd people on his friends list, which seems mostly populated by students at his school, had a link to a legal adult site. Now the New Port Richey Police Department and the Florida attorney general’s elite cyber crimes unit are investigating him for making adult content available to underage children.
Source: Wired.com

Shortly after this story broke, a link going to gay porn was found on the school’s website! The great thing about this is that the school has FULL control over the content of their website. John Nohejl on the other hand has zero control over the content on his friend’s MySpace pages. Who’s the screw-up now?

Alex ended his blog entry with some nice bait:
At least one thing is heartening — the good folks over at the Florida Cybercrimes unit have their own MySpace page. They may quickly see how ludicrious this whole thing is.

Well, I took the bait. After a good ten minutes of looking over the profile of this “elite” cybercrimes task force that’s actively investigating John Nohejl’s MySpace I found the following…

Being the interweb gods that they are, they used code from a third party website to pimp out (add style / graphics) to their profile. Included in that code was five troublesome links they didn’t remove. All five links are promoting two “MySpace page pimping” sites which as a whole are known to be breeding grounds for all sorts of evilness. The two in question here are actively promoting several sites known to distribute adware.

Here’s one button and two text links going to those sites:

Another banner ad:

And, another:

So… Besides having a hideously ugly MySpace page full of broken code, they are sending kids to sites that promote adware. After seeing that, I dug into their friend list to give them a taste of the exact same BS being served to John Nohejl. Here’s what I found on their friends’ pages…

Promotion of some funky head shop “legal weed”:

via this friend.

That same friend has a banner in her comments promoting a site which is known “to steal your MySpace username and password by posing as a profile tracker“. In fact, several friends of theirs have the same thing on their pages. Nice!

Another friend of theirs seems to be a lost cause. That page has links to phishing pages and all sorts of other evil stuff. Those email addresses spammed in the comments… Yeah, those will lure you to sites with boobies all over the place if you dare message them.

Go dig for yourself, there’s plenty of double standard to be found in them hills ;-)

Seeing these eTards go after this cop sure reminds me of someone…

I’m sure these experts are just as ninja at the interwebs as the jackass pictured above.

My buddy PaperGhost just posted this:
Myspace Fake Profile Spammers: This Is How They Do It

It gives an overview of an odd MySpace spamming app that works in conjunction with files hosted on the net. The only thing I can imagine is that we got our hands on this thing early and it’s just a beta of sorts being sold to noobs. The coder is likely working towards making it so that he can infect systems with that garbage, so a botnet (your infected systems) can do his spamming for him…

Another interesting tidbit:
Based on some other files I saw on that url, it looks like the program works in conjunction with a proxy script…