A Revolution is the Solution
To make matters even further complicated, check out Brian Kreb's article on the "wrong" way to distribute this patch.
http://blog.washingtonpost.com/
s...security_1.html
I suspect that they have known about this for some time,
As normal the Myspace assumed that it would only affect a few users and be a Minor problem lol, And we all know any Exploit is never a minor Problem...
My god, check out the first comment:
"if myspace isn't safe, what is?..."
They really don't get just how bad this situation is, or how badly MySpace are handling things.
We haven't got a hope in hell of getting MySpace to fix up the constant security problems on that site, if the employee that wrote that blog, and the comments, are anything to go by!
The guy has found a clue:
"If you aren't on my friends list, you're likely viewing a watered-down version of this LJ. There are a lot of things I'd like to rant about or details I'd like to specify that I don't want the general anonymous public to know so easily. So if you've been a lurker, it's about time to add me! Anyone is welcome."
And, in a major breach of netiquette he's set the post date to December 18th, 2012
Anybody grab a cached copy of that page?
"if myspace isn't safe, what is?..."
Oh yes, myspace is so safe, they allow some moron to continue making abusive webpages about people, and also continue ignoring emails of complaint, asking for him to be banned - well if that's safe, I'm a monkeys auntie.
The whole site should be removed from the internet, and the idiots controlling it banned from ever owning a computer/making a website for eternity
http://300s.blogspot.com/ ... this kind of activity by large companies is nothing new...although i put this on digg months ago.. it didn't get any readers... The same kind of exploit existed with flash 8..and macromedia/adobe...waited months and months until someone used it malliciously..
Re: Sandi: "Anybody grab a cached copy of that page?"
A copy just got sent to you and PG. 
- Little Birdie. :P
This is a QT feature being misused to spread spyware. You could exactly the same thing using Flash or Ajax.
It doesn't work on OSX. The "exploit" can open a new window and that's all. So it's really an Internet Explorer issue. All QT does, is feed the URL and some JavaScript to the browser. And we all know what the problem is with IE...
Maybe MySpace would like to drop all such features from QT, from Flash and, why not, from HTML. That would make MySpace a very safe place. Even when used with IE...
What a heap of shit. I use livejournal and to make a post available to friends only you have to physically select it from a drop down menu. In other words, this guy has been using it for who knows how long, but ONLY on this one post - this crucial post, which was supposed to be totally secret, and only available to - well - every random person on his friends list - did he manage to screw up and select the wrong publishing option. Yeah, right. I believe that...for about ten seconds.
whats happened here is, someone decided to write about something they knew they shouldnt have under the mistaken notion that it wouldn't be seen. Jesus, if its such a big deal how about not actually writing about it in the first place?
Nice way to put the genie back in the bottle.
Thanks for the cached copy of the article, by the way. Its safely stored away. I, for one, am totally over Myspace constantly exposing their users to risk.
Commenting by HaloScan
