dslreports logo
 
    All Forums Hot Topics Gallery
spc
view:
topics flat nest 
Comments on news posted 2006-11-10 17:04:38: Yesterday we reported on a widespread phishing attack on MySpace, in which personal profiles had their HTML gamed to entirely overlay the usual look and feel with what appeared to be a real MySpace login page. A valid page should be hosted at login. ..


Edrick
I aspire to tell the story of a lifetime
Premium Member
join:2004-09-11
San Diego, CA

Edrick

Premium Member

Yea Good Job NOT

Yea ignore the fact that I reported this to them MONTHS ago and they did nothing at all. Great Job finally realize it months later.

ToxicDrew
Premium Member
join:2001-09-24

ToxicDrew

Premium Member

Tom needs to be held accountable for this!
eowen
Premium Member
join:2004-05-12
Menifee, CA

1 edit

eowen

Premium Member

great!

thats just great! now that gives me a totally good reason to dump it after several cases of errors from the site.

visiting the site at evening hours is insanely problematic but it was by choice. This time its my choice again :0

FFH5
Premium Member
join:2002-03-03
Tavistock NJ

FFH5 to ToxicDrew

Premium Member

to ToxicDrew

Re: Yea Good Job NOT

said by ToxicDrew:

Tom needs to be held accountable for this!
Tom who?

texans20
Premium Member
join:2002-09-28
Texas!

texans20

Premium Member

Myspace's problem

Myspace has not done enough to protect the security of their own network or site. Spam is rampant, and phishing has always been a problem. Some changes to what is allowed on a profile should be the first step. Removing php or any other script from being allowed to sit on a profile should be the first step.

It's not the hosting providor's fault myspace is lacking in some security.
buzzcut0
join:2001-09-30
The woods

buzzcut0

Member

I don't think anybody blames the hosting provider for somebody else's security problem, but when they are found to be abetting in that activity, aren't there any good-citizen obligations to help mitigate the damage?

percboy
join:2000-12-07
Columbus, OH

percboy to FFH5

Member

to FFH5

Re: Yea Good Job NOT

said by FFH5:

said by ToxicDrew:

Tom needs to be held accountable for this!
Tom who?
»www.myspace.com/tom
amungus
Premium Member
join:2004-11-26
America

amungus

Premium Member

the game

Seems like quite a game to be playing... This should be an obvious open and shut case to anyone.

There are problems with myspace too though. They could very easily implement some simple things to increase their own security. For instance, I can stay logged in all day, it never times out. My bandmate can login, while I'm on, from anywhere, and it doesn't boot me, I just never know he was even logged in.

The myspace people should take some serious actions to reduce their own (security) issues as a matter of prudence. The whole system seems so incredibly duct-taped together that it's a miracle the thing works at all. Let alone, as others have said, the scripting.

While I agree they have security issues galore, the hosting provider in this case should be seriously accountable for allowing a phishing operation right under their noses, and not doing anything to stop it.
I think they should be seriously looked into by whatever authority.

Sebastian
Premium Member
join:2000-12-22
New Haven, CT

Sebastian to texans20

Premium Member

to texans20

Re: Myspace's problem

no one is at fault except for myspace.. clearly they should keep an eye on what the hell people are embedding into the pages they create.

firephoto
Truth and reality matters
Premium Member
join:2003-03-18
Brewster, WA

firephoto

Premium Member

near 40,000 emails/passwords from one of many phish scams

I count about 40,000 email addresses and passwords, not accounting for duplicate logins, from the two .txt files before the current one started growing rapidly till it stopped at about 1860M.
Insder
There never was a second I in my name
Premium Member
join:2005-04-27
Salem, MA

1 edit

Insder

Premium Member

Try dealing with ISPs on a daily basis

I've given up notifying US ISPs that customers on their networks are spewing phish spam/hosting phish pages. I generally get the same response from them that you guys got from IPowerWeb.
mr_cool
join:2003-10-14
USA

mr_cool to percboy

Member

to percboy

Re: Yea Good Job NOT

You do realize that Tom is not a real person, just a image by the company that made mysapce?

JAAulde
Web Developer
MVM
join:2001-05-09
Frederick, MD

JAAulde

MVM

Previous CUstomer

As a previous customer of iPowerWeb, this does not come as a surprise. Thankfully that contract has ended and I moved on.
buzzcut0
join:2001-09-30
The woods

buzzcut0 to mr_cool

Member

to mr_cool

Re: Yea Good Job NOT

Huh? "Tom" is Tom Anderson, a founder of MySpace and real actual person.

batterup
I Can Not Tell A Lie.
Premium Member
join:2003-02-06
Netcong, NJ

batterup

Premium Member

It serves them right.

What MySpace is, is 14 year old girls looking like whores and 50 year old men lusting after them. There is a -o- in heaven.

SynErr
mIRC is my life
join:2006-09-14
Charleston, WV

SynErr to buzzcut0

Member

to buzzcut0

Re: Yea Good Job NOT

tom is the guy that made MySpace.. but he doesn't do shit with it anymore.

Jameson
Premium Member
join:2004-05-28
united state

Jameson to batterup

Premium Member

to batterup

Re: It serves them right.

said by batterup:

What MySpace is, is 14 year old girls looking like whores and 50 year old men lusting after them. There is a -o- in heaven.
Obviously you don't know what your talking about.

Unregistered User
@comcast.net

1 recommendation

Unregistered User to Sebastian

Anon

to Sebastian

Re: Myspace's problem

I have to disagree. Yes, MySpace bears some responsibility, but the hosting provider where the phished information ends up has a responsibility to act when they are advised of what's going on.

A close but not perfect analogy would be if stolen goods were showing up in a pawn shop. Even if the pawn shop owner really didn't know the items were stolen when the thief began pawning them, as soon as he's shown that they are indeed stolen, he can not plead ignorance or maintain that he has no responsibility to do anything to assist in catching the thief.

To return to the MySpace situation, the Web hosting company owners also need to realize that, if this incident prompts a criminal investigation, they could be charged with aiding and abetting the perpetrators of the crime. It's one thing if they didn't know what was going on, but as soon as they're told, they can't just ignore what's happening. If they're smart, they'd better be preserving as much evidence as they can and contacting an attorney because if this does get investigated, they're the first people the police will come to.
MGD
MVM
join:2002-07-31

MGD

MVM

Amazing !!

Wow!! there are the totally clueless, and then there is iPowerWeb. Clearly, the failure to respond reasonably to what was obviously a phishing support site on their IP space was gross negligence.

Even without reviewing the myspace page source code you would think that almost three quarters of a million email addresses with corresponding passwords stored in open files on their servers would generate some level of concern on iPowerWeb's part. Amazing !!
44402812 (banned)
Hack The Planet
join:2006-08-28
Plattsburgh, NY

44402812 (banned)

Member

said by MGD:

Wow!! there are the totally clueless, and then there is iPowerWeb. Clearly, the failure to respond reasonably to what was obviously a phishing support site on their IP space was gross negligence.

Even without reviewing the myspace page source code you would think that almost three quarters of a million email addresses with corresponding passwords stored in open files on their servers would generate some level of concern on iPowerWeb's part. Amazing !!
Who Cares!!! :P MySpace Sucks and is a complete waste of energy!

batterup
I Can Not Tell A Lie.
Premium Member
join:2003-02-06
Netcong, NJ

batterup to Jameson

Premium Member

to Jameson

Re: It serves them right.

said by Jameson:

said by batterup:

What MySpace is, is 14 year old girls looking like whores and 50 year old men lusting after them. There is a -o- in heaven.
Obviously you don't know what your talking about.
And you are talking to me. Fool.

Unregistered User
@comcast.net

Unregistered User to 44402812

Anon

to 44402812

Re: Amazing !!

Whether or not MySpace sucks is irrelevant. This is an identity theft issue, and if the hosting company won't address something like this, then one has to wonder what else they won't address.

Steve
I know your IP address

join:2001-03-10
Tustin, CA

Steve to 44402812

to 44402812
said by 44402812:

Who Cares!!! :P MySpace Sucks and is a complete waste of energy!
More than a hundred million people disagree with you.

This might give some insight into who's actually right or not.

ReVeLaTeD
Premium Member
join:2001-11-10
San Diego, CA

ReVeLaTeD to Jameson

Premium Member

to Jameson

Re: It serves them right.

said by Jameson:

said by batterup:

What MySpace is, is 14 year old girls looking like whores and 50 year old men lusting after them. There is a -o- in heaven.
Obviously you don't know what your talking about.
Obviously you don't read the news. Or browse enough MySpace profiles. If you did either, you'd know that what he said is 100% accurate. I really get sick of almost daily news articles about some underage girl being visited by a 40+ year old man that she met on MySpace. And I'm sure you remember that incident of that celebrity's daughter (who was underage) whose MySpace profile was talking about all the various ways she liked to have sex. Get your facts straight.

On the topic. Clearly people must not care about their information being stolen because they always keep giving it even though the site is a virtual cesspool. However, that doesn't give MySpace a free pass to ignore the problem. I don't think the hosting company is to blame here. I think MySpace needs to be more aware and active in preventing issues like this as well as other non-technical issues (the "social engineering", if you will).

Snowy
Lock him up!!!
Premium Member
join:2003-04-05
Kailua, HI

Snowy to batterup

Premium Member

to batterup
That's what got it shut down.
When a few 50 yr old iPowerWeb executives heard their MySpace login credentials got compromised they shut it down ASAP!

battleop
join:2005-09-28
00000

battleop to Steve

Member

to Steve

Re: Amazing !!

MySpace is the current geocities. Nothing pages that make my eyes hurt to look at.
kyrrin
join:2001-10-20
Kent, WA

kyrrin

Member

iPowerweb is a spammer rathole

Honestly, I'm surprised iPowerweb did anything at all. Every spam report I've ever sent them has disappeared into Dave Null's inbox, never to be seen again (for the Unix beginners, and others who may not know, that's a playful reference to /dev/null, a built-in black hole present in any Unix-type system in that anything sent to it simply disappears).

I finally stopped bothering with reporting spammer crap to them, and firewalled their entire IP address range out of our network permanently. I would recommend that others who run their own networks do the same.

In short, they seem not to care who abuses their networks, or how much abuse goes from their networks to others, as long as they get their monthly fees.

In the SysAdmin world, we call that kind of behavior "black-hat" and "block-and-forget."

Keep the peace(es).
frammis
join:2005-05-05
San Jose, CA

frammis

Member

Typical of lowball web hosts

Ipowerweb is just one of a gang of irresponsible web hosts. Their attitude is if they can get away with it, it's legal.

Nobody is going to put the CEO in jail for ignoring abuse complaints, so they put one minimum wage guy in charge of looking at the abuse@ queue if he has time after cleaning the toilets. And if he wants to remove a spammer support service he has to fill out a form in triplicate on his own time and the sales guy gets to tear it up and make him eat it. Alchemy and AIT are the same.

Face it, there would be no spam if there were no irresponsible ISPs. Cockroaches are simply nature's response to the ecological niche of slums with dirty kitchens. If there's a filthy slum, it's not the cockroaches' fault. Spammers are just cockroaches. Ipowerweb and Alchemy and AIT are the absentee slumlords who knowingly give them a happy home.
smoore69
join:2006-12-11
Bellevue, WA

smoore69

Member

Largest group on myspace w/ 200,000 users hacked and deleted

Today the LARGEST group on myspace with over 200,000 users was hacked and deleted. The group was:
»groups.myspace.com/wan
The group ID was: 100003506

The moderator got an email from this user right before it happened:

»profile.myspace.com/inde ··· 34758226

Below is the correspondence from the user that he received. This is text from three emails.

Email 1: Subject: "Would you like your group to be featured on the front page of MySpace?"
Body: "Tom said he's working on it, you'll get it back once he added the new features
He took mine away too on another account and added this multiple moderator feature
because of the large groups thing "

Email 2: Subject: "YOU GOT OWNED MOTHA FUCKA!"
Body: "YOU GOT SERVED BITCH, SAY GOOD BYE TO YOUR GROUP "

Email 3: Subject: "FOWARDING MAIL AIN'T GO DO SHIT"
Body: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAHHHHHH FUCKEN HA "

____________________________________________________

It seems the phishers are out to wreak havoc on myspace and its users.