The title of the post is inspired by a t-shirt I saw,
http://www.jinx.com/scripts/details.asp?productID=636 (I am in no way affiliated with jinx, but I do love the shirt) and not some deep seeded resentment towards an online community. I am not critiquing the idea of myspace or its ability to re-unite old friends, I am however railing against how myspace operates. The very way in which myspace users interact with one another flys in the face of good internet practices. For those not familiar with myspace, it is a portal where users find each other through a search engine then join one another’s pages.
Once they become a “friend” they are free to post messages and share files. Here’s the problem, most users have aliases, so even if they say that they are Jim from second grade how do you know icedancer35 could be someone pretending to be Jim for an insidious purpose. We have been taught and (hopefully) teach our staff not to open email from people they don’t know, but that is exactly how myspace operates. If users want to reak havoc on their own computers at home so be it, but our networks should suffer because of it. In the last week, two worms for myspace have been identified and there are certainly more on the way.
The latest myspace vulnerability can be found here
http://www.gnucitizen.org/blog/myspace-quicktime-worm-follow-up Basically, links on the users’s sites are re-directed to phishing sites and anyone who visits could be infected as well. No, this is not a major problem, but that is because they are only phishing links. What if the links instead brought the unsuspecting user to a page with had a 1X1 pixel of a Browser Helper Object (BHO), that installed a Trojan. The popularity of myspace could easily create a zombie net of several hundred thousand machines in a matter of minutes.
There are countless others, but this is the latest. I understand the appeal to re-connect with old friends or re-kindle lost loves, but not on my network. I am loathe to stop users from browsing the internet, it is more trouble than its worth and everyone deserves the right to browse the internet for a five minute break, to get re-focused. Myspace however is too susceptible to problems and therefore I am urging all responsible infosec professional to block myspace.
I have done some research and the following are methods that can be used to keep myspace off your lan.
http://www.softwaretipsandtricks.com/forum/internet/26149-how-block-myspace-com.html http://www.techimo.com/forum/t169608.html http://www.zemericks.com/support/howtos/blockmyspace/index.asp Again, the purpose of this post is not to highlight a particular worm or threat, but to illustrate the very real threat that myspace could become. If you do allow your users access to myspace, ask them to verify who it is they allow on their pages and that they only visit trusted sites.
Editor-In-Chief : Special Xmas Deal: 10% Off eLearnSecurity Courses
