MySpams

  By Shamus   Feb 28, 2008   41 comments

I have a MySpace page. I don’t know why. There has never been a day in my life where I woke up and said, “Dang, but I really need to find me some people to hook up with and interact with socially!” I’ve already got a blog where I can write and discuss my hobbies. So even if I was craving high levels of poorly spelled gossipy chatter, MySpace would still be a sub-optimal way of getting it.

Legit, you say? Well then, <em>sign me right up!</em>
Legit, you say? Well then, sign me right up!
But I have a page there anyway. Sigh. Herd mentality, as they say, “for teh win”.

About the only reason I visit my page is to reject all the spam friend invites. They usually come in waves. I’ll have three days of nothing, then three invites in one day. That’s not actually that bad as far as spam goes when compared to blogs or email, but maybe I’d be worse off if I had more friends. Invariably these spams lead to a profile with some basic text I’ve read a thousand times before, posted by a “woman” with a very porny glamour shot for her profile picture. The most common profile text goes something along the lines of, “MySpace won’t let me post naked pictures of myself so you’ll have to go here.” I don’t click on the link, of course, but I’m sure it’s a generic Porn nexus or a place to try and infect unprotected machines.

But I find this to be hilarious anyway: The fiction of some girl who can’t figure out where on this wide internet can you go to share naked pictures of young women? Yes! If only there was a website out there in this purient wasteland that let you do this sort of thing.

For a time last year there was a rash of MySpace pages where the profile would use CSS to position a big ‘ol rectangle of text over the whole site, which would then let you know that you needed the special “adult MySpace viewer” if you wanted to see the naked pics. A standalone exe. To view webpages. Only people fresh off the newbie truck are likely to fall for such a clumsy and transparent scheme, but there is no shortage of people like that on MySpace. You could always tell when someone fell for it because they’d start “posting” a bunch of “get a free iPod nano” style links to their blogs and blurbs and in comments to their friends. I never found out if the “viewer” hijacked their account and did the posting, or if it just captured their name and password and sent it along to the hacker, who then logged in under their name and did the posting. That would actually be interesting to know. The first would make for more complex and harder to develop software, while the second route would be more easily thwarted via IP blocking on the part of MySpace.

comic_security.jpg
I’ve said it before, but this is another example of how the greatest threat to computer security is the fact that men want to look at boobs. There is no firewall system that can defend against the fact that one of the guys behind it won’t unintentionally – but stupidly – compromise the system in his efforts to look at naked breasts. Despite what the movies show us, you don’t take control of a remote computer by typing really fast, but you can do it by luring someone with false promises of hot female nudity. (They don’t have to be false promises, I guess. If you actually give something in return the target will likely enter the trance-like “boob viewer” state and stay out of your hair while you have your way with their computer system.)

The MySpace hacking took advantage of the trio of young male weaknesses: Ignorance, Horniness, and feeling of invulnerability offered by the anonymity of the internet.

(I’d follow this sort of thing more but it’s too dangerous. I don’t want to end up at a porn site or getting a virus. Yeah, Firefox is pretty secure, but there is no guarantee that it’s bulletproof and I’d hate to be an “early adopter” in a clever new line of attack. I wish there was a hotkey combination for IE or Firefox that let you view the text of a questionable page without loading any images, running any javascript, or activating any ActiveX controls. Like, “I don’t trust this site, take me there and show me just the text”.)


20201Feeling chatty? There are 41 comments.


  1. scragar says:

    nothing stops you writing a firefox plugin to this effect, I’m sure you could even write a peice of greasemonkey to achive the same effect(loading each link as an ajax request, the itterating all child nodes of the body searching for non-empty text nodes that also happen to be outside of script tags…

    infact, I’m proberly gonna have to write something like that for myself now.

  2. heather says:

    I know Opera has a “text only” viewing option and I am pretty sure Firefox used to. No clue about IE.

  3. […] Shamus Young: the greatest threat to computer security is the fact that men want to look at boobs. There is no […]

  4. Matt` says:

    ActiveX shouldn’t be a problem in Firefox, other scripts you can block with NoScript, for images you could use an Adblocker and tell it to block everything from the domain in question…

    There’s other blockers for most things, or you could load it in Lynx :lol:

  5. revford says:

    You could just use a text only browser, that doesn’t support plugins or scripts to check the page out.

    Something like lynx, which can switch between the rendered page and the source at a keystroke (\).

  6. Samrobb says:

    In cases like this, I tend to use lynx, links, or another textmode-only browser. I generally have it available (Cygwin installed on my Windows systems, Linux on other systems), so it’s not a big deal.

  7. Davesnot says:

    Hmm… now that you mention it.. I’d better call my Dad.. That way next time I visit I can spend more time visiting him and less time cleaning his computer…

  8. Picador says:

    Check out NoScript for Firefox. I use it all the time; it eliminates all scripts until the page gets whitelisted by you manually. You can also whitelist a page for a single session, in order, say, to get a specific task done. It’s a terrific plugin.

  9. Marauder says:

    In addition to plugins like noscript and flashblock, you might want to look at some sort of sandbox like sandboxie or untrusted Virtual Machines for exploring these sorts of things.

  10. Thad says:

    There is an add-in for Firefox that is basically a whole slew of developer like toolkit facilities that allow you complete control over whether images are loaded or scripts are run, etc… which I don’t know the name of, but have seen my friend use.

    (Or you could try downloading the page off the link and looking at the code, but not all pages give away their secrets like that… then again, these aren’t usually sophisticated hacking attempts…)

  11. Gobo says:

    If it were just us young males wanting to see boobs… The problem stretches a bit wider.

    http://www.codinghorror.com/blog/archives/000347.html

    People want to see the bunny!

  12. Cadamar says:

    “the greatest threat to computer security is the fact that men want to look at boobs”

    Quite possibly the most profound statement I have ever read on this topic.
    I’m thinking the best piece of network security that could ever be developed then would be a firewall level app that could automatically detect an image of boobs and add black bars to the image before sending on to the browser. Then all the network admin has to do is communicate that to the network users and nobody will bother chasing after boob pics. If camaras can recognize faces in real time for better photo composition then I don’t think it’d be too difficult to make an app that can recognize boobs.

  13. Joe says:

    Similarly, I have a myspace page that I use for absolutely nothing… I got it because my wife has a myspace account that she actually actively uses, and I wanted to be able to read her friend-only posts. Very occasionally, an old friend from high school will find me there and say hi.

    Anyhow, I get the same spams you’re talking about. The thing that I find particularly hilarious is that, for quite a while, there was some sort of spam synergy where they would say “look at my nekkid pics over here, because myspace won’t let me post them…” and then, way down at the bottom, add in “by the way, if you want some cheap canadian drugs, go here…” I don’t know what the porn and the drugs might have to do with each other, but I was never curious enough to find out.

  14. Christopher says:

    One thing I’ve always wondered is if these “hackers” are smart enough to create malware to hijack a computer, why aren’t they smart enough to create a less conspicuous page with the “porny” shots of women and bad grammar? I wouldn’t think it would be too hard to make these fake pages look more legit like a “real” page on myspace.

    Or maybe they prefer their veiled attempts to be not-so-veiled in order to only lure in the utterly stupid.

  15. straechav says:

    Personally I’m not so hot on boobs, specifically. More of an ass-man. I’d prefer something more as a compensation for becoming an security risk than just some naked breasts. At least a decent butt in skimpy underwear on top of the breasts. Ah, hell, let’s not work on too cheap – full nudity is my price for letting in the malware. If you want some spyware on top, I want something even more explicit.

    (Yes, I am being sarcastic :p)

    That said, Shamus, you have one damn good point there. And whoah, that Sandboxie has somehow missed my radar completely and looks just my kind of toy. Thanks Marauder.

  16. Zukhramm says:

    “Or maybe they prefer their veiled attempts to be not-so-veiled in order to only lure in the utterly stupid.”

    Might be their kind of moral code, “only trick the ones stupid enough to deserver it”, or something.

  17. ngthagg says:

    I briefly worked with a guy who was developing an anti-porn application that worked based on image analysis. The last I heard he had it up to 99.99% accuracy, which unfortunately lets about 630 million porn sites through.

  18. Smileyfax says:

    I use MySpace primarily to keep in touch with friends from high school.

    There should be an option in your profile to keep spammers from attempting to friend you…I think it adds a captcha to the friending process. I turned it on, and haven’t had a single spam friend request since.

  19. Robel says:

    Zukhramm, if that is the case, I would agree with them. I never tolerated stupidity, heh.

  20. stuff says:

    I click on links like than, not for the porn or what not, but because it’s fun to watch viruses and spyware crash horribly on linux.

  21. guy says:

    i think i get autoproxied by my ISP. might explain why i don’t have virus problems despite my rather poor security and lack of caution. and why the IP adress that those IP detecters show is wrong.

  22. Carra says:

    Noscript has been mentioned and even advised it to some coworkers today. Auto blocks all the scripts on your site and can allow them site per site. Scripts on your page blocked:
    -shamusyoung.com
    -google-analytics.com
    -technorati.com (?)

    The firefox web dev addon also allows to disable images if for some reason you do not trust them (I do miss the opera toggle images buttons).

    Yeah, it does get my sister wining that she has to enable scripts on all pages, which basically counters its use of course.

  23. Mari says:

    Stephen Moffat said it best when he said that the entire course of civilization has been one improvement after another all in an attempt for men to get a better look at women’s bottoms.

    I’ve wondered myself who falls for the “look at my boobs on this other website” e-mails, but then I always wondered who fell for the “I need your help and for your effort of letting me use your bank account number to get all these millions of dollars out of Nigeria, we’ll split the money” e-mails, too. Until I actually heard some moron call in to a financial radio program to ask the host’s advice about this business venture.

    At the same time, I’m a little jealous of you men on MySpace. “Hot babes” never want me to look at their boobs on malware-laden websites. No, I just get actual lonely men wondering obscene things about parts of my anatomy that I’m not sure I actually have. They don’t even bother to send friend requests first. Where’s the love, baby? Why can’t people ever just want me for my computer?

  24. McNutcase says:

    There’s a reason my /etc/hosts defines myspace (or spymace, as I sometimes refer to it) as loopback.

    Yes, it’s overkill. I LIKE using big guns for small problems.

  25. Nathaniel says:

    If I right-click a tab in firefox, there’s a “permissions” item that lets me turn off images, frames, javascript, plugins, or redirecting. I think this is a tab mix plus feature. Also, I’d like to second the sandboxie recommendation: with it, you can even install weird plug-ins with no worries.

  26. Luke Maciak says:

    Shamus,

    If you want to find out more about how these myspace exploits work, check out:

    http://www.vitalsecurity.org/

    This guy loves to take apart these myspace schemes and he describes how they work in much detail.

  27. neminem says:

    I would like to disagree with you on one thing: the movies do show you exactly this – haven’t you seen all those spy movies wherein one of the agents, who happens to be a gorgeous movie star in real life, flashes the guards while everyone sneaks in and/or out of a building?

    Anyway, you continue to be rather awesome – I’ll most assuredly end up quoting you on this later, whenever the topic comes you, as you stated the effect rather brilliantly.

  28. ClearWater says:

    There’s only one solution: free naked boobs on every site. That way there’s no need to click on those shifty links.

  29. Mephane says:

    I predict you are now getting a new wave of friend invites, but this time not spam, but from your blog readers. ;)

  30. thebigkr says:

    dude, my myspace seems to be for the exact same purpose; attracting spammers like flies to a pile of crap. Which, imho, is a pretty fair depiction of myspace.

  31. Dihydrogen says:

    Christopher– To my understanding, the main reasons why all of those web pages are so suspicious are that they are either made by script kiddies whom have no idea how the exploit actually works or that its made by people from non-English speaking countries such as Russia.

  32. Solka says:

    Shamus, weren’t you talking about a website, fav.o.rite (or something like it) that TAKES the text content of other internet sites so you can read them?

  33. Cadamar says:

    Mari – I have to admit, at first I was only attracted to your math skills. But since then I’ve found that there is so much more to you as a person, like your computer and your cute anime girl icon. If I had a myspace page I promise I’d send a friend request first…

    Mari actually brings up a good point. All the porn spam is from guys trying to take advantage of other guys. Are there really that many men out there that are so amazingly gullible or dick-driven that they fall for this crap on a regular enough basis to make it profitable? Seriously!?!
    Another good example is to check out the “Casual Encounters” section of craigslist. 99.99% of the W4M ads are spammers, 99% of M4W ads are real.

    The only way to stop this crap is for all men to stand up and say in one unifying voice: “I will not be controled by my penis!”. Come on! We can do it! It only requires one man to start it! Anyone? Just one guy… No? *sigh* I’m going to go find some porn…

  34. Patrick the Malcontent says:

    Wow. Thos3 chicks are hawt! w00t!

    What was thi3r url?

  35. Lee Davis says:

    I think what we need is a firewall filter that substitutes boobies for every image. This would evaporate the incentive to click on any particular link to see boobies; clicking on anything — or just refreshing the same page — would generate nigh-infinite boobies without risk of exploits.

    Or having to visit MySpace.

  36. Fallacious Gee says:

    TITS OR GTFO!!

    Seriously, though. You an’ me are in the same boat. There really is no good reason for me to have a MySpace. All the “friends” I have who congrgate there are largely a horde of lackluster mouthbreathers. There are so many other good places to get decent pr0n, anyway.

  37. Ishmael says:

    “There are so many other good places to get decent pr0n, anyway.”

    What, you can get prawns on the internet? I love shrimp! Please send me links!

  38. It’s probably biologically infeasible for men to stop being controlled by their penises. Maybe the solution is to educate Internet users on how to acquire boobies safely and securely. I volunteer Wikipedia. Abstinence-only porn education will only lead to the spread of botnets!

    Well it seemed like a good analogy in my head.

  39. […] Подпишусь: I’ve said it before, but this is another example of how the greatest threat to computer security is the fact that men want to look at boobs. There is no firewall system that can defend against the fact that one of the guys behind it won’t unintentionally – but stupidly – compromise the system in his efforts to look at naked breasts. Despite what the movies show us, you don’t take control of a remote computer by typing really fast, but you can do it by luring someone with false promises of hot female nudity. (They don’t have to be false promises, I guess. If you actually give something in return the target will likely enter the trance-like “boob viewer” state and stay out of your hair while you have your way with their computer system.) […]

  40. Skye says:

    Shamus, I run linux. Let me tell, you, if there’s one thing almost any distro can do, right out of the box (um, I mean disk… wire… tubes?) is fail to run flash, .exe files, or pretty much any kind of program you want to run. Funniest thing I ever did see: After clicking on a seemingly legit link a few times, and getting a blank page, I got a message from the system saying that it didn’t know how to deal with an extension. I checked the file- it had noticed that there WASN’T a WINDOWS32 folder on my hard drive, so had created the folder, placed itself inside, then tried to run itself. Clever sir hacker, clever.

2 Trackbacks

  1. By I Know What I Know : How Computers Get Full of Viruses on February 28, 2008 at 12:25 pm

    […] Shamus Young: the greatest threat to computer security is the fact that men want to look at boobs. There is no […]

  2. […] Подпишусь: I’ve said it before, but this is another example of how the greatest threat to computer security is the fact that men want to look at boobs. There is no firewall system that can defend against the fact that one of the guys behind it won’t unintentionally – but stupidly – compromise the system in his efforts to look at naked breasts. Despite what the movies show us, you don’t take control of a remote computer by typing really fast, but you can do it by luring someone with false promises of hot female nudity. (They don’t have to be false promises, I guess. If you actually give something in return the target will likely enter the trance-like “boob viewer” state and stay out of your hair while you have your way with their computer system.) […]

Leave a Reply

Comments are moderated and may not be posted immediately. Required fields are marked *

*
*

Thanks for joining the discussion. Be nice, don't post angry, and enjoy yourself. This is supposed to be fun.

You can enclose spoilers in <strike> tags like so:
<strike>Darth Vader is Luke's father!</strike>

You can make things italics like this:
Can you imagine having Darth Vader as your <i>father</i>?

You can make things bold like this:
I'm <b>very</b> glad Darth Vader isn't my father.

You can make links like this:
I'm reading about <a href="http://en.wikipedia.org/wiki/Darth_Vader">Darth Vader</a> on Wikipedia!