corigin.com

Over at PC Magazine, columnist Sascha Segan argues that many of us are going to have a big ol’ pity party down the line, when we realize that social networking sites like MySpace and Facebook make it difficult to look through sentimental memories and messages like you can with paper or email. MySpace is bad enough, he writes, but:

Facebook is even worse, because so much Facebook information is metadata, a stream of “pokes” and “virtual gifts” and other non-e-mail-related information that adds up to a history of human interaction.

Segan raises an interesting point: How do we archive our relationships and significant moments when they happen on a social network? If Facebook, MySpace, and the like aren’t around in five or 10 years, will you miss the personal history you’ve stored up on them? If you did want to “back up” your social network information for later viewing, how would you go about it? Share your ideas in the comments.

Last week, I heard rumblings of an “interesting” screenshot doing the rounds on a few forums, but I had no clue where to look for it. Then someone anonymously popped up on MSN - as they quite often do - and sent me a link to the screenshot in question.

As you might have guessed, the screenshot involved Myspace. What’s worrying here is what the contents of the screenshot could mean, and the total and utter shambles of a response I’ve had back from Myspace. See, let me say this right away - whenever you trawl through the super secret security mailing lists, backroom areas on forums etc - there’s always one question that keeps popping up, and it usually always draws a blank.

“Anyone got a contact for Myspace”?

Most of the time, nobody ever does. For all intents and purposes, their security team - whoever they are - might as well reside in another Galaxy. So when the following screenshot came my way, my eyes started to roll and didn’t stop for three whole days (obviously, I’ve done a bit of editing to this screenshot):

…eep. Now, I have no clue what we’re looking at here but it doesn’t sound very good given that this was supposedly popping up on various underground forums.

“Domain Account Administrator, Myspace”

“CSR-Tools”

“Account: Retail”

“Billing Information”.

These are just some of the items contained in the screenshot. Besides that, there’s a number of domains seemingly connected to Myspace down the left hand side and a bunch of contact information (Emails, names, addresses, User ID numbers) in the main portion of the page.

Has someone wandered into the main admin panel for Myspace? Is this something to do with a storefront related to the site? Is it something else entirely? Who knows, but you can probably guess what happened when I attempted to draw attention to this. I mailed them using their autoform last week - no reply.

I tried again this week, and this is what I sent them:

hello, my name is chris boyd, director of malware researchfor facetime security labs. This is the second time I havesent this through, with no reply so far. A few days ago,someone pointed me in the direction of a screenshot a fewpeople had heard about (screenie URL goes here).

The screenshot appears to indicate your main CSR accounttools system was compromised in some way - can you confirmwhat has happened here? I will be writing about this lateron today on my blog and would prefer to have the fulldetails as to the extent of what has (or has not!) happened here.

Thanks,Chris

Can you guess what I got back?

Hello,

Below is a pretty comprehensive overview on blogs presented in an FAQ format.  It should answer all the questions you have about blogs.

Q: What is a blog?

A: A ‘blog’ is an online journal.  Blog is short for Weblog.  In recent years, ‘blogging’ or posting an online journal has become very popular.

…..yes, thanks for the handy blogging tips. Auto-reply ftl.

I mailed them right back and this time, I was supposed to be given an answer by an actual person. As it turns out, the auto reply above made more sense than what I was handed back. I sent them the same Email above - this is what I got (bold emphasis added by me):

Hello,

Most errors are cleared up in a matter of minutes so try to access the page again in a minute or so. If it’s a significant problem, we’re probably already aware of it and are currently working to resolve it. Please be patient.

……wha? Thanks for advising me to try accessing your potentially compromised system again in a few minutes, but that doesn’t really solve anything, does it?

I’ve resent yet again with a little note asking if anyone there actually bothers to read anything they’re sent, but I’m not getting my hopes up. I’d like to think the above screenshot doesn’t represent anything serious, but would someone bother posting something like that to websites if they didn’t think it was a big deal in the first place? I mean, call me paranoid, but I’m not entirely certain I want to be anywhere near a Myspace page at the moment. Is it safe? Is it compromised? Nothing to worry about? Being taken care of? Who knows?

Little help, Myspace?

/ Addendum - I just received the latest reply to my efforts to draw attention to this, and it’s the best one yet:

I sent Myspace this:

“Is anyone there actually reading what I’m sending you? I’m telling you that you appear to have been compromised, potentially quite badly. And you’re sending me another reply that doesn’t help and tells me to “try to access the page again in a minute or so”?! I guess that would be useful if I was the one doing the compromising, but this isn’t really much use to me, is it?”

Let me repost my message for a third time”

This is what I got back:

“Hello,

We do not offer that option as it is not available within MySpace.”

….I think my brain hurts.

Windows only: Free music downloading software Freemusiczilla listens to what’s playing in your web browser and makes it available for downloading as distinct MP3 files. We’ve featured individual music service downloading apps before, like Pandora’s Jar, but Freemusiczilla seems to sniff out nearly any Flash or AJAX-based music player, be it Last.fm, Pandora, iMeem, MySpace, or many more custom or streaming services. The program limits you to 10 MP3 downloads per day, presumably in waiting for a fully-enabled “premium” version, but gives you three minutes into each track to decide if you want to download or not.

While many web sites and services offer free and openly licensed independent music, not all of them do, of course. While we’re not endorsing piracy, Freemusiczilla is a pretty handy tool for grabbing low-fidelity copies to sample before purchase. Freemusiczilla is a free download for Windows systems only.

Their forum was up for a while, now it says this:

….in conclusion, Tesla is doomed and Hilary Duff sucks.

I love being right all the time.

….as the Magical Pixie man says….

Man, they are going to kick his ass when they wake up to their website being all suspended and stuff.

Well, if you’re going to make a name for yourself on Myspace, hacking one of the biggest “stars” on there is a good way to go about things. Some fool went and hacked a bunch of stupidly popular pages, then plastered his hacker ID all over them. Worse (for him), he seems to have done it as a way of getting into the group - sadly, all he managed to accomplish was getting their domain suspended. I predict a face slapping for our happy hacker.

This isn’t related to the Myspace band hacks of a few weeks ago, so at this point, we don’t know how the page was “hacked”.

Here’s Tila Tequilas page as of a few hours ago:

It’s worth noting she’s one of the top three most popular acts on the whole of Myspace with 241,4669 friends:

I’ll be updating this entry at Spywareguide with all the info. Stay tuned…

I usually don’t write much about the social networks out there, mainly because I’m pretty fed up with them. Yes, I’m on Facebook but do I care about me being there? Nope, I’m sick of it, really, and are just hanging around because of some discussions in various groups.

The main competitor, MySpace, doesn’t appeal to me at all, it’s an ugly mash of grotesque taste in my opinion. Surfing MySpace hurts my eyes.

I do, however, enjoy music, and I can listen to that on MySpace, since most bands have a page there. That means that I can listen to the songs and decide wether I should buy the album or not, since I won’t settle for the crappy sound quality offered.

(more…)

You know, this is a difficult and awkward post to make. But then I pretty much built what reputation I have on those two things - being difficult and awkward. So here goes. If you woke up on the 31st of October and checked out the news, you’d have seen this.

The text reads: “The bands’ MySpace pages have a transparent overlay that, when clicked, either links to a Web site that tries to start downloading malware disguised as a media codec or attempts to exploit a browser security flaw, said Chris Boyd, security research manager with FaceTime.

When a cursor passes over part of the overlay, the IP (Internet Protocol) address for a Web server in China is shown in some browsers. However, the fake media codec site is hosted in Russia, Boyd said. He posted screenshots of the problem on his blog Wednesday.”

Then, if you woke up this morning and checked out the same site, you’d have seen this:

The text reads:

“The MySpace pages for singer Alicia Keys and other musicians were hacked with a seemingly new type of hack, a security expert said Thursday.

Keys’ MySpace page and that of others, including a Scottish band and a French band, were flagged by users of Exploit Prevention Labs’ LinkScanner software, which blocks pages containing malicious code. The discovery came after users began reporting that Keys’ page was blocked, according to Roger Thompson, chief technology officer of LinkScanner.com.

“When we saw it was MySpace and Alicia Keys, we took a good look at it,” he said in an interview.”

A pity, perhaps, that they didn’t also bother to check any of the mainstream tech websites that already covered this story last week.

Seriously, I find it puzzling that, while researching this, nobody there thought to stop and check Google, or the news pages, or blogs (or anything else for that matter) that someone might have already done something with this or whatever. I mean, that’s what you do when you find something you think is new, right? To prevent everything going tits up further down the line when you jump up and down and say look what we have here.

Especially when (in a further blog entry on this), Roger Thompson writes:

(which had been hacked for at least three or four days earlier, because that’s when we first noticed it… and someone just reminded me that PaperGhost over at http://www.vitalsecurity.org/2007/11/myspace-band-hacks-continue_05.html had noticed it for some other bands separately at a similar time or even earlier time)

Or, as someone in my (increasingly angry comments section) noted:

“…wait, someone had to remind him that he forgot that you’d already written about it previously?”

So wait….someone over there knew (or knows) we already covered this after I found it - but the main blog entry (which from experience is the only thing anybody visiting for the hot new thing you found will read) doesn’t carry any sort of update / notice crediting FaceTime for the initial find?

Man, that sucks. Especially when Spywareguide, Vitalsecurity.org and all those news sites above have feeds and syndication galore, so it’s not like I’m just making this up or that information was hard to come by.

What’s particularly galling here is that once I made the initial find (and joined the dots that someone was specifically targetting Myspace band pages) I have spent hours….and hours….of spare time tracking down as many hacked bands as I could, have engaged in lengthy Email dialogue with them, helped them to fix up their pages, given advice on what to do next, warned other bands about the problem, assisted them in getting somewhere (hah!) with Myspace.

In addition to that, a handful of FaceTime researchers worked more than they should have on this while I tried to clean up as many hacked profiles as possible - and now, basically, all their hard work - and the work of anyone else involved - is erased, and cancelled out, and replaced by someone making the amazing discovery that Alicia Keys’ page was hacked.

For what it’s worth, finding her profile was hacked would likely have been a case of clicking into each of the top rated artists on the “top rated artists page” and then saying BINGO.

I mean, let’s stop for a second and run that back.

This is now super mainstream news, purely because Alicia Keys had her Myspace page hacked.

Question. How many people out there think Alicia Keys herself has ever logged into her Myspace profile?

Or, do you think it more likely that PR flaks and street team flunkies do that for her? I’m seeing headlines popping up with “Alicia Keys, victim!” all over the place.

Is that supposed to be a joke?

HERE are your victims, for Gods sake. You know, the bands who ACTUALLY USE MYSPACE and have lost all their contacts, music plays, pagecount and all the other random crap that proves they have worth in that social community - because apparently, Myspace will only undelete your page if you happen to be an extremely rich musician who has likely never used Myspace A DAY IN HER LIFE.

So yeah, I’m pretty annoyed. Annoyed at the lack….no, that’s not right….the removal of credit, annoyed because the real victims are now going to be forgotten about in a pile of SAVE ALICIA KEYS, OH GOD NO, and - more importantly - I’m extremely annoyed because Myspace have uttered their (completely useless) declaration that “the problem is now fixed”, when we can clearly see this is total and utter nonsense.

Meanwhile, a whole bunch of people are posting to my site and emailing me to say they’ve left comments on the Exploit Prevention Labs Blog to say “Chris Boyd found this”, Or “FaceTime discovered this a week ago” or whatever.

As of yet, I don’t see any of those posts appearing on the site, nor do I see any acknowledgement of where this was first discovered. Why am I so concerned here?

Well, look at it this way.

Sometimes, security companies - or researchers - or random individuals, or whoever - all find something interesting at the same time. Then it turns into a mad dash - who can blog it the quickest, who can put in their database the fastest, who can notify who the speediest. And if you get pipped at the post, then fine. That’s the way it goes, better luck next time.

It’s part of the excitement. That’s cool.

But here we have something that we discovered…..then blogged…..then put in a database…..then watched as it jumped all over mainstream tech websites while I continued to blog about it here, here, here, here, here and here.

And then NINE DAYS LATER from the original outing of this scam someone comes along with the exact same information as you, and the only thing that has changed is that a placeholder- subsitute page for a real human being has been hacked and now they’re happily claiming credit for finding this exploit?

No way, man. That’s some sort of revisionism stretched to the point of insanity. Are we to take it that someone can now write about something and then weeks later, someone else can turn up and say everything you said and wipe your part in the proceedings from the tale?

That can’t be right.

/ Addendum - Thanks.

…..nah.

Forget the Odessa Steps, forget the what-is-real cinematography of Rashomon, don’t bother me with Rosebuds or Full of Stars or three minute opening shots minus music and credits. The greatest pulse-pounding sequence in cinematic history is the Hawkman attack on Rocketship Ajax, and I’ll yell “Go Flash, GO!” at any man who disagrees. And yes, I do equate cartwheeling space-gypsies firing laser cannons, multicolour midgets in gimp costumes and Brian Blessed wearing rubber wings with the current state of Myspace.

Because that’s how I roll.

I just saw a band called Joy in Tomorrow and, well, they’re not too joyful at the moment.

“So, the other night we get online to sign-in and check our myspace account only to find out that it’s gone. Yes, that’s right, gone!!! No friendly email, no warning, no nothing, gone! After endless attempts to contact myspace and find out what in the world happened, we have decided to start over. It’s pretty much the worst day of our lives.

> 40,000+ FRIENDS
> over 160,000 plays
> endless media, contacts and resources

ALL GONE.

Could they not have sent us an email??? You know, something like… “Did you know your account is being used for spam and worthy of being deleted?” “Umm, no, actually we didn’t. Thanks so much for telling us. We’ll just change our password and solve this immediately.”

Ohhh… The Wonderful Land of “What If’s”.

Thanks myspace and whoever hacked our account. We really appreciate it. Our lawyer will be contacting you shortly.

Sincerely,

Joy In Tomorrow”

Meanwhile, the Myspace guy I was told to contact as he was responsible for bands and all that other stuff has, so far, replied to absolutely nothing that I’ve sent him. I don’t know whether the whole head in the sand thing works for you, but me?

Not so good. And we don’t even have 14 hours left to save the Earth…

Today was weird. All this time during the band pages on Myspace being whacked, nobody ever seemed to know exactly what had happened with regards their mangled Myspace page. Was it Phishing? Hacking? Mind control? A combination of all three?

Someone, somewhere in a band who’d been whacked would know some specifics. The problem was, trying to find that random individual. More than a fortnight with no luck. And then today, just like that, everything changed.

First I got a friend request from a band on Myspace, Seagull Strange - then we exchanged a few PMs where I asked them if they had any idea what had happened to their page. You might recall I mentioned them a week or so ago - their page was carrying one of the redirects to the Chinese domain pushing fake media codecs.

Well, some guy out of the band told me this:

“Yes actually it wasn’t a hack at all but an XSS attack. The XSS automatically posted additional CSS via javascript which replaced all <> tags on the page with the target pointing to their server. The script was called by being logged in as us and one of our band members clicking a link from an affected page. Hackers just don’t hack myspace anymore. Short of social engineering the attack or guessing security responses and passwords it’s just too tight. As the code is very simple and uses an exploit in CSS it isn’t actually myspaces fault. Short of myspace banning all custom CSS code it isn’t going to go away. Regards Seagull Strange”

Now, if what they’re saying is correct - that the page is hijacked purely through clicking a link while logged in - then I would quibble over how someone using a cross site scripting attack to automatically overwrite tags on a page supposedly isn’t classed as “hacking” - or how Myspace is supposedly “tight” (remember the Quicktime Worm attacks and how the security team responsible for “fixing” the problem was,like 3 outsourced guys with no support?) - or how the people likely behind this (professional hackers via the Russian Business Network) don’t somehow qualify as “hackers targeting Myspace” but whatever. The point is, someone has come out with some information that’s actually useful, and point to something potentially other than “It’s all down to Phishing. We think”.

However.

At around the same time the above was sending me messaged signed “Regards, Seagull Strange” - I’m zinged by a Google Alert aaaaand…..

Here is (what I assume is the same guy, though I could be wrong) attempting to tear me a new one on his LiveJournal page.

That’s pretty…..weird. Right?

Meh, whatever.

Update - Looks like the page got deleted, probably due to the fact he noticed I posted a comment there. Here’s a screenshot instead.

Yes, yes he is. And you might want to look out the window because the tooth fairy just flew past on rocket powered rollerboots.

If you go a wandering through the video section of Myspace, you might see the following message posted onto a bunch of pages (that really, really is from Myspace Tom. No, honest, it is. Remember the tooth fairy).

Click the link, and have a nice serving of secret page action heading your way:

…yes kids, that’s right. Myspace Tom is going to let you look at all the secret, hidden naked pictures 16 year olds stick on their private Myspace photo galleries or whatever. And “enjoy this privilege, because it will never be available again after the security overhaul!” More crapulence:

To get your grubby mitts on private information, all you do is enter the friend ID of the person you want to check out into the box.

Do you think this is going to work?

……doh.

This stuff is just writing itself at the moment. From the Ultimate Staffing page:

“MySpace.com Abuse Specialist $14 + Benefits!!!

You’ve heard of the website……You use the website…You love the website…
Now be a part of their team!!!!

MySpace is currently partnering with Ultimate Staffing to bring to you this exciting career opportunity!!

Abuse Specialist

Overview

The MySpace Abuse Team handles all incoming phishing, spamming and hacking related reports.

Job Duties

Abuse Specialists oversee spam complaints from users and networks emailed directly to the Abuse mailbox, remove infringing Ebay auctions that misuse the MySpace trademark, removing phishing sites and notifying victims of phishing abuse, pursuing spammers and having their affiliate accounts/websites removed, and handling hacking complaints.

Qualifications
* Technically savvy with experience with Microsoft Office, including Outlook, Word, Excel
* Strong understanding of the Internet and social networking
* Must have excellent understanding of web hosting, network operations, DNS, scripting
* Knowledge of HTML, Javascript, ability to perform front end coding
* Able to manage multiple priorities
* Minimum 1-2 years work experience

All candidates must be able to pass a criminal background investigation to be considered for this opportunity!!
Must work one weekend day (Saturday or Sunday) every week

We are a 24 hour a day/7 day a week operation at MySpace, we are currently hiring for Graveyard shifts only! .

Graveyard shift is from 11:00pm to 8:00am”

…….please God, no more. Hat tip to LoLo, who is awesome.

Yep, Time.com just covered the whole Myspace hacking thing (note that its the second top story on Time.com, behind Decapitation: Mafia Adaptation which is quite possibly the greatest headline ever). However, what I want to do is focus on just one portion of the article - specifically, the bit where some guy from Myspace says a bunch of stuff. Pay attention, now:

“Her profile was phished,” says Nigam, “which means that whoever is managing her site probably input their user name and password where they shouldn’t have,”

“Her” refers to Alicia Keys. So again, Myspace are going with the phishing angle. But wait - further down the page….

“MySpace says it has discovered and removed links to the same Chinese site embedded on up to 50 other pages, but declined to identify which pages had been infected.”

This is a spectacular own goal. Why?

Well, look at it this way. Myspace freely admit they fixed 50 pages - so in addition to the 25 or so I already found, and in addition to the total that whoever else, from Sunbelt to Roger Thompson, also came across, and in addition to the still undiscovered pages out there that carry this hijack - they still expect us to believe all of those pages got phished in the space of a week or so?

That something in excess of 70 or 80+ pages related to bands ALL GOT PHISHED in the space of a week or two because every single person running those pages suddenly got hit with the stupid stick and clicked a bogus login link? That bands who were unfortunate to get hacked TWICE IN A WEEK were crazy enough to get phished once, then TWICE?

Sorry man, I know ten year olds on Myspace who don’t get stung like that.

Phish scams on Myspace are pretty rampant - but every single band I have spoken to swears blind they didn’t click a stupid link, or got sent a spurious email, or handed over their credit cards to the wallet inspector, and I believe them. What’s more, nobody (as yet) seems to have a single shred of evidence as to these phantom phish links. Where are they? Why hasn’t anyone seen one? When are we going to make a definite link between phishing and band hacks?

And the other reason why this is a spectacular own goal? Well, fifty compromised pages is a lot of potential traffic to a hijack website. Three pages alone had in excess of 8,000 friends. So with that in mind, I find this whole idea of keeping those hacked pages under wraps to be vaguely irresponsible. Rather than take another press hit - because it’s entirely possible that any of the fifty fixed pages could be for major artists - Myspace would rather drop the cloak of anonymity.

That’s great, except it leaves anyone who might have visited a band page in the last week or so completely in the dark as to whether or not they need to run a few antispyware scans. The final nail in the coffin is that Myspace seem incapable of blocking / filtering out two or three Chinese URLs.

Well done Myspace, a winner is most definitely you.

….well, not really. The observant amongst you will have noticed the screencap above is simply lifted from that terrible ballad she did - you know the one, where she dreams about killing herself in the bath or something and she’s running through what looks like the corridors of a Nuthouse in a white floaty shirt - and combined with OMG NUDE!!! text for wintastic results…..of a phishy kind.

….yes, you must be logged in to view the video. Now if you’ll excuse me, I’ll go roll my eyes a few times.

Well, that was weird. First I read about someone else discovering the recent attack on Myspace Band pages (even though I’ve been banging on about it since the 31st of October), and then I read this wonderful quote from Myspace via the above article:

“MySpace said it had already taken care of the problem.

“Individuals who try to phish our members are violating the law and are not welcome on MySpace. We have blocked and removed the source of this phishing attempt and restored the profile,” a MySpace spokesperson said by e-mail.”

Yes, of course you have. By the way, here’s a (still redirecting) profile:

…and here’s the Codec install that (apparently) has “been fixed”, even though clicking the above profile will take you to this:

…but wait, I hear you cry! They weren’t talking about fixing the whole problem! They just meant Alicia Keys Myspace page!

A pity, then, that her page has BEEN HACKED AGAIN:

Note the redirect in the bottom left hand corner.

All the screenshots above were taken in the last few hours (or in the case of Alicia, minutes).

Myspace - please try harder.

/ Update - JetKing wade into the fray once more here, and it’s frankly outrageous that you can only seemingly have your profile “restored” if you happen to be Alicia Keys. Everyone else has to suffer the fate of having to set up your profile from scratch.

If it’s any consolation to everyone that had to set up new profiles, on the bright side, they didn’t seem to do a very good job restoring Alicia…

I had the strange realisation yesterday that, up to this point, nobody has actually asked one of the bands affected by the recent Myspace hacks what THEY thought about the whole situation.

Cue JetKing.

And man, they’re pretty angry.

“Vaughn Atkinson, guitarist with the band JetKing, said he spent a few days trying to get MySpace administrators to restore his band’s page from backup, without success. “It’s messed with a lot of our networking with promoters and venues,” he said in an interview. “It’s important to a band’s credibility … if you have all that data wiped out, you are kind of back to square one in the eyes of people.”

See, this is what people aren’t really considering here - something as silly as a Myspace page actually has some real-world worth, and there is indeed a real-world price to pay because of these mindless hacks. As someone who has a background in music (and yes, a clandestine music involvement to this day) I can tell you that there are a lot of features available to you if you have a band page for networking, promoting, even placing links to all of your upcoming shows via a calendar thingy that takes you to the place where you buy tickets and stuff.

You can do all sorts of things, and it’s actually an extremely useful tool in the upcoming (or even established) artists weaponry.

So you can imagine how angry a lot of these bands are when they’ve gone and built that complex network of friends, people who spread the word about their music, promoters, upcoming shows and a lot more besides and then…….

……whoops. No more Myspace page.

Worse, Myspace then refuse to re-create their profile. Now, this is the standard BS regular users get palmed off with - the old “we can’t do it, sorry “excuse”. Now okay, the regular Myspace user probably doesn’t use their page as an alternative method of generating some income besides regular methods of promotion. So if your page gets hosed and you get lumbered with a big fat “no restore”, then it isn’t the end of the world.

But to slap away a lot of the bands recently hacked with this same garbage is just unacceptable.

Didn’t Myspace UK launch because “Clearly the first place to go is music, so we will tap into the music scene”? But wait, there’s more:

“Hopefully they’ll want to market through Myspace and we’ll tap into the local events scene, parties, clubs, artists, film makers, television producers, so I think it’s going to grow pretty rapidly”.

Huh. Well call me crazy, but I can’t see many people in the UK music industry - or any other industry, for that matter - sticking around on Myspace very long when they’re treated like crap. ALL the bands recently hacked, regardless of point of origin, have been handled poorly with hopeless support mails, pleas for help ignored and no action taken against the people doing this because “You need a subpoena!!”

Whatever. I’ve said repeatedly that this “Get lost, bands” approach is going to generate a fair amount of bad feeling and, you know, I think I have a valid point here. Time for another JetKing quote:

“Vaughn said he and other musicians were unhappy that MySpace had been unable to restore their profiles. “Everyone’s resigned themselves to the fact that MySpace has done absolutely nothing,” he said. “I’m sure if we were a big band like Coldplay or Michael Jackson, they’d have done it in five minutes.”

….well, the warning signs are there, Myspace. I just wonder if anyone is listening.

…this time, “Passarounders” are the lucky victims (nice hat though). Does this problem need fixing much?

As of about five minutes ago, here’s a record label….

and here’s a fairly well known Scottish Music Newspaper site:

And here’s another one….

For what it’s worth, the combined total of friends on the list of a freebie newspaper, a record label with a PO Box and some random band is 8,829 which is a scary amount of traffic for a bunch of pages related to labels and bands you’ve probably never heard of. The redirect STILL works, and this is the ORIGINAL co8vd.cn domain I’m talking about here, not the Acilot.cn URL they replaced it with.

Myspace can no longer simply claim ALL of these bands fell prey to Phishing attacks.

This is patently a nonsense. What - an endless stream of bands, record labels, music newspapers and producers all woke up yesterday and forgot what the real Myspace website looks like?

Give me a break.

You know a site has got problems when the only surefire solution to not be subjected to hack attacks and dubious redirects is to not use it.

But that’s currently where we are. Well played, Myspace.

Also, has anyone else out there noticed there seems to be a high proportion of Scottish pages hacked in all this? All of the above - Scottish. The Dykeenies? Scottish. A bunch of the other bands I saw that were hacked were Scottish too.

But what on Earth could the Scots have done to annoy the Chinese this bad? Weird…

….and if you’ve never done that, you’ll probably consider it after reading the following. Vaughn from JetKing finally had some response from Myspace - unfortunately, I can’t say I’m too impressed with what they got back and it speaks volumes for why people can get away with whatever they feel like online. Vaughn asked them to provide details of the IP addresses that logged into the bands account in the last 7 days - better than nothing, right? However, this is what they got back:

“For the IP addresses, my apologies however I cannot give those out without a subpoena sent to our law enforcement division. If you need those, please contact an authority, and have them request to (address removed) any information that you are seeking.”

Myspace make two key mistakes here - number one, is that they assume someone from “an authority” knows what the Hell they are doing. Let me just say right here, Myspace are living in a dreamworld if they think a band whose profile has been hacked is going to just magically have a contact “in authority” who knows what the Hell they’re talking about.

Number two, is that by brushing the band in question off with a “go to the police, lol” (with no mention of what they’re actually doing about this) it seems to pretty much nail home the point that their entire contingency plan for this involves

1) Lying in a ditch and
2) Hoping the magical interweb fairy will come and fix the problem for them.

How utterly tiresome. If this keeps up much longer, I can’t really see many bands wanting to stick with the hassle of watching their profiles infect computers by the dozen while sending out mails about penis extensions.

Hey Myspace, when are you going to do something?

….in which I compile a list of articles that make up a huge slab of pressure on Myspace to do something about all these bands getting their pages taken over and redirecting people to garbage.

Mass syndication, attack!

FIX THIS FIX THIS FIX THIS FIX THIS FIX THIS FIX THIS FIX THIS FIX THIS FIX THIS FIX THIS FIX THIS FIX THIS

What’s that? You want some more? Oh, okay then.

Have at thee, Register! Zim Zala Bim, SecurityProNews! Tear em’ a new one, SCMagazine!

Not had enough yet? Okay then, try this on for size. Nine hundred identical articles, go!

FIX THIS FIX THIS FIX THIS FIX THIS FIX THIS FIX THIS FIX THIS FIX THIS FIX THIS FIX THIS FIX THIS FIX THIS

Well, let’s see if we can roll out some dude from Myspace - perhaps an interview with the mighty Spiegel.de? Click here for a translation, kids. And wait, what’s this - do we see someone from Myspace emerge to bat away accusations of mass craziness on their website?

Why yes, we do.

Joel Berger, Myspace Germany CEO sez, ongoing investigation, can’t reveal any info, working with the authorities, blah blah etc etc.

They still resolutely maintain this is down to phishing, too.

So, the heat is on. The cracks are showing. The pressure is mounting.

Shall we turn things up to Eleven now? Stay tuned….

Amazon’s Alexa traffic reporting service has little credibility left among people who follow traffic trends. Most analytics services, like Comscore, don’t measure small sites well, but they tend to get it right for the larger sites. Alexa seems to get everything wrong, no matter how large or small the site.

Example: In August Alexa said that YouTube passed Google itself in total page views. They were wrong, but their data continues to perpetuate this alternate reality.

Now, another embarrassing error. Alexa says that Facebook, on a steady growth curve for the last two years, now has a larger audience than MySpace. This isn’t as ridiculous as the YouTube/Google error, but it’s still way off. Comscore says that worldwide MySpace uniques are 109 million/month, whereas Facebook is at 86 million. Compete.com, which measures traffic using similar techniques as Alexa, stills says that MySpace is larger than Facebook.

Thanks for the tip Mark.

Crunch Network: CrunchBoard because it’s time for you to find a new Job2.0

Can’t see the video?

There’s a good bit of hubbub about Google News offering comments from story subjects and then walling them off. But is this walled garden approach really all that shocking?
What’s shocking is that Google hasn’t tried to wall everything off yet. Michael Arrington calls Google News’ latest experiment hypocrisy. And he’s right. Techmeme has […]