The month of MySpace Bugs is fast approaching. It’s targeted to begin April 1st (and no, it’s not a joke). Mondo Armando and Mustachio (not their real names, as you may have already guessed) are planning on releasing one or more vulnerabilities in the site per day as sort of a dig at the month of bugs stuff as well as a dig at MySpace who apparently they dislike. I’ve talked with Mondo and actually sent a few bugs over myself, so at minimum they’ll have a few bugs!
I think month of bugs are actually a great thing in a lot of ways. Primarily they raise awareness of the issues. The PHP month of bugs has really raised people’s awareness of how flawed certain things are in PHP and forced a lot of upgrades. You saw what happened in the month of browser bugs and now we are here. Although the month of MySpace bugs is a joke in a lot of ways, it does raise the real issue that a determined attacker can find 30 or more vulnerabilities in a system in a relatively short period of time, raising some real questions about the state of security of even the largest enterprises out there. And it’s not like this is the first time in MySpace’s history that they have been hit, so it’s not like they aren’t warned of the risks ahead of time. It should be interesting to watch. There’s more on this thread and Mondo himself posted to sla.ckers if anyone’s interested.