UPDATE. 17-Sep-2007
So I started a fake myspace account (yes one of millions) to test out what was going on. It turned out to continually gobble up my post, but I tried various approaches, and think I have come to a conclusion.
It wasnt talking about MySpace security, or posting links into a bulletin. It seems that everytime I put the URL rnyspacelogin.com into a bulletin it was automagically swallowed up.
I have mixed feelings about this, since obviously my post was out there to warn people and wasn't allowed through, however, I can also see how they were blocking that domain from being distributed any further, once they were aware of it.
I also noticed my friends account was restored pretty quickly, and I'm guessing they also blacklisted any emails with that domain as well as bulletins. It may just be nice for them to send some kind of a warning that your bulletin or email was censored due to a questionable URL or something.
So yesterday i tried sending a bulletin entitiled "MYSPACE HACK ALERT" after I got an email from a "friend", who had obviously suffered the misfortune of having her myspace username and password stolen by a phishing attack. This "friend" sent me an email that showed a video ready to be played, but upon clicking took me to a phishing site cleverly called "rnyspacelogin.com".
Fortunately, I think the general public is getting better about noticing these types of attacks and I commend MySpace as well as Yahoo and other sites for helping bring this to the forefront of their users attention. Still, after reporting the phishing attack to MySpace, I decided to send out a quick bulletin informing all of my friends about the attack and to be careful.
Checking back 10-15 minutes later, I noticed that my bulletin had not posted. My other friends had bulletins posting in the same time period. I checked my sent bulletins, still nothing there. I decided it was a glitch and reposted with the same title "MYSPACE HACK ALERT". 10-15 minutes later, same result, the bulletin vanished into the ether and my myspace friends were nonetheless informed.
The third time I decided to post my same message to my myspace blog, and fortunately it did stick there, (for how long we'll see). Then I went back to bulletin board and put up a different message with a different title announcing "New security blog", while putting spaces and misspellings in the words "myspace" and "hack", so as to maybe not be picked up by an automatic scan-and-dump message system with negative things regarding myspace security.
Surprisingly, my bulletin posted right away.
Obviously, Myspace is monitoring, censoring and just dumping bulletins that their automated rules say should not be part of their myspace community. Funny how I thought social networking was more about "our" community than "their" community.
At the same time, this should not shock me, as I'm sure they do have to have some kind of rules in place to monitor and prevent bulletins being sent out about porn, illegal activities and any number of other things that they do not want their company portraying. However, my message was none of the sort and was to help the community be safer. Maybe their rules picked it up as a negative post about Myspace and the fact that it was being hacked (which is the wrong term for this instance and nothing that is their fault - but a term the general public understands better).
This could be much like the case where it had GoDaddy shutdown the entire secslist.org site
back in January, because the names of 56,000 users and passwords had been leaked on one of their pages (not to mention tons of other sites - that I guess had registrars that would not bend over backward for MySpace, instead of having them take appropiate channels).
Here are the two messages I posted, the first of which disappeared into the nether, the second of which did get posted.
Deleted Message
Title: "MYSPACE HACK ALERT".
One of my "friends" must have had her account taken over and she just sent me a message that contained a video. Upon clicking the video to "play" it, it pretends to boot you out of myspace and ask you to login.
WATCH THE URL when you login.
This particular URL is "rnyspacelogin.com" and they are trying to STEAL your login information.
My friend probably lost her account this same way and now they are using it to collect more passwords. A similar attack that was done several months ago and collected 56,000 logins.
Please be careful. Do not use your myspace password for any other application including your bank and email passwords. Myspace has alot of attackers, and once they get into your email or bank records you'll think losing your myspace page was a walk in the park.
For those of you wanting more information I did a presentation that included phishing and other basic things you can do to surf the web with more security. You can get to it by going to
http://www.cheyennejack.com/video/security
Please feel free to repost so your friends don't lose their accounts as well.
Successful Message
Title: "New security blog".
Apparently M y s p a c 3 keeps scanning the bulletins that I've been trying to send out about a new haq attack I noticed on here today, since none of my bulletins have mysteriously posted.
Anyhow, I just added a new blog about it, so make sure to be careful where you log in always and you can read my blog to find out what the latest problem was, that is until they take that down too.
Maybe with mispelling a few things, this one will actually get posted.
I guess it just goes to show that despite the new more transparent social web, there is still an entrenched old school desire to maintain an impeccable granite image to the public wherever they possibly can. The new WikiScanner debaucle shows this as very evident with companies like Diebold and Wal-mart already found to be editing their own wiki pages with more positive content, or just deleting negative impacting material.
We live in interesting times as the old guard has to learn how to co-exist with the new guard. Maybe Elton John was right, maybe we do need to shut down this internet thing for 5 years or so.
0 comments - Posted by cheyennejack at 6:00 PM - Categories: Social Networking
