M.O.M.B.Y! (![[info]](http://p-stat.livejournal.com/img/userinfo.gif){kind=small} momby) wrote,@ 2007-03-15 21:36:00 |
|
| Current mood: |  energetic |
| Entry tags: | bugs, momby, mypsace, myspace, overflows, whatever, xss |
OFFICIAL ANNOUNCEMENT: April 2007 is the Month of Myspace Bugs, Yuss!
April, 2007, will be designated the "Month of Myspace Bugs, Yuss!" Reasons:
- Myspace is important, in that there are a bazillion users and a kajillion dollars involved.
- "Months of Bugs" are whiny, attention-seeking ploys for acceptance. Myspace's design use is to enable whiny, attention-seeking ploys for acceptance.
- "Months of Bugs" are annoying, so rather than suffering through another, we figured it'd be better to just create our own where we could at least direct the content a little.
And now the FAQ.
I have a bug that I told Myspace about but they never fixed it. Want it?
Yes! I mean, Yuss! Send it to mondo_armando@catholic.org and let us know:
- When you discovered it, if you already told Myspace, and when you did that. If not, then say so, too. If we have to guess, well, fine.
- If you have a proof of concept (PoC) already put together, tell us how to repro it so we can clearly demo it using a dummy account. If you don't have a PoC, make us believe it works without making us go through a lot of hoops.
- If you want credit, and if so, to whom, and be explicit. If you want credit to "loser@gmoneyvulns.org" or "G. Money Vulnman" or "gopher://gmoneyvulns.org," or all three, then tell us, and maybe we'll get it right. If we accidentally reveal your superhero identity, well, sorry. Get a new one. We did.
Or, just forget all that and just post it as a comment of http://momby.livejournal.com. Do try to keep the salient info together (when you found it, a link to a reasonable PoC, etc.) This probably means you need a livejournal account, of course.
What Bugs Will We Accept?
While heap overflows and format strings and integer wraps are great and everything, we don't intend to have too many "real" bugs. Most of what we intend to publish are silly XSS/misleading CSS style bugs that Myspace users may actually be able to use for a little while, and that involve only Myspace.com stuff. But in the end, the only requirement is that all bugs posted as part of MOMBY must have an attached PoC that touches Myspace.com, somewhere. So, browser bugs, Flash bugs, QT bugs, all are fine, even though they're third party. Bugs in myspace skinning services or whatever is ideal, especially if most users would blame Myspace for the problem.
And finally, old bugs are fine, if they have a myspace application (and are unpatched). We will almost certainly recycle, should we come up with applicable techniques that involve teh mypsace.
Who's this "We?"
Me: Mondo Armando. Him: Müstaschio. The details of our lives are quite inconsequential.
Is this Gay as Hell?
Yes. But! If it ends up being just as lame as the Month of Apple Bugs, then we haven't really missed the mark. If it's funnier, then great. If it kills this Month of Whatever fad, then hurray for everyone, it's over.
How can I most effectively ignore you?
Add mondo_armando@catholic.org to your favorite anti-spam engine, and add http://momby.livejournal.com/ to your proxy blacklist.
When are you starting?
Were you not paying attention? April 1, 2007. Yes, we know. No, it's serious. No, not really.What's your press contact info?
E-mail mondo_armando@catholic.org your name and publication, and one of us probably already knows you if you're a tech writer who's been around the block. We will get back to you, usually near the evenings Eastern US time.
Update on press contacts
Our phone/skype situation is dicey, so it looks like IM will be the way to go. Or, if you're not working on a particular deadline, we are open to answering questions, and answering followups, via e-mail. All the quotes you've seen in so far have been generated by these "e-mail interviews."
About our jackbooted censorship policy
Apparently, some people believe it takes several repetitions of "you're a faggot!" and "this is stupid!" to convince us of these valid, though somewhat obvious, points of view. We respectfully disagree. If we/our readers wanted to read dozens of the same go-to-hell comment worded slighly differently, they can go to slashdot and fling their poo there.
