Tongue-in-cheek campaign targets social networking site.
Social networking giant Myspace.com has become the latest company targeted by a "month of bugs" project.
The project is officially known as the "Month of MySpace Bugs, Yuss! " or MOMBY for short. The project is run by a pair of security researchers using the aliases "Mondo Armando" and "Müstachio."
Previous "months of bugs" have targeted everything from Mac OS X to PHP. As the name suggests, the projects aim to disclose a new vulnerability every day for an entire month. This latest effort, however, takes as many swipes at other "month of bugs" projects as the target itself.
"Months of Bug are annoying, so rather than suffering through another, we figured it'd be better to just create our own where we could at least direct the content a little," said Mondo Armando in the "official announcement" of the project.
The pair decided on targeting Myspace for a variety or reasons, including both its substantial user base and, they say, because "Months of Bugs are whiny, attention-seeking ploys for acceptance. Myspace's design use is to enable whiny, attention-seeking ploys for acceptance."
The project will take place in April and will be run from a special LiveJournal blog, or at an alternate site should the account be revoked by LiveJournal owner SixApart.
"Most of what we intend to publish are silly XSS/misleading CSS style bugs that Myspace users may actually be able to use for a little while, and that involve only Myspace.com stuff," wrote Armando.
The pair is also asking fellow researchers to contribute their own bugs to MOMBY, requesting details and working proof-of-concept samples.
Mondo Armando and Müstachio may not need to search too hard for content in the first few days. On Monday both F-Secure and Sunbelt Software alerted users to a pair of security hazards currently making the rounds on Myspace.
One bug, according to F-Secure, uses a QuickTime vulnerability to steal user information. The other attack uses fake MySpace profile pages to trick users into downloading adware programs disguised as video plug-ins, said Sunbelt.