MySpace Worm Creator Sentenced

Found on Slashdot on Saturday, 03 February 2007

Remember Samy? The creator of the infamous worm was unfortunate enough to be the the target in MySpace's latest litigation. As was said in the earlier story, the script was "written for fun" and caused no damage. The source and technical explanation for the "attack" was not even released until after MySpace had patched the vulnerability. Apparently this was enough to get the 20 year old (19 at the time of writing the worm) three years of probation, three months of community service, pay restitution to MySpace and is also banned from the Internet. Clearly, disclosing security vulnerabilities doesn't pay.

Now this article is a little misleading: it wasn't a traditional disclosure. Instead, Samy released a (basically) harmless worm. Nevertheless, this raises questions about how companies handle disclosures, workaround and such. Some simply ignore those reports while others hand out DMCA papers to gag the researchers. Obviously all this won't make their code more secure; if anything, those who find bugs might consider selling them to phishers, scammers and spammers instead.

Browse all articles« Previous « » Next »