Yes, it's quite page view inducing to pimp a headline about how pedophiles are secretly grabbing the private photos of underage kids to populate ad-supported sites with illicit images of your children. So much so that it must be tempting for all the so called tech bloggers out there to pull a quote or two from the original story, and re-post it as news. The only problem is, it's not exactly true.
First let's be clear about this. There are all KINDS of crazy, evil perverts out there dreaming their evil thoughts. We're not saying that there aren't plenty of problems with the newly deposed king of the socialz either. However...
Item One: There have been many exploits along the lines of 'replace friend ID in URL' that would let users see things like friend lists, photos and the like. But the method reported on by Wired and subsequently Mashable... was one that had been plugged for months. However it was relayed via their posting as if the story on Mashable had caused MySpce to run and plug that hole immediately in a 24 hour period. This was simply not the case.
Item Two: The best evidence of the general lack of understanding regarding this exploit, on the part of the so-called tech blog-verse is the fact that both sites reported it incorrectly. Perhaps they were trying to not tip off would be perverts, but in the comment section of the first story posted at Mashable, writer Mark Hopkins made this statement:
"I don't know any folks under-age for me to try it on, but I did give it
a shot on several of my own friend's profiles, and it seemed to work as
described."
To be very specific, this had to be someone who had their profile set to PRIVATE but had PUBLIC photo albums. Being underage has nothing to do with it... except that MS users under 16 default to private profiles. Regardless, 'not knowing' any underage people has zero relation to this issue. You can browse or search and find an underage user easily. However this applied, as stated, to private profiles with public albums. His very specific statement shows clearly that he just misunderstood the nature of the exploit. If you are already friends with someone, replacing your friend ID with theirs in the URL is the same as clicking on the 'pics' link. No l33t skillz required there.
Anyone who works in online security has been aware for a while that this one was plugged in early 07, thank goodness.
So there is simply a fundamental misunderstanding of what's being reported. This could be solved by the people reporting on it actually being users of the sites they cover, or at least putting in some research time on the specific issue.
Of course though, this item was dutifully picked up by ABC News and many other major outlets and people got to be all indignant about how awful this is... which harbors a far MORE evil result - namely that other, worse exploits are STILL EXTANT and being thoroughly ignored by the same bloggers and reporters.
If the issue is child safety, instead of increasing your ad revenue - then why not do the full story instead of ctrl-v-ing your way through it?
This issue spurred the resurrection of zomgpwn! and we will be reporting on it as much as possible in the near future. Stay tuned...
Franky we're not huge fans of Daily Kos, and it has nothing to do with our political quirks. It has more to do with their wonky scripting and heavy-ass page loads. Sometimes we DO like to check who's contributing though since Markos seems to be able to tap into a certain vein of the zeitgeist that we admire to an extent. 
