By Alice Hill
RealTechNews
The website MySpace is definitely the site du-jour for mostly single people looking to connect online. A wily hacker decided that the fastest way to get popular would be to unleash a harmless little Javascript code and load up on the friends. By exploiting the HERO function of MySpace he went from zero to a HERO so quickly it shut down the service. Here’s what he had to report:
If I can become their friend…if I can become their hero…then why can’t their friends become my friend…my hero. I can propagate the program to their profile, can’t I. If someone views my profile and gets this program added to their profile, that means anyone who views THEIR profile also adds me as a friend and hero, and then anyone who hits THOSE people’s profiles add me as a friend and hero… So if 5 people viewed my profile, that’s 5 new friends. If 5 people viewed each of their profiles, that’s 25 more new friends. And after that, well, that’s when things get difficult. The math, I mean.
5 hours later, 6:20 pm: I timidly go to my profile to view the friend requests. 2,503 friends. 917,084 friend requests. I refresh three seconds later. 918,268. I refresh three seconds later. 919,665 (screenshot below). A few minutes later, I refresh. 1,005,831.
I have hit 1,000,000+ users. In less than 20 hours, I’ve hit over 1/35th of all myspace users. Every request is from a unique, living, and logged in user. I refresh once more and now see nothing but a message that my profile is down for maintenance. I messed up, didn’t I. I’m now more afraid and decide I am never doing anything even near illegal ever again
http://www.realtechnews.com/posts/1957
