myspace #2: above all, suck less

I spoke too soon about being happy with my Myspace profile because I had reduced it to a carrier for links back to sites that I own. Myspace has disabled the link from there to here with a stern warning that You have reached a link that is no longer in service. That means the link was very naughty, and, much like head lice, had to be eliminated before it spread. The explanation is that this site is spam, phishing or malware. There’s no help link or method to appeal, so this is not reversible. Myspace users can’t link to this site.

Tip to Myspace security team: above all, suck less. I understand that you have to deal with security threats to Myspace users, but this means you have to be skilled and clever, not clumsy and stupid. I am not an attacker, I am a user. By turning your malware detectors up so high that they mis-categorized this vanilla wordpress install as a malware site, your detectors are causing damage to the application.

It’s a tribute to Myspace’s few strengths that they can be so staggeringly bad at their work and stay on top of the social networking field.


Update: I added a redirecting intermediary to the link and Myspace isn’t yet blocking it. If their mis-designed software isn’t also mis-implemented, though, it will catch up. Not that this time delay means that a real attacker could easily stay ahead of Myspace’s crawler; it’s only non-attackers who get caught in the trap.


To learn more about Myspace’s security strategy here, see Netcraft’s blog on msplinks.com:

MySpace started using the msplinks.com site last year, in a bid to protect its users against spamming and phishing attacks. When users added a link into MySpace, the URL would be replaced with a link to msplinks.com, which would then redirect to the intended URL. This gave MySpace greater control over the links that originated from their site, allowing them to disable the links if they are found to point to spam, viruses or phishing sites.