So I log in to MySpace, as I usually do once a week just to check on it, and I find that there's a note up about the spam bulletins and comments that have been posted in my name--I thought it was just that MySpace security was the equivalent of protecting Fort Knox with a mighty wall of damp Kleenex, but I guess it's more interesting than that. Apparently password phishers have been redirecting people to trojan pages that look like the MySpace login using Flash. Then they take your password and use it to send messages about dating sites to other people. Which is ten kinds of awesome.
But let's make one thing clear: while it is true that most web-based applications are vulnerable to this kind of thing, and while MySpace can't necessarily be blamed for a weakness in Flash, the fact of the matter is that people wouldn't have fallen for this scam nearly as easily if MySpace weren't a buggy hunk of garbage that kicks users out at the slightest provocation. For once, the responsibility for this social engineering falls entirely on the system admins, and not on the users.
Good thing MySpace isn't the vanguard of American youth culture, with a staggering reach into people's home computers, most of whom have no idea how to protect themselves.
On a lighter note, MySpace cannot confirm that Mark Foley's account was cracked this way. So if you are an underage male who has received obscene messages from the ex-Senator, it may be less a security issue, and more your tax dollars at work under the Republican government.