Spammers inundate Apple's new social media service Ping

By on
Spammers inundate Apple's new social media service Ping

No spam or URL filtering protection evident.

Spammers reacted quickly to Apple's new social media service Ping, with reports of users being bombarded with junk messages.

Ping became available with last week's iTunes 10 update, which also includes fixes for 13 flaws. The new service allows users to create a profile and “follow” friends or artists and share status updates, photos, album reviews and information about music purchases.

Sensing the popularity of the new service, criminals have already pounced. The problem for users is that Apple appears not to have implemented any spam or URL filtering protection in Ping, Chet Wisniewski, senior security adviser at Sophos, told SCMagazineUS.com.

Less than 24 hours after it launched, Ping was inundated by spam. The profiles for U2, Lady Gaga, Justin Bieber, Linkin Park have all been affected by the comment spam.

“Lady Gaga's profile is so clogged with spam that's about all that's in it,” Wisniewski said. “Any time you allow people to post a message, you are going to have spam problems. It's amusing to me that Apple would launch such a major service without considering that.”

Many of the spammed comments seen on Ping attempt to trick users into filling out affiliate marketing surveys with the lure of receiving a free iPhone 4 or other prize for their efforts, he said.

Another problem that could contribute to spam on Ping is the ease of creating a profile, Wisniewski said. The service does not require users to enter a credit card or other identification to participate.

Security experts have for some time warned that spammers aren't just distributing their unwanted messages via email anymore, he added. The comments sections on blogs and forums, as well as Facebook, Twitter and Web 2.0 platforms, are also a haven for spammers.

Apple likely anticipated its new platform would be abused, as it requires user's profile pictures be approved before they appear, Wisniewski said. Apple is also probably filtering for offensive content, so the company probably has a way to stop the spam.

An Apple spokesperson did not respond to a request for comment.

Despite Ping's security issues, researchers recommend users download the iTunes 10 update, as it also closes 13 security holes in WebKit, an engine that is used to render the iTunes interface.

The vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition, according to an advisory posted by the US-CERT.

When users download the update, Ping is not enabled by default.

See original article on scmagazineus.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:
apples inundate media new ping security service social spammers
In Partnership With

Most Read Articles

Telstra to cut at least 8000 jobs

Telstra to cut at least 8000 jobs
UNSW loses data after IBM storage failure

UNSW loses data after IBM storage failure
PageUp People revises data impacted by breach

PageUp People revises data impacted by breach
Telstra completely changes how it sells enterprise services

Telstra completely changes how it sells enterprise services
You must be a registered member of iTnews to post a comment.
| Register

Whitepapers from our sponsors

Managed Security Service Providers for Dummies
Managed Security Service Providers for Dummies
The Cost of Cloud Expertise report
The Cost of Cloud Expertise report
The business case for hyperconvergence
The business case for hyperconvergence
What Every CIO Should Know about DevOps & Container Guides by Puppet
What Every CIO Should Know about DevOps & Container Guides by Puppet
The 5G Business Potential – Industry digitalisation and the untapped opportunities for operators
The 5G Business Potential – Industry digitalisation and the untapped opportunities for operators

Events

Most popular tech stories

Log In

Username / Email:
Password:
  |  Forgot your password?