Is Web 2.0 Safe?

Samy Kamkar was really just trying to impress girls. Instead, he made Web hacking history.

Kamkar created what is considered the first Web 2.0 worm--a virulent bug that no firewall could block, and which ultimately forced MySpace.com to temporarily shut down. The Samy worm (named after Kamkar) was among the more prominent of a new generation of Web attacks that some security experts fear may slow the fast-evolving collaborative model of Internet development known as Web 2.0.

Kamkar was looking for a way to circumvent MySpace's content-posting restrictions to jazz up his profile when he found a bug that essentially allowed him to control the browser of anyone who visited his MySpace page. "A Chipotle burrito and a few clicks" later, Kamkar says, he created the fastest-spreading Web-based worm of all time.

Within 20 hours, the worm had spread to approximately 1 million MySpace users, forcing them to select Kamkar as their "hero" in their profile page. News Corporation, the site's owner, had to pull down MySpace to fix the problem, and Kamkar later received three years' probation in Los Angeles Superior Court.

As a Web 2.0 worm, Samy signaled the start of a shift in Web security concerns. Past worms such as MyDoom and Sobig clobbered systems and caused days of technical problems for system administrators to contend with. Kamkar's worm didn't do anything to harm MySpace users' computers, but it threatened their data online. And though the affected MySpace users couldn't apply a patch or update their antivirus software to handle the problem, once MySpace fixed the issue on its servers, it was fixed globally.