Hemanshu Nigam: Mr. Safety for MySpace

Can CSO Hemanshu Nigam make MySpace a safe neighborhood, without also making it an empty one?

Meanwhile, reports were whirling about malicious code running through the site. In one earlier case, a teenager known as "Samy" exploited a cross-site scripting vulnerability, adding a piece of code to his profile that within 20 hours infected the profiles of more than 1 million users—and garnered him more than 1 million automated requests to be each user's "friend." (He pled guilty and was sentenced in January.) Another worm exploited a flaw in Apple QuickTime to steal log-in credentials of users and spread spam; one security vendor estimated that one in three profiles was affected.

As a result, Nigam is now turning more of his attention to computer security issues, pulling together a dedicated group that will respond to incidents and work on education and awareness—both for MySpace engineers, who need additional training on how to write secure Web applications, and for members, who can protect themselves by installing antivirus software and firewalls and by keeping their software patched.

In the background of all this, the basic sleuth work continues. MySpace's terms of service prohibit members from posting photos or videos that contain nudity, hate speech or illegal drug use, or ones that infringe upon copyright laws, but it's a constant battle to keep that kind of material off the site. The 24/7 support operations team—currently about 40 percent of MySpace's 300-person staff—manually reviews the 7 million images and videos that are posted every day. They also run searches to try to find underage users who post information, like the name of the elementary school they attend, that indicates they are not at least 14 years old. The company says it currently shuts down about 30,000 profiles of underage users each week. (Nigam wouldn't discuss any specifics regarding copyright infringement, citing an ongoing lawsuit that was filed in November by Universal Music, which claims that the foundation of MySpace is "‘user-stolen' intellectual property of others," with MySpace "a willing partner in that theft.")

Still, the reports of unsavory characters on the site continue, as attested by a quick visit to the crowded MyCrimeSpace.com, which tracks crimes related to MySpace and other social networking sites. "I don't think whatever security measures [Nigam] put in place are being all that effective," says Trench Reynolds, the nom de blog of the North Carolina dad and "9 to 5-er" who runs the site in his spare time. "MySpace can only do so much on their end of things. Parents need to do a better job monitoring their kids' activities."