The Jason Salas Experience

Craig Shoemaker from the Polymorphic Podcast clued me into the story of a MySpace user that wrote a cross-site scripting (XSS) process in Ajax, allowing him to add over a million friends to his list. The script was also self-replicating, being inserted into a visiting user's profile. Googler Evan Martin even broke down the particularities of the malicious script.

I've expressed concern about Ajax programming as a threat to security and performance, that XSS worms and DOS attacks might be more prevalent.