With all of the zillions of companies building “widgets” for MySpace, Bebo, etc., it’s only a matter of time before the gray-hat crowd starts to see the dollar signs. Maybe they already have. But it seems like a large waste of effort for all of those strange little VC-funded startups playing remora to MySpace’s shark to have to keep figuring out new ways to get their code to embed in MySpace layouts.
What if there were a company which acted like the “security analyst” gray-hat companies of the 90s, which constantly looked for new exploits in MSIE, Windows, firewalls, web servers, etc. and slowly trickled them out so that they would always have a new and scary problem that their clients needed to know about and compensate for (until the vendor released a patch)?
This company would just find new and different ways of embedding Flash, AJAX code, iframes, etc. in MySpace and similar sites, and would then release sample code snippets and example apps that clients would use to build their widgets. Later on they could release some kind of API that made the same widgets work across all of those sites. Clearly they would be the first ones to re-engineer their hacks when MySpace decided to change its code for whatever reason (breaking existing widget embedding mechanisms).
I’m not going to do it, but it’s an interesting idea, and in my opinion, it’s only a matter of time. It’ll probably be someone overseas, in Russia or Eastern Europe who does this, since it’s not terribly well looked upon to sell what amounts to a cross between an exploit kit and an “undocumented APIs” reference for a big web site.
Or maybe it’s already out there, and I just don’t know about it…