I saw your mom naked on the internet!

Not just words yelled by boys to one another on a school playground anymore but it may be true if your mom has a Myspace account.

A bug discovered over the past few months and finally fixed last week exploited a backdoor in the design of MySpace that allowed anyone to see your photos, even in private profiles. Third party websites started popping up when the bug was first discovered making it even easier to exploit the bug and view photos. To no surprise, many of the sites sold themselves as "voyeur" and pedophile type sites focusing on viewing photos in private profiles of MySpace members under 18. By default, a profile owned by a user under 16 is set to private. According to MySpace, this should allow only MySpace friends you allow access to the ability to view your profile information and photos.

The exploit was mainly targeted at MySpace users who have their profiles set to "private". Clicking on the photo link of a private profile should normally give non-friends this message, "This profile is set to private. This user must add you as a friend to see his/her profile." But using this exploit anyone with or without a MySpace account can access the photo by replacing the friend ID in the URL with the friend ID of the user whose profile they are trying to view.

The only users safe from this exploit are those who specifically set their MySpace photo galleries to private in addition to their profile security settings. This comes at a bad time for MySpace. Though this exploit didn't just target underage users, MySpace had already been under a microscope for other pedophile related investigations. MySpace had reached agreements with 49 state attorney generals this week that was hopefully going to bring agreements to allow MySpace to make it's site safer for underage users.

This exploit has been around for over 3 months now. MySpace shouldn't have been in the dark on this issue. I can understand a company not being aware of a zero day exploit or maybe even a first week exploit, but 3+ months? Not only has it been circulating around message boards this entire time but (ad driven) 3rd party websites have been profiting off this exploit and making it easier to view private photos and profiles. You think with all of this going on SOMEONE at MySpace would have jumped on this and fixed it. This shows MySpace still has a long ways to go before users, parents and government agencies can trust MySpace to do a proper job of ensuring the safety and privacy of it's users.