I'm reading a ton of posts saying how terrible this is, why anyone would do it, and so on. If you don't know, Samy also created the MySpace worm. OWASP built a project called Anti-Samy to combat the work he did on the MySpace worm. He was sentenced to three years probation, 90 days community service and an undisclosed amount of restitution. I'm pretty sure he knows how terrible it is, and that's the point. He spoke at Black Hat 2010 USA as well...
"How I Met Your Girlfriend: The discovery and execution of entirely new classes of attacks executed from the Web in order to meet your girlfriend. This includes newly discovered attacks including HTML5 client-side XSS (without XSS hitting the server!), PHP session hijacking and weak random numbers (accurately guessing PHP session cookies), browser protocol confusion (turning a browser into an SMTP server), firewall and NAT penetration via Javascript (turning your router against you), remote iPhone Google Maps hijacking (iPhone penetration combined with HTTP man-in-the-middle), extracting extremely accurate geolocation information from a Web browser (not using IP geolocation), and more."
"How I Met Your Girlfriend: The discovery and execution of entirely new classes of attacks executed from the Web in order to meet your girlfriend. This includes newly discovered attacks including HTML5 client-side XSS (without XSS hitting the server!), PHP session hijacking and weak random numbers (accurately guessing PHP session cookies), browser protocol confusion (turning a browser into an SMTP server), firewall and NAT penetration via Javascript (turning your router against you), remote iPhone Google Maps hijacking (iPhone penetration combined with HTTP man-in-the-middle), extracting extremely accurate geolocation information from a Web browser (not using IP geolocation), and more."