A more detailed analysis covering several different social-networking sites suggests that the potential for mischief may actually run much deeper. Two computer-security consultants--Nathan Hamiel of Hexagon Security Group and Shawn Moyer of Agura Digital Security--recently built examples of malicious applications on top of OpenSocial, an open application platform used by MySpace, hi5, Orkut, and several other social networks. One of their demo applications, called DoSer, logs out users who view a compromised profile page for seven seconds. Another, called CSRFer, sends unauthorized friend requests from a target user. But Hamiel says that there are plenty more ways to attack social networks and that little can be done to defend them. "[An application] hooks into the social net about as deep as it can go," he says.