If Samy Kamkar plays his cards right, he may be allowed to visit MySpace again in just a few months. For the time being, however, he's not even allowed to touch a computer, following a January 2007 guilty plea for creating what many consider to be the first Web 2.0 worm: the Samy worm.

Samy's worm wasn't malicious, but it did force News Corp.'s MySpace social-networking site to shut down in late 2005 after forcing more than 1 million users to declare Samy a "hero" on their profile pages.

Last week, Samy, who is now 21, made his first public appearance since his conviction, attending the OWASP App Sec 2007 conference, hosted by eBay in California. He was treated like a celebrity at the show, but there were some complications. Under the terms of his plea agreement, he can only use computers for work, so he was forced to show slides that he'd dictated to a friend on a computer that was operated by a conference staffer.

It's not easy being a computer geek cut off from computers, but if Samy remains a model parolee, he could be allowed to use computers again in a couple of months. He talked to IDG News Service about what life has been like since his arrest and what he plans to do as soon as he's online again.

IDGNS: What were you thinking when you wrote the Samy worm?

Kamkar: When I wrote the worm, it initially wasn't a worm. Initially I was just trying to spruce up my MySpace profile. I also wanted to show off to a couple of friends, so I thought 'wouldn't it be cool if I did this? What if I made some of these people add me as a friend automatically?' Then I figured, 'what if I made them add me as a hero?' So I wrote a little code and what ended up happening is whenever someone viewed my profile, they would automatically add 'But most of all, Samy is my hero' at the end of their hero section on their profile. And after that, I thought, 'If I can make this person my friend, if I can make myself their hero, couldn't I just copy this code onto their profile?'

I didn't think this would be a big deal, so I tried it out. I thought maybe I'll get one friend tomorrow and a few in maybe a few days. It went quickly. Apparently, MySpace is a bigger place than I assumed.

IDGNS: How hard was it to write the worm?

Kamkar:I'm not a Web application security expert, but I'm into security and I'm into Web applications. As a programmer, it wasn't too much to learn how to use AJAX, which really helped make the worm work and proliferate really quickly. It only took a few days to write the thing from start to finish and it was only in the last day that I thought that this could be a worm.

IDGNS: Do you think it would be easy to write another MySpace worm now?

Kamkar: It would be much harder to write a MySpace worm right now just because they've added so many restrictions, but it's always possible and there are so many other sites that these exploits are available on. So it could still happen.

I think that more worms are going to come out. I've heard of more worms trying to take off using the same code base that I wrote, and just changing a few things. Luckily restrictions have really prevented those from working out too well. But yeah, from here on out, I think worms are only going to get more advanced.

IDGNS: What's your life been like since you pleaded guilty in this case last January?

Kamkar: My life has been a bit different. I have computer restrictions now, so I can only use computers for work purposes. I also serve community service and I'm on probation. So on top of the restitution, it's a little more than a slap on the wrist.

IDGNS: The worm you wrote was fairly innocuous. It just made you really popular on MySpace. How do you feel about being indicted for this?

Kamkar: Well, I didn't have malicious intent writing the worm. I understand that it was a big example of what you shouldn't be doing, so I think if I were in their shoes, maybe I'd do the same thing. Maybe I'd say, 'Well that guy got a lot of press. He's showing, this is how you hack a Web site and this is how you write a worm, and we want to make sure people don't do that.'

And I agree that people shouldn't be doing that and I shouldn't have released that. So I sort of see it on both sides.

IDGNS Do you regret doing it?

Kamkar: I wish I could take it back.

IDGNS: What's the first thing you're going to do when you're free to use a computer again?

Kamkar: The first thing I'm going to do when I can use a computer again is probably just get back into development on the site and write projects that are interesting to me and non-malicious. No more worms.

IDGNS: Would you work for MySpace if they wanted you to?

Kamkar: I think in the future, I'd be happy to help out because they actually provide a pretty cool site. Right now, I'm involved in one project with one company, but in the future, that's definitely an option.