How’d it get through QA — and why didn’t they fix it?

Over on Tales from the Net, I’ve been discussing Kevin Poulsen’s articles about a MySpace security bug that allowed access to photos in profiles that had been marked as “private”. It had been well known for months, but MySpace didn’t fix it until the day after Kevin’s first article. In the interim, somebody wrote an automated script to download photos, and released 500,000 of them on the BitTorrent p2p network.

Since it’s social network-related, I posted about over there, but it’s on topic here as well, so I figured I’d mention it …