In the summer of 2009 MySpace hired Katie Germinder, Facebook’s Director of User Experience and Design, as an SVP. Her primary job was to assemble a “swat team” of leading outside designers and user interface experts and re-imagine MySpace from the ground up. That team was made up of four people – including two former Apple designers and one ex-Facebooker – and worked out of a conference room in MySpace’s San Francisco offices for six months. They were creating a new site, located at remakingmyspace.com, and it was going to launch sometime right about now.

RemakingMySpace was going to be a new version of MySpace with every piece of legacy stuff thrown out the door. Users and employees would be solicited for input – to get new ideas and vote on already submitted ones – to rebuild the service brick by brick. Most of the work over the last six months was spent reimagining the design in various ways that would be shown to users, and building tools for the submission and consideration of new ideas. And “users” was broadly defined to include input from artists and bands, advertisers, etc.

It was bold, controversial and progressive. And now it’s also very, very dead. Germinder left MySpace last week. And the guy who hired her, former CEO Owen Van Natta, was terminated the week before.

So what happened? The project was trouble from the start. Germinder was strongly pushing the project, obviously, and had the support of Van Natta. But she was working outside of Chief Product Officer Jason Hirschhorn’s organization. Hirschhorn hated the idea from the start, say multiple sources, and constantly worked to undermine it. He favored a much more straightforward redesign effort. And, sources say, VP Product Mike Macadaan was also an outsider to the project, and strongly disapproved say of the whole process.

None of that mattered as long as Van Natta was CEO and was able to push the project along. But once he was gone and Mike Jones and Hirschhorn took over as co-presidents, remakingmyspace was history. Within a day the team was dissolved and moved back into the product organization. The Apple designers, there as consultants, will likely be leaving shortly as their contracts expire.

We’ve spoken with sources on both sides of this. Some say that the the consultants were way too expensive and Hirschhorn and Jones thought the pace of the project was too slow. But others who knew about the project (the site was live for some MySpace employees) thought it was brilliant, and noted that six months wasn’t all that long for a project of this scope. There was genuine excitement within MySpace over remakingmyspace.com, and some are disgusted that it was all thrown away.

One thing that strikes us as odd is the fact that the chief complaints – expense and time – were no longer relevant. The project was effectively done and the expense of it was behind them. “This was killed out of pure vindictiveness,” says one source. Another said that Hirschhorn never even bothered to really understand it, he just wanted it killed.

So what comes next? A straightforward redesign that won’t rock the boat, says one source. Another says that many of the ideas from remakingmyspace will eventually make their way into whatever MySpace launches. Officially, all MySpace will say is “The reimagination of MySpace’s user interface is a top priority. Under Jason Hirschhorn, VP of Product Mike Macadaan and his team are leading the charge to redesign the site and create a beautiful new and exciting environment for our users.”

We’re now trying to track down and verify screen shots and the new logo for remakingmyspace.com. Stay tuned for updates.

• Yahoo BOSS To Survive Microsoft Deal In Some Form; Details Still Hazy
• MySpace Fills Out Executive Roster With New Hires, iLike Execs

MySpace’s new slogan, and the theme of their new product strategy, will be “Discover and be Discovered,” we’ve confirmed from multiple sources. This will be their differentiating factor from Facebook, execs told employees at an all hands meeting last Thursday.

The meeting was called in the wake of the firing of CEO Owen Van Natta and the related promotions of Mike Jones and Jason Hirschhorn to co-presidents. The meeting, which was held in the courtyard of MySpace’s Los Angeles headquarters to accomodate 600 or employees, was also broadcast to other offices around the world.

The meeting began, say sources, with a discussion of the drama around the company over the last several weeks. Parent company News Corp’s Digital Chief Jon Miller apparently didn’t mince words, saying that Van Natta wasn’t moving fast enough and that there was too much conflict among the executive team. Hirschhorn also denied rumors that he ever considered leaving the company, which is contrary to the statements of about a dozen sources who’ve said the opposite to us.

Miller also reiterated News Corp.’s commitment to MySpace and outlined how the co-president structure will work. “They get along really well,” he reportedly said. Hirschhorn handles product vision, Jones handles execution.

More importantly, MySpace’s go forward vision was presented to employees, say our sources, and it was all about a single feature thrust that they’re calling “Discovery.”

The idea is to hit users over the head with new stuff when they come to MySpace. New people they should be meeting. Movie trailers they should watch. Games they may want to play (perhaps against other MySpace users), music they should listen to, articles they should read. Etc. The activity stream that MySpace recently launched will be the backbone of Discovery, but other MySpace products will feed into this as well.

If they get this right, the thinking goes, people will want to visit the site over and over again to see what new stuff they can do.

This is effectively a recommendation engine around new content, says one source, but MySpace doesn’t want people calling it that. Still, the idea is that an algorithm (and advertisers) will determine what stuff you might like (or tolerate, in the case of ads) based on what other users are liking.

The goal is to give users something to do on MySpace that’s somewhat different than Facebook. And get them to come back often.

• WSJ: Facebook, MySpace & Others Share Identifying User Data With…
• Scamville: Zynga Says 1/3 Of Revenue Comes From Lead Gen And Other…

Yesterday, Inside Facebook reported on a nifty MySpace feature called Fan Video that allows users to pull in their Facebook profile photos using Facebook Connect — a notable move given the sites’ longtime rivalry. Some other outlets ran with the story, with CNET calling it “hard evidence that MySpace is committed to using the technology on its site.” As it turns out, that probably isn’t the case: we’re hearing that this implementation was only integrated as a one-off for Fan Video, and that it is not indicative of a MySpace move to embrace Facebook Connect on a wider scale.

In fact, we’re hearing that MySpace hasn’t even decided if they’re going to implement Facebook Connect on a wide scale at all, despite the rumors that have been circling for months.

Fan Video was built as a promotion for the UK launch of MySpace Music in December. The app is simple: it imports your profile photo using either MySpaceID or Facebook Connect, and inserts it into one of a half dozen music videos from big name artists like Alicia Keys and 50 Cent. The results are actually pretty entertaining — I now have a video of Alicia Keys singing a love song as she gazes longingly at a photo of me. But we’re hearing that the app didn’t come directly from MySpace — it was actually built by a third party under commission.

In related news, we’ve recently heard that Twitter is close to launching their answer to Facebook Connect.

Crunch Network: CrunchBoard because it’s time for you to find a new Job2.0

• WSJ: Facebook, MySpace & Others Share Identifying User Data With…
• Scamville: Zynga Says 1/3 Of Revenue Comes From Lead Gen And Other…

A Facebook developer named Yvo Schapp has uncovered a massive security flaw present on both Facebook and MySpace that would give hackers the ability to steal all of your account data, including your photos, personal messages, and basically everything else you’ve ever put on the social networks, without you ever realizing it.

Schapp stumbled upon the exploit and contacted both Facebook and MySpace. According to his blog MySpace has since fixed the bug, and while his blog indicates that Facebook is still working on it we’ve confirmed that they’ve fixed it as well (we’re waiting on a statement from MySpace). So what exactly could the exploit do? From Schapp’s blog:

You don’t need much time to think of all the ways this could be exploited. All what has to happen is a active session, or a “auto login”-cookie and a URL which hosts a exploiting Flash file. For example when accessed, a automatic “post update” could be made, that would lure friends of the user to access the exploit URL, and the exploit would spread virally. An more invasive and hidden exploit could harvest all the users personal photo’s, data and messages to a central server without any trace, and there is no reason why this wouldn’t be happening already with both Facebook and MySpace data.

In other words, if you’ve ever checked that ‘remember me’ button on Facebook or MySpace’s login screen and have at any point viewed a Flash app taking advantage of the exploit, it’s possible that all of your data was compromised. You wouldn’t even have to neccesarily open anything — in Facebook’s case, if one of the infected items showed up in your News Feed you could have your data stolen without ever knowing it. Yeah, that’s pretty damn scary. For what it’s worth, Facebook gave us this statement:

The security of our users is a top priority for Facebook and we worked with the researcher who identified the issue to fix it. We have not received any reports that it was ever exploited.

Of course, Schapp pretty clearly writes that there’s no way for a user to tell if their data was harvested, so for all we know it could have been used by multiple developers for months or longer (Facebook is currently investigating how long the bug may have existed). Granted, Schapp could be the first developer to ever stumble across the exploit. But the potential of this bug is so huge — allowing a developer to mine all of the data for any user who accessed their app — that less honest developers may well have used the hack for their own benefit. Facebook has previously said that there are a whopping 300,000 developers building on its platform. And we’ve seen time and time again that some of those developers are not opposed to Black Hat tactics. MySpace has seen its own share of problems.

This is obviously bad news for both social networks, but Facebook in particular has long been heralded as the safer of the two, with its extensive privacy settings and authentic identities. Yet the site has repeatedly seen glitches in its security. Today’s bug is by far the worst vulnerability in recent memory.

The security vulnerability works by taking advantage of an oversight in a crossdomain.xml configuration file, which is used by Flash applets to determine if an application has permission to access data on that domain. The crossdomain.xml files at Facebook and MySpace were allowing any applet from any other domain to access data and the API. Combined with browsers keeping a record of your logged in session if you have checked ‘remember me’, the vulnerability means that an invisible Flash applet on any website you visit would be able to read out all your data and send it away somewhere else. For more on cross-domain requests and security, there is a write up explaining all the details.

If you’re interested in the nature of the exploit itself, head over to Schapp’s blog for a full description of how he stumbled on it.

Image by Lisanne!

Crunch Network: CrunchGear drool over the sexiest new gadgets and hardware.

• Zynga CEO Mark Pincus: “I Did Every Horrible Thing In The Book Just…
• WSJ: Facebook, MySpace & Others Share Identifying User Data With…