Fascinating report in
today’s Forbes around social networks being easy fodder for hackers and
therefore criminals. The firms at stake include everyone from Google
through Facebook, and it is all due to the fact that the more open
these communities become for developers to provide common applications,
the more flawed they become to vulnerabilities.
Here’s some of the text to give you a clue:
hacker known as TheHarmonyGuy exploited a flaw in an OpenSocial
application on the business social networking site Plaxo within 45
minutes of the application’s launch. A bug in an application called
"Emote," which adds smiley faces and other "emoticons" to a page, made
it possible for TheHarmonyGuy to insert emoticons and text into the
profile of Plaxo’s vice president of marketing, John McCrae. The
application has since been removed from Plaxo’s site.
days later, the same hacker exposed a vulnerability in an application
called iLike that allows users to list favorite music tracks on the
social network Ning. TheHarmonyGuy was able to change users’ track
listings. Ning quickly disabled iLike and re-enabled a patched version
six hours later.
TheHarmonyGuy’s hacks are far from
life-threatening. But they illustrate the vulnerability of Google’s new
platform, and raise the question of who’s responsible for OpenSocial’s
security: application developers, social networking sites or Google
Read the whole article here.