ZDNet UK


Skip to Main Content

ZDNet.co.uk - Winner of Best Business Website 2007
  1. Home
  2. News
  3. Blogs
  4. Reviews
  5. Prices
  6. Resources
  7. Community
  8. My ZDNet

 

ZDNet UK RSS Feeds


IT Jobs

Mail & messaging Toolkit

Yellow Fever

Google's OpenSocial app hacked in 45 minutes

Liam Tung ZDNet Australia

Published: 05 Nov 2007 09:20 GMT

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

The first application launched under Google's OpenSocial API program has been taken down, shortly after it was discovered a hacker could use it to change user profiles.

The application was built by third-party developer RockYou to run on Plaxo, a social-networking website that allows its members to update and synchronise Microsoft Outlook, Mozilla Thunderbird and Mac OS X calendars and address books.

A developer who uses the nickname "harmonyguy" alerted Plaxo's vice president of marketing, John McCrea, to a vulnerability in the RockYou "emoticon" application that Plaxo allowed on its platform as part of Google's OpenSocial API (application program interface) program.

The flaw allowed the "harmonyguy" to add emoticons to McCrea's Plaxo profile without his permission.

The application was taken down by Plaxo after harmonyguy identified the flaw, which took just 45 minutes, according to TechCrunch blogger Michael Arrington.

"We have temporarily taken down this app, due to some bugs discovered today. We apologise for the inconvenience. We are at the early phase of this, so expect some ups and downs... Your patience appreciated," wrote McCrea on the Plaxo blog last Friday.

Read this

Feature
How to use social networks for business gain

If managed in the right way, applications like Facebook can actually improve business collaboration...

Read more +

Last week, Google announced its ambitions to unite multiple social-networking websites under the OpenSocial API. OpenSocial standardises the API for a number of different social-networking websites, allowing third-party developers to create applications that access users' friends and update feeds, explained Google.

Plaxo is just one of the companies to become part of Google's OpenSocial API program. Some of the sites included in the program are Engage.com, Friendster, LinkedIn, MySpace, Oracle, orkut, Plaxo and Salesforce.com.

Although he claims to have hacked third-party Facebook applications such as SuperPoke, harmonyguy said Facebook's platform makes it harder to change a user's profile.

"The main issue I've found with Facebook apps is being able to access people's app-related history; for instance, until recently, I could access the SuperPoke action feed for any user," harmonyguy told Arrington. Facebook is not part of OpenSocial.

Although changing an emoticon may not be a malicious hack, harmonyguy warned that if Google does not stabilise its platform, more damaging hacks are in store.

  • Email
  • Trackback
  • Clip Link
  • Print friendly Print with HP
Yellow Fever

Did you find this article useful?
5 out of 5 people found this useful


Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More in this Special Report

Social networking: 3G's killer app?

Social networking: 3G's killer app?

Social networking Web sites such as MySpace.com, which will soon go mobile, could become key applications driving data usage on new 3G wireless networks more

Half of employers ban Facebook

Half of employers ban Facebook

Half of businesses are restricting employees' access to social-networking site Facebook, due to concerns about productivity and security, according to security vendor Sophos more

Social networking driving server sales

Social networking driving server sales

Social networking is pushing up server sales despite the increasing adoption of virtualisation technology, according to Sun more

Think before you mail, advises IBM

Think before you mail, advises IBM

IBM's Darren Adams says it's time to think outside the inbox when it comes to businesss collaboration more

Facing the past and future at Facebook

Facing the past and future at Facebook

Joe Hewitt developed a version of Facebook for Apple's iPhone more

Unified communications come together

Unified communications come together

Lotus's Darren Adams talks about the benefits of integrating VoIP, video, presence, telephony, unified messaging and other technologies more

Microsoft bags a stake in Facebook

Microsoft bags a stake in Facebook

The software giant has beaten Google to a chunk of the popular social-networking site, agreeing to pay $240m for a 1.6 percent stake more

Google: Businesses can benefit from video sharing

Google: Businesses can benefit from video sharing

Web 2.0 technology such as video and social networking has the potential to be incredibly valuable in the business world, according to the search giant more

Facebook: A boon to business security?

Facebook: A boon to business security?

The Australian division of GE Commercial Finance is using Facebook to educate staff in good security practices more

Vendorboard: Freeing yourself from inbox tyranny

Vendorboard: Freeing yourself from inbox tyranny

Darren Adams, messaging and collaboration sales leader at IBM, argues instant messaging can help cut email traffic by up to 40 percent more

How to use social networks for business gain

How to use social networks for business gain

Applications such as Facebook are seen as a distraction by some employers but, if managed in the right way, the technology can actually improve business collaboration more

Google reveals its social side

Google reveals its social side

The company has finally unveiled its social-networking strategy, OpenSocial, and it's ambitious even for the seemingly unshakeable search giant more

More In Mail & messaging


Company/Topic Alerts

Create a new alert from the list below:





Related Jobs

Murex Flex API Developer Required Urgently

I have an immediate requirement for a skilled developer with solid Murex Flex API experience with one of my key clients in the FrontOffice of thier ...

Sophis API Developer - Strong Equity Derivatives Knowledge

Sophis Risque Developer C++ Technical Architect/Developer, C#, Toolkit, Derivatives, previous strong experience and exposure working with Sophis ...

City Investment Bank - Snr Front Office Dev - Murex/Flex API

The successful candidate will need Murex experience and Flex API knowledge. A city based investment bank is looking for a snr developer to join a ...

Featured White Papers

See All White Papers

On the Road Blog

RM gets 50 watts of Intel Atom power

They may not be the first Atom-based computers available for pre-order in the UK - those laurels probably belong to the MSI WInd, although its being a bit coy - but RM's ecoquiet RM... More

Post a comment

The Myth Of Fingerprints - biometrics,...

A short (thank you!) press release has just arrived. It says: How Finger Prints Never Lie The high street chain Budgens has just introduced biometric technology, (which finger... More

Post a comment

The Intricacies of International Callb...

International callback works on the principle that a unique 'phone number' also known as 'access number' is provided to a particular customer. The phone used for the purpose can be... More

Post a comment