Facebook to Google+ plugin could be a hacker’s dream

Google+Facebook could be vulnerable to Javascript attack.

An application that allows Firefox and Chrome users to view Facebook stream data within Google+ is popular, but may put users at a security risk due to issues with the coding.

Google+Facebook, developed by Israeli developer Crossrider, lets users see Facebook streams and update Facebook statuses from within the Google+ platform. The extension has thus far proved popular. According to company execs, there have been over 100,000 downloads in just one week.

Unfortunately, the code may be insecure. Crossrider CEO Koby Menachemi admitted himself that the application was written in less than a day, and so “the product is not perfect.” Taking this fact into consideration, it’s not impossible that Crossrider’s coders may have missed something.

Questions about Google+Facebook’s possible security issues were raised over the weekend, when Reddit user RogueDarkJedi posted comments on a story promoting the app. In the comments, RogueDarkJedi alleges that Google+Facebook “acts like malware,” and says it’s a “security vulnerability waiting to happen.”

What’s in question is the app’s behaviour. Google+Facebook must download an external JavaScript file at every launch in order for it to work. Mozilla has frowned upon this practice, as it puts all users of an app using such a system at risk in the event that the server hosting the script is compromised.

The app also does a number of other seemingly unscrupulous things, such as changing search preferences to a site controlled by Crossrider and appending a signature to email messages sent on certain webmail providers. Uninstalling the app reportedly does not remove many of the changes Google+Facebook makes.

“So should you trust these guys? In my opinion, no. Do NOT install this, it does more harm than anything. Stay the hell away,” RogueDarkJedi wrote.

The post caught the attention of Crossrider, who responded to a Lifehacker post about the application, in which Lifehacker recommended its readers not install the app. Cofounder and CTO Shmueli Ahdut shot back, saying the way Google+Facebook auto-updates is “at the edge of extension technology today,” and that no changes are made without the user’s permission.

Source : Techworld.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s