According to ZDNet.co.uk, “The first application launched under Google’s OpenSocial API program has been taken down, shortly after it was discovered a hacker could use it to change user profiles.”
This gives me mixed feelings. Was Google either A) in a rush to get out the door with this code B) sloppy with the release or C) well, there is no C, but it’s good to have 3 in a list.
This isn’t like Google to put out a product that can be hacked within an hour of its release.
The attack happened to Plaxo’s network when “…a developer who uses the nickname “harmonyguy” alerted Plaxo’s vice president of marketing, John McCrea, to a vulnerability in the RockYou “emoticon” application that Plaxo allowed on its platform as part of Google’s OpenSocial API (application program interface) program.”
Leave your comment Join the discussion