OpenSocial API software detects defects. Hackers can use it to modify files.

Source: Internet
Author: User
Tags mozilla thunderbird microsoft outlook

In November 6, the first application launched by Google's OpenSocial API program was hacked. Hackers can use it to modify user files.

According to foreign media reports, this application is developed by a third-party developer RockYou and runs on the Plaxo social network, it enables Plaxo members to update and synchronize Microsoft Outlook, Mozilla Thunderbird, Mac OS X calendar and address book.

Developers nicknamed "harmonyguy" reported a defect in the RockYou "emoticons" application to John, vice president of marketing at Plaxo. This defect allows harmonyguy to add emojis to John's user file on Plaxo without obtaining user consent.

After harmonyguy finds this defect, Plaxo has disabled the application. John wrote in his Plaxo blog last Friday that we have temporarily disabled the application due to some defects found today. We apologize for any inconvenience. We just started to try to open our network, so it is normal to have an accident.

Last week, Google announced a plan to allow many social network sites to use its OpenSocial API. OpenSocial standardizes the APIs of many different social network sites, allowing third-party developers to develop applications that can access user profiles.

Plaxo is only one of the many companies that have joined Google's OpenSocial API program. Companies that join the program also include Engage.com, Friendster, LinkedIn, MySpace, Oracle, orkut, Plaxo, and Salesforce.com.

Harmonyguy said that although some third-party Facebook applications such as SuperPoke have been hacked, Facebook's platform makes it difficult to modify user files.

Although modifying emojis is not a malicious attack event, Harmonyguy warned that if Google cannot ensure the security of its platform, more destructive attacks may occur in the future.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.