OpenSocial Hacked Again
The same person who hacked the RockYou OpenSocial application on Plaxo just 45 minutes after it was publicly released is at it again.
This time, he claims to have easily accessed the iLike application on Ning. Specifically, he says he can add and remove songs on users’ playlists. And more damaging, he’s noticed that the application caches a user’s friends list in the client-side code. Give him a Ning username and he can give you details on their friends: relationship to user, last date of update, photo, profile creation date and part of their email address.
He’s pulled up Ning co-founder Marc Andreessen’s friend list to prove his point, and shared part of it with me. I won’t be publishing it here, but it shows that he got access to the application.
As with the RockYou/Plaxo hack, no real damage has been done, but it shows that in the rush to get applications out the door quickly, attention to security may have fallen by the side of the road.
TheHarmonyGuy now has a blog up where he is writing about his hacks of OpenSocial applications. See it here.
Crunch Network: CrunchGear drool over the sexiest new gadgets and hardware.
Posts
