Comments on: First OpenSocial Application Hacked Within 45 Minutes

By: bebo recruiting math | The Woodwork

bebo recruiting math | The Woodwork — Fri, 20 Nov 2009 02:53:56 +0000

[...] (Okay, I’ll admit my Bebo-bias comes from Bebo being one of the OpenSocial launch partners. Sorry, but I implemented open APIs long before Open Social launched and helped design a key lynch-pin of what makes OpenSocial work, and you shut me out? Damn straight I’m holding a grudge—maybe if you talked to me I could have pointed the mack-truck security hole in the launch.) [...]

By: Social Media Security » First Impressions on Security in Google Wave

Social Media Security » First Impressions on Security in Google Wave — Sun, 08 Nov 2009 16:23:21 +0000

[...] an OpenSocial framework online, I decided to check out its security for myself. That led to the first hack of an OpenSocial application, and my white-hat hacking hobby began. Admittedly, the “hack” came from poor coding [...]

By: First Impressions on Security in Google Wave | Social Hacking

First Impressions on Security in Google Wave | Social Hacking — Tue, 20 Oct 2009 02:16:44 +0000

By: Link « jerakeen.org – notes

Link « jerakeen.org – notes — Thu, 06 Aug 2009 20:07:20 +0000

[...] http://www.tech...hin-45-minutes/ [...]

By: C R Venkatesh

C R Venkatesh — Fri, 20 Mar 2009 06:38:52 +0000

I just created a site http://www.amigocentral.com for my client and I was wondering whether I would also face an equal threat. I hope the Gurus listed here on this page can shed some light.

By: Mark Ellis

Wed, 11 Feb 2009 17:10:58 +0000

your mum

By: Mark Ellis

Wed, 11 Feb 2009 17:04:52 +0000

bacon

By: perde

perde — Thu, 18 Dec 2008 15:21:33 +0000

good

By: Security Justice » Blog Archive » Security Justice - Episode 7

Security Justice » Blog Archive » Security Justice - Episode 7 — Thu, 27 Nov 2008 01:59:21 +0000

[...] LinkedIn adds applications…becomes more like Facebook/MySpace. Let’s not forget OpenSocial was hacked in 45 minutes! [...]

By: Why Facebook will rule the world—and why it won’t « The Beaver Reader

Why Facebook will rule the world—and why it won’t « The Beaver Reader — Wed, 08 Oct 2008 07:09:01 +0000

[...] also worth noting that the first OpenSocial application was hacked within 45 [...]

By: Newslens Podcast Episode 21 at Wiggler

Newslens Podcast Episode 21 at Wiggler — Wed, 24 Sep 2008 17:49:38 +0000

[...] First OpenSocial Application Hacked Within 45 Minutes [...]

By: Sourcing Seattle » Blog Archive » Mark Zuckerberg Says Facebook Connect Is the Future

Tue, 29 Jul 2008 03:16:11 +0000

[...] Read an interesting article where the CEO of Facebook discusses their take on the future of the social web ( a direct competitor to Google’s OpenSocial platform). OpenSocial has had some challenges out of the gate including it’s first application being quickly hacked in just 45 minutes. [...]

By: Social Hacking » Blog Archive » Social Me Still Too Social

Social Hacking » Blog Archive » Social Me Still Too Social — Wed, 16 Jul 2008 19:27:13 +0000

[...] The “hack” involved is unbelievably simple, because the AJAX interface for Social Me is totally unsecured. And it’s not even a POST request – I just enter a certain URL in my browser with a few query strings modified accordingly. The server does nothing to validate who is making the request. It reminds me of my original Emote hack. [...]

By: OpenZolder » OpenSocial gehacked

OpenZolder » OpenSocial gehacked — Mon, 30 Jun 2008 13:24:49 +0000

[...] http://www.tech...hin-45-minutes/ [...]

By: BURAK ARIKAN » Open Social to Distribute 3 Things: Myself, My Relationships, and My Life

Mon, 07 Apr 2008 16:06:51 +0000

[...] OpenSocial API is up and hacked by some guy already. I am currently reading the protocols. From what I understand, Google servers are the gate keepers [...]

By: Cracked Nipple Cream

Cracked Nipple Cream — Thu, 13 Mar 2008 15:12:28 +0000

Cracked Nipple Cream…

Sometimes the nipple can become sore and cracked. In this condition breastfeeding can be extremely painful and a quick and fast remedy is needed….

By: yarışma

yarışma — Tue, 20 Nov 2007 14:55:05 +0000

thanks

By: Saravanan

Saravanan — Mon, 12 Nov 2007 15:07:09 +0000

Hi its really cool, if you prepare like a tutorial and post it then it is very useful to developer.s

By: Michael Jung

Michael Jung — Thu, 08 Nov 2007 20:51:11 +0000

@60: Data isn’t stored central on Googles server. They still belong and are stored where they come from, where they are fetched up – like you music list from iLike on your MySpace profile. All in iLike data comes from the iLike servers.

@58: Many many many good points.

@73: I advise you to look at http://michaelj...s-for-11-08-07/ >> Web 2.0 Expo Berlin Presentation – Open Platforms and the Social Graph (David Recordon’s Blog)

By: Keith

Keith — Wed, 07 Nov 2007 21:13:33 +0000

That was a smooth reply from the architect but it sounds more like they had white-listed real hackable code as opposed to “real working” code.

By: Kyle Brady: A Blog

Kyle Brady: A Blog — Wed, 07 Nov 2007 19:57:27 +0000

Why OpenSocial May Be Over-Hyped…

I’ve been purposely avoiding writing anything about Google’s new OpenSocial project. Why? Because it had the potential to go in a few different directions and be used different ways, and I wanted the hype to die down before seeing what it…

By: David J's Brain

David J's Brain — Tue, 06 Nov 2007 16:44:41 +0000

@11: The fact that you can’t differentiate between malicious hacking and humorous investigative hacking shows that you’re a moron. Would it be better if no benign hacking happened? this guy clearly exposed a security hole which can now be fixed. Instead of their idiotic initial denials Plaxo can now fix their code, which obviously was shipped too early under the pressure of some business moron that Arrington adores.

Think of it similarly to investigative reporting. Would you rather a reporter expose a security hole at an airport or on principal have that information suppressed until a real ‘bad guy’ uses it. There are plenty of real malicious hackers who will use Open Social and any other platform (Hypebook) for a list of real criminal exploits, the simplest of which would be identity theft.

By: Astonished

Astonished — Tue, 06 Nov 2007 16:36:44 +0000

@83 – Perhaps, but I believe Plaxo still had to implement the APIs on their servers so their data could be accessed. With this in mind, I imagine there would be ways to bolster security, server-side. Finally, I am not going to get into a technical discussion, but there are ways of securing your Javascript functions as well. Obfuscation at the least might have made Plaxo less likely to be the first cracked. In the end, this news will leave the minds of those who care, and those who care aren’t the end users at this point.

@84 – Absolutely, but who knows if the white hat was the first…probably won’t be the last b/c in Joseph’s defense, security is an endless battle.

Anyway, I have to say congratulations to the Plaxo team for taking the bold move and getting out there first. It takes courage to deal with the possible downsides (you know people like me). Anyway, any press is good right?

By: Ryan Watkins

Ryan Watkins — Tue, 06 Nov 2007 16:24:06 +0000

It’s not the growing pains we need to be worried about, those will happen. If in a few months ‘amateur hackers’ are still running wild, then I’ll start worrying…

By: שווה קריאה

שווה קריאה — Tue, 06 Nov 2007 13:38:14 +0000

מערכת ה-OpenSocial הראשונה נפרצה תוך 45 דקות…

גוגל יצאה לפני ימים ספורים את מערכת OpenSocial, אשר תאפשר לבנות מערכות חברתיות בקלות תוך שימוש בסטנדרטים. אך תוך 45 דקות המערכת הראשונה שעשתה שי…