Comments on: OpenSocial Hacked Again

By: Memo to OpenSocial: It’s about distribution, stupid! | 20bits

Memo to OpenSocial: It’s about distribution, stupid! | 20bits — Fri, 04 Apr 2008 00:12:04 +0000

[...] iLike is not that they’re on track to get another windfall of users via OpenSocial, but that their Ning application has been hacked makes be believe Facebook’s king can more than meet the threat from Google’s [...]

By: Social media futures: Persistant profiles

Social media futures: Persistant profiles — Fri, 21 Mar 2008 12:23:46 +0000

[...] OpenSocial is still very much in an experimental stage (and a questionable one to some) it suggests an interesting principle; that we could have pervasive profile (or profiles) the moves [...]

By: The Dude Dean

The Dude Dean — Tue, 20 Nov 2007 00:32:11 +0000

These applications need to be hardened a bit before release.

By: Jonathan Parent - Consultant Analyste Web » Blog Archive » OpenSocial et Android, les deux côtés de la médaille.

Fri, 09 Nov 2007 15:41:32 +0000

[...] Hacked within 45 minutes Hacked again [...]

By: Welcome to the Open Social

Welcome to the Open Social — Thu, 08 Nov 2007 19:47:35 +0000

[...] Alliance, I’m similarly not impressed with the Open Social. It has nothing to do with the hacks that are starting to happen already, this is a fixable problem. And I’m not opposed to it, I think it’s a [...]

By: Mr Universe

Mr Universe — Wed, 07 Nov 2007 21:44:56 +0000

I can’t believe some of you are taking Miss Universe seriously. Obviously it’s just some wanker intentionally saying stupid things. No one would be really that stupid to think Harmony guy is a malicious hacker and also be a techcrunch reader.

By: Cerebro

Cerebro — Wed, 07 Nov 2007 18:37:20 +0000

Daqui a pouco a Google vai ser hackeada também!!
ahuhauhuhauhauha
E vai sobrar apenas eu e o Pink para dominar o mundo!

By: Clement

Clement — Wed, 07 Nov 2007 07:40:54 +0000

Nice work TheHarmonyGuy, but what is your motive?Fame?

By: Darvititsing Lallengerizes

Darvititsing Lallengerizes — Wed, 07 Nov 2007 05:52:53 +0000

Great bug testing I guess for them. They released it a little too early.

By: Gina Bianchini

Gina Bianchini — Wed, 07 Nov 2007 05:46:54 +0000

As promised, a quick update here. We just reinstated support for Gadgets and only the feeds that should be there now are. Thanks!

By: Nic

Nic — Tue, 06 Nov 2007 21:28:21 +0000

OK peeps, the simple fact is that right now anyone writing an OpenSocial gadget is doing so using at most 2/3 of an API because the rest is not finished yet. Part of what is not finished yet is the user authentication functions which will apparently be in the data API.

I think it is pretty cool that people are out there now showing the sorts of things that will be possible with the OpenSocial framework but anyone putting it onto a live site with live data should probably think twice until the whole API is available. Until then it is fairly straightforward to spoof your identity and pretend to be a gadget’s owner.

Hacking these prototype apps might be kinda fun but its hardly rocket science, I don’t think theharmonyguy would claim otherwise. Any developer who has spent an hour or more thinking through the API specs has long since realised that with the data API missing there really is no security at all. Once the data API is published then maybe we can all look at it and decide if its security model is adequate, until then I’m not sure what anyone is proving with these “hacks”.

Nic

By: Fabricio

Fabricio — Tue, 06 Nov 2007 21:22:48 +0000

Not to dismiss HarmonyGuy’s work or anything, I really believe it is important to scrutinize and test eventual flaws of this alpha stage apis before it matures to a good freezing stage… but the friend lists on Ning were always public information available to anyone through the existing REST APIs.

By: Gina Bianchini

Gina Bianchini — Tue, 06 Nov 2007 20:01:05 +0000

Hey All -

At Ning, we take security seriously. We are also committed to giving people the freedom to experiment and use new technologies, even in their early stages.

With respect to this specific issue, we’ve temporary taken down our support of Gadgets for the next few hours (~11am PST) while we patch this hole.

I’d also underscore that adding OpenSocial Gadgets to your social network on Ning is *entirely optional* and we are rapidly and proactively iterating and improving our OpenSocial support daily.

Once we have it fixed, I’ll come back over here and post an update.

Thanks!

By: brij

brij — Tue, 06 Nov 2007 18:22:48 +0000

@19 what has this got to do with repressive governments ?? and for your kind information, rest of the world is not in such a bad shape as you think it is. so far so, that those guys don’t even care (rather know) about open social.
so you better keep your philanthropy out of this.

By: Uhhh

Uhhh — Tue, 06 Nov 2007 17:50:57 +0000

@24: http://www.meetingflex.com is a piece of garbage with zero redeeming qualities. Choose a different profession.

By: James D Kirk

James D Kirk — Tue, 06 Nov 2007 17:39:16 +0000

I say keep it up (apologies for second post! Install an edit your own post function, MA!)

By: James D Kirk

James D Kirk — Tue, 06 Nov 2007 17:37:47 +0000

Wasn’t it written in that prior piece that theHarmonyGuy had admitted to not being “that” good of a hacker? If that’s the case, then I think we should all definitely take our hats off to someone who is clearly publishing his findings for the good of moving OpenSocial forward, and not just wreaking havoc because he can. You can be assured for this one fellow, there are likely 100 more out there that have WAY more skills and can do WAY more damage (maybe not now, but as the apps become more complex and touch more data) than the eHarmonyGuy ( ) I say keep it theHarmonyGuy (could you just not hack my container and apps when I get them going. I’m a little shy!)

By: www.meetingflex.com

www.meetingflex.com — Tue, 06 Nov 2007 16:50:43 +0000

Hey,

Why is this guy so bent on hacking …opensocial ..instead of using his knowledge to write some productive components for opensocial.

http://www.meetingflex.com
Social Networking + Video - Crap

By: .LA Fan

.LA Fan — Tue, 06 Nov 2007 16:14:22 +0000

Correction:

When I stated “url” in my prior post, I meant “Dot-LA Domain Extension”. Several companies/individuals have registered Dot-LA domains. Just insert “site:.la” into Google’s search box and you’ll see for yourself just how many websites are operating in this domain space for the City of Los Angeles and the LA area. Google’s attempt to operate a website at http://www.google.la/ under the “County of Laos” banner is nothing more than an attempt to confuse the users.

By: Tips Dr.com

Tips Dr.com — Tue, 06 Nov 2007 15:36:28 +0000

Technology News for November 6, 2007…

Google, Bidding For Phone Ads, Lures Partners Google Inc. is trying to shake up the wireless industry by helping to create cheaper phones that can access advanced Internet services — and carry its lucrative advertising. Now that the Internet gian…

By: smurf

smurf — Tue, 06 Nov 2007 14:54:12 +0000

lol, thats ridiculously funny!

By: Ajax in 24 Stunden ||| Handelskraft |||

Ajax in 24 Stunden ||| Handelskraft ||| — Tue, 06 Nov 2007 14:22:21 +0000

[...] Selbst Profis wie Google sind aktuell in der angestrebten Offenheit für hin und her zu schickende Daten vor Übergriffen nicht verschont. [...]

By: loaverman

loaverman — Tue, 06 Nov 2007 13:39:02 +0000

cool

By: theharmonyguy

theharmonyguy — Tue, 06 Nov 2007 11:34:04 +0000

The friends list issue may not be as serious as it sounds (or as I thought) - see update: http://theharmonyguy.com/2007/.....mentation/

By: pedro

pedro — Tue, 06 Nov 2007 10:00:49 +0000

I think what theharmonyguy is showing is that opensocial provides innumerous opportunities for abuse by unscrupulous developers.
It’s great to live in a pink candy world where everyone is nice an information is used mostly to provide targeted ads, but imagine how this could be used in countries with repressive regimes, where governments don’t respect human rights? what could they do with access to their citizen’s reading preferences, for example? people get tortured and killed in many countries for reading the wrong sort of book.