Concerns over Facebook stream importer for Google+ abound

Google+Facebook may be a security vulnerability waiting to happen.

By Ed Oswald, PC World |  Security, Facebook, Google

An application that allows Firefox and Chrome users to view Facebook stream data within Google+ is popular, but may put users at a security risk due to issues with the coding.

Google+Facebook, developed by Israeli developer Crossrider, lets users see Facebook streams and update Facebook statuses from within the Google+ platform. The extension has thus far proved popular: according to company execs, there have been over 100,000 downloads in just one week.

Unfortunately, the code may be insecure. Crossrider CEO Koby Menachemi admitted himself that the application was written in less than a day, and so "the product is not perfect." Taking this fact into consideration, it's not impossible that Crossrider's coders may have missed something.

Questions about Google+Facebook's possible security issues were raised over the weekend, when Reddit user RogueDarkJedi posted comments on a story promoting the app. In the comments, RogueDarkJedi alleges that Google+Facebook "acts like malware," and says it's a "security vulnerability waiting to happen."

What's in question is the app's behavior. Google+Facebook must download an external JavaScript file at every launch, in order for it to work. Mozilla has frowned upon this practice, as it puts all users of an app using such a system at risk in the event that the server hosting the script is compromised.

The app also does a number of other seemingly unscrupulous things, such as changing search preferences to a site controlled by Crossrider and appending a signature to e-mail messages sent on certain webmail providers. Uninstalling the app reportedly does not remove many of the changes Google+Facebook makes.

"So should you trust these guys? In my opinion, [expletive deleted] no. Do NOT install this, it does more harm than anything. Stay the hell away," RogueDarkJedi wrote in the comment.

The post caught the attention of Crossrider, who responded to a Lifehacker post about the application, in which Lifehacker recommended its readers not install the app. Cofounder and CTO Shmueli Ahdut shot back, saying the way Google+Facebook auto-updates is "at the edge of extension-technology today," and that no changes are made without the user's permission.


Originally published on PC World |  Click here to read the original story.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question