Widgets Lab

All Widgets, All the Time, News, Reviews, Previews, Articles and Interviews

Posts Tagged ‘widget hacking’

iGoogle Gadgets called “very insecure” by Hackers at DEFCON

August 10th, 2008

It looks like Hackers at this year DEFCON Hacker convention in Las Vegas want to make this year the best hacking convention yet by the exploits i have read about so far. Robert Hansen of SecTheory got one that affects a lot of Widgets Lab readers directly. a iGoogle breach that can be done with tainted iGoogle Gadgets. the exploits can go from regular phishing scams to ad aware, to malware, to virus routing, to identity theft and even up to the remote control of your computer depending the skill of the perpetrator. this can be done by either tainting a good google gadget from where it is served by a third party iGoogle Gadget developer or by developing a tainted one by design downloaded from outside the iGoogle Gadget Gallery. even if it was in a unsuspicious and totally legit looking igoogle gadget site by a third party.

Obviously the second one would be the most dangerous one. and it is the one to watch out for and the one easily to avoid. by not downloading iGoogle Gadgets you haven’t seen in a blog covering widgets like Widgets Lab or that has not been covered by Google news official and unofficial but known channels.

The other one is the one to worry, because if it is a tainted Google Gadget from a known source or right from the iGoogle Gadget Gallery, then that is quite unavoidable and the only ones that can prevent such gadgets from affecting you is Google and legit iGoogle Gadget developers by improving their security and google by fixing the security of the platform.

The good news is. that Google says that they usually scan the iGoogle Gadgets Gallery Gadgets and that they rarely find anything at all. and that those that they find never make it to the iGoogle Gadget Gallery in the first place. another thing is that if you got your computer protected or are one of vista users that run IE7 in protected mode.. you should also not be worried about it. if you are not well protected. then just don`t download stuff from shady or completely unknown websites and use official or unofficial but known download sites. as easy as that. this applies for everything.

Google â€œgadgetsâ€ called gateways for hackers via the AFP on Yahoo! News

Technorati Tags: google,igoogle,igoogle gadgets,igoogle exploit,google gadget exploit,google gadget security,igoogle secutirty breach,igoogle gadget hacking,defcon news,widget security,widget hacking,igoogle hacking

1 comment »

Posted in Misc

Tags: Google igoogle widget hacking

Slide “Top Friends” now back in Facebook

July 7th, 2008

It has been well over a week since Slide Top Friends Facebook Widget-App got removed by Facebook because a Hacker used a bug within it that allowed him to access pretty much all the common profile details of anyone using the widget (one case at time, don`t fret) . as with any security breach Facebook tracks for script abnormal behavior in periods of 24hrs so it is guessed that the breach may have been there for only 24hrs (a little more , a little less, that is unknown) .

Slide claims to had resolved the issue very fast after they were noted of the breach. that didn`t mattered because Facebook took its time to test and re-evaluate Top Friends before re-enable it for all.

But that is not the only interesting part of this. what i want to know is how this affected the Widget-app numbers and how it benefited RockYou because of that.

But i guess that is a job for someone like Nick O`Neil to figure out. so please nick, you know you want to know too.

Technorati Tags: slide,slide top friends,top friends,facebook,facebook top friends,top friends widget-app,widget-app,widget hacking

1 comment »

Posted in Apps

Tags: Facebook Facebook app Slide Slide Top Friends top friends widget hacking widget-app

Back to Top

Valid XHTML 1.0 Transitional | Valid CSS 3