This TechCrunch article outlines how some exploited a vulnerability in a Open Social application to pepper other users profiles with emoticons on Plaxo. The article also mentions the person that found this issue also found other issues with FaceBook apps.
There is a real issue with opening your platform up to third party apps. Read only access is not so bad but we you go full read write things get really tricky. I fully expect a lot more of these as people look to jump on the Open Social bandwagon and crank out apps. This is my favorite line from the app in question:
// TODO: no error checking - we’re bold…
// TODO: figure out why this is necessary???
Wow with decision making like that no wonder this code had problems. I often wonder if SalesForce has similar issues. That seems a much more target rich environment.
If you enjoyed this post, make sure you subscribe to my RSS feed!
