Google+Facebook Equals Time Bomb

An application written to allow integration between Facebook and Google Plus may be all you need to compromise your computer. According to a PCWorld report an application called Google+Facebook used a well known programming worst practice of downloading a JavaScript file upon launch.

If you aren’t real technical and don’t know what this means, I will spell it out for you. This means that when you launch the program you never, ever know what it will do. The reason for this is that a JavaScript is a program and if the server hosting the JavaScript is compromised then the script can be replaced with anything. The application is provided by a company called Crossrider. Crossrider markets an application builder that allows people to build extensions that work in multiple browsers. This does not mean that the extensions are safe to use however.

Allegations about the Crossrider Application include reports that search preferences are altered and signatures may be appended to email in certain situations. There is a lot of wisdom in not being an early adopter of programs that interact with social networking sites.

For Facebook, the only safe thing to do is to totally disable applications as Facebook has a history of utilizing the technology to share information without your knowledge or consent and most Facebook applications cause Facebook to switch from Https to http, potentially exposing your data to others.

Randy Abrams
Director of Technical Education
Cyber Threat Analysis Center
ESET North America

Author ESET Research, ESET

  • Me

    Ok. I understand the point, but based on what you are saying all sites using google analytics are under the same situation "if the server hosting the JavaScript is compromised then the script can be replaced with anything". 
    If you think it's not secure,  don't use it but stop saying bullshit. Crossrider guys did an excelent app for social media user  What did you do? 

  • Erma

    I am currently having internet closing after son acessed face book.
    My ESET scans but not internal files-showing 0 threats.  Any remedy?

  • me

    Its bullshit….used as a redirect to pull in ad money. Excellent job? More like excellent virus.

Follow Us

Automatically receive new posts via email:

Delivered by FeedBurner

14 articles related to:
Hot Topic
13 Jul 2011
ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.