Google OpenSocial: after the hype, the holes
Print storyGoogle API too sociable by half
Posted in Security, 6th November 2007 01:50 GMT
Free whitepaper – Securing your online data transfer with SSL
Open standards always cause security problems and Google's OpenSocial API introduced last week is no exception. Not only was an early application based on the standard hacked within minutes, it quickly became evident that OpenSocial is vulnerable and offers an open door to anyone who wants to put a little effort into pushing it open.
But it is not only OpenSocial's lack of security protection that makes it vulnerable. First, OpenSocial is not an "open" standard at all. It is a proprietary API defined by Google's commercial priorities - including a transparent knee-jerk response to Microsoft taking a stake in the acknowledged market leader Facebook. The history of IT is littered with unsuccessful attempts to promote proprietary standards as "open" (just look at IBM with SNA and SAA).
Second, there is already a genuine open standard (Openquabal) - supposedly designed to do the same things as the OpenSocial API. Unfortunately Openquabal does not have the backing of a predatory multinational corporation so it will probably fall by the wayside.
Then again, large corporations spent most of the 1980s and 1990s bickering about common networking standards only to be outflanked by a 30-year old academic standard devised by the US Department of Defence. It was called ARPANET.®
Free whitepaper – Vulnerability management buyer's checklist
The future of SaaS and IT infrastructure management
The mandate for application security
Extended Validation SSL Certificates
Avoiding 7 common mistakes of IT security compliance
The best practices guide for application security
Google cloud told to encrypt itself
Buggy 'smart meters' open door to power-grid botnet
Chinese firm hits back at cyberspy claims
BlockMaster SafeStick hardware-encrypted USB drive