Google+Facebook Extension Security Risk, Potential 'Malware'
Even as users clamor to join the new Google+ social networking platform, not all of them are willing to leave behind Facebook, the other social networking site. The problem is, there's an application out there that lets them combine the two services but it may put users at risk.
Google+Facebook, a Web browser extension for Mozilla Firefox and Google Chrome, lets users see Facebook streams and update Facebook statuses while still within Google+. Developed by Israeli developer Crossrider, the extension has been well-received, exceeding over 100,000 downloads in one week.
However, the code may be insecure. Over on link-sharing message board Reddit, user RogueDarkJedi pointed out that Google+Facebook "acts like malware" and that it was a "security vulnerability waiting to happen."
Even Crossrider CEO Koby Menachemi acknowledged to Reuters "the product is not perfect" as it was written, tested and released in less than a day.
The app also changes search preferences to a site controlled by Crossrider and modifying the signature on e-mail messages sent from Gmail, Yahoo Mail, AOL Webmail and Microsoft Live with a customized message to encourage friends to start using the extension. There are also several "permission hacks" in order to run the code at a higher permission level.
"So should you trust these guys? In my opinion, [expletive deleted] no," RogueDarkJedi wrote.
Crossrider CTO Shmueli Ahdut posted on Lifehacker claiming Google+Facebook represents "the edge of extension technology today."