Parasuraman (dy-verse.blogspot.com) and Anshuman take on the session about Breaking Google Open Social Applications.
Demo in Orkut, showing -
Sneak-O-Scope
Developer Application for OpenSocial (0.7)
The developer app can be injected with some code, and how to prevent phishing of your account and info.
Developing a phishing toolkit, and create a phish version of a particular page. And then sneak into the login information of any of the Google user.
No matter if its a secured server of the website(https), you get cheap certificates to open anything with someone else’ logins.
iRead application, in orkut is an example of the flaws in OpenSocial.
Take a cookie of your friend and then use it to login to your friends account.
This session is going to be followed by -
How to create a website with OpenSocial applications.
i also attended this presentation, and i should say parsuram gave a good one,
he showed it an easy and understandable on how the social sites are vulnerable !!!!!!!!!!!!!!!!!!