Evil Plug-ins

I love plug-ins! I love them on Firefox, Wordpress, Dreamweaver and now on Chrome. It has crossed my mind that some of these plug-ins could be created and distributed by very smart people with criminal or mischievous intent. But the reality of bad plug-ins didn’t hit me until I noticed a link on digg.com about Stealing Logins using Google Chrome Extensions. I am no programmer but understand enough to see how cleaver it is.

Basically, someone creates a innocent looking extension or plug-in, they distribute it and the innocent looking plug-in/extension sends your personal information to where ever.

How can a person avoid this?! I guess the safest way would be to not use ANY plug-ins and extensions.. but that is over kill.
I know that I am pretty paranoid about Wordpress extensions/plug-ins but the open source community is pretty good about peer reviewing, testing and reviewing some of the more popular plug-ins. When it comes to software I depend heavily on reviews of others who have used the product. If there are no reviews (even on forums or dev/plug-in sites), I usually consider the app to risky.

Sometimes what I do is try the app/extension/plug-in on a site/blog I don’t care as much about. In the case of browser plug-ins, I use a single trusted browser with minimal plug-ins to do important sensitive/personal transactions. Most of the stuff I do on the web does not require so much scrutiny.

Unfortunately, there is always a risk with plug-ins, apps, and extensions. All we can really do is manage the risk, by being careful and suspicious.

Thanks Mr. Grech for the knowledge.

Popularity: 1% [?]

I always feel like GOOGLE is watching meeee

If Google was woman I would make sweet passionate love to her. And she’d be a psycho-stalker.

I love Google, but it conflicts with my finely honed skill of not trusting. I use Google for just about everything knowing they have a dangerous amount of information about me and everything else readily available in a search friendly little package.

Google showed up as the most conspicuous tracker on third-party sites. Google Analytics, a free product that allows online publishers to gather statistics about visitors to their sites, was used on 81 of the top 100 sites. Cookies from the advertising company DoubleClick, which is owned by Google, were present on 70 of those sites. When combining trackers from those two services, Google had a presence on 92 of the top 100 sites. Others weren’t far behind. Cookies from Atlas, Microsoft’s DoubleClick rival, appeared on 60 sites, and trackers from two other analytics companies, Quantcast and Omniture, showed up on 54 sites.

– Ny time

I still love Google and I still believe, perhaps foolishly, that they are not evil. Even so, one day I think Google will turn evil, not unlike any empire that has become too powerful. The culture of the company will change in a generation and a new dynasty will reign using personal information as a weapon rather than a useful tool for making better searching. I hope I am very, very wrong.

Popularity: 3% [?]

Encrypt ALL gmail traffic

Another great post from dmiessler:
Everyone loves Google. They want to be everything to everyone, and they’re getting pretty damn good at it. Once you start using their services it gets easier and easier to migrate more of your life to them. But there’s a slight problem.

Google, like any other legitimate service provider, encrypts login traffic, but not your content. So the moment you’re signed in they switch to plain-text communications and send everything to you in the open.

http://dmiessler.com/blogarchive/why-you-should-encrypt-all-of-your-google-activities-poc

Popularity: 10% [?]

Note to Self: Google has a Security Blog

Googles Security Blog is thin on the posts but here it is: Google Security

Popularity: 4% [?]

Google Space

Google has an unorthodox style of business that continues to astound me. For one thing they started giving out 2 gigs of free space while Yahoo/MSN and others were still giving 250M and closing out accounts after 30 days of no activity. They also give 1gig of space for pictures with Picasa. Now they give 6gigs for hard drive space for a measily $20/year.

There were some rumors about them doing something called “gdrive” which would be an application that would use a bit a space on personal computer around the world. Genius! I can be quite secure too. I saw some technology built into the Sidewinder Firewall that effectively seperated every service in its own area of hard drive so that if that service was comprimised it would not do damage to the rest of the system.

Popularity: 7% [?]