I love plug-ins! I love them on Firefox, WordPress, Dreamweaver and now on Chrome. It has crossed my mind that some of these plug-ins could be created and distributed by very smart people with criminal or mischievous intent. But the reality of bad plug-ins didn’t hit me until I noticed a link on digg.com about Stealing Logins using Google Chrome Extensions. I am no programmer but understand enough to see how cleaver it is.
Basically, someone creates a innocent looking extension or plug-in, they distribute it and the innocent looking plug-in/extension sends your personal information to where ever.
How can a person avoid this?! I guess the safest way would be to not use ANY plug-ins and extensions.. but that is over kill.
I know that I am pretty paranoid about WordPress extensions/plug-ins but the open source community is pretty good about peer reviewing, testing and reviewing some of the more popular plug-ins. When it comes to software I depend heavily on reviews of others who have used the product. If there are no reviews (even on forums or dev/plug-in sites), I usually consider the app to risky.
Sometimes what I do is try the app/extension/plug-in on a site/blog I don’t care as much about. In the case of browser plug-ins, I use a single trusted browser with minimal plug-ins to do important sensitive/personal transactions. Most of the stuff I do on the web does not require so much scrutiny.
Unfortunately, there is always a risk with plug-ins, apps, and extensions. All we can really do is manage the risk, by being careful and suspicious.
Thanks Mr. Grech for the knowledge.