|
Coding Horror - Spying On Users
By Dan Morrill
Expert Author
Article Date: 2008-03-11
Coding horror has an amazing story on why you should be careful of just about every download you put on your PC. The story covers G-Archiver from Brother Soft, where the programmer coded a Google mail username and password so that everyone who activated the software had their user credentials stolen, and sent to gmail.
You need to check out this image to get a full feel of the concerns and issues.
From a security viewpoint this is a very good reason to code walk anything coming in the door and verify that the software is good software that performs the function as advertised without any nasty surprises embedded in the code. A great software is called reflector as a dot net program that allows someone to navigate search and check out any program coming in the door.
I used Reflector to take a peek at the source code. What I came across was quite shocking. John Terry, the apparent creator, hard coded his username and password to his gmail account in source code. All right, not the smartest thing in the world to do, but then I noticed that every time a user adds their account to the program to back up their data, it sends and email with their username and password to his personal email box! Having just entered my own information I became concerned. Source: Coding Horror
There is a lot to be said for getting software from trusty sources, but even trusted sources might be doing bad things that people do not know about.
Comments
About the Author:
Dan Morrill has been in the information security field for 18 years, both
civilian and military, and is currently working on his Doctor of Management.
Dan shares his insights on the important security issues of today through
his blog, Managing
Intellectual Property & IT Security, and is an active participant in the
ITtoolbox blogging community.
|
|
