A Menacing Facebook-Google Mashup
Computer scientists have shown that the functionality many websites expose to developers—to let them build powerful Web applications—can also be combined in potentially nefarious ways.
A team from the University of California, San Diego, used application programming interfaces (APIs) from Google and Facebook to create a system that would let a person browse the Web in anonymity. The researchers, who will present the work at this week’s Usenix Security Conference in Bellevue, Washington, say such a service could potentially allow cyber crooks to cover their tracks.
“Our intention is to make the services acknowledge this problem,” says Jiaqi Zhang, a PhD student in computer science at UCSD and a member of the team. “We hope that when they see our work, they will try to do something to defend their services so that they will not suffer from this and others won’t suffer from this.”
Other researchers have shown how an API can be used in unintended ways, for example to turn a Gmail account into an online hard drive. But the UCSD researchers are the first to combine multiple services in this way.