Security issue with Netvibes_2


Just a month ago I was writing about the Security issues with an Ajax Home page and just last Monday Netvibes released a note about "Security update in 3rd parties modules on the ecosystem".

Netvibes writes " (we found) a security vulnerability in webnotes when using a 3rd party module. A fix was due to be launched later this week, but given the recent alert, we have decided to push it today: this vulnerability is now fixed."

And as future solution Netvibes mentionned: "We will also start to introduce the user rating and the certification of modules in the Ecosystem."

So, point 2 of my first post (external modules not verified) has already been proved a real Security problem.

Now, what about my point 1) " Netvibes can help me looking at my gmail, ebay, yahoo, and many other registred services if "I give them" my passwords in order to access directly to the services I am registred to.Passwords must be stored somewhere and there are surely risks of hackers "getting them"." ?

Wait and see...

No comments: