Netvibes launches CORIANDER Part 2

Hi,

A few days ago I have announced the launch by Netvibes of their new Coriander version and now Netvibes announces the Second and Final Step for Coriander !
With a bunch of new long waited features:

1. EASY SHARING: You can now instantly share feeds, modules/widgets and Netvibes tabs by e-mail, by instant messaging or by publishing it on an Html page, a Blog or Myspace! It is easy, clear and it works. Just look for the Option Harrow in the Edit Bar.
2. You can MOVE MODULES in your page directly from Edit bar of the Module with 6 harrows (right, left, up, down, top, bottom) . It is easier to work with when you have Big Modules/Feeds that you do not want to close.
3. You have more detailed information to start using Netvibes from the Help Menu.
4. MAP COMPARISON SEARCH Module to check Google, Yahoo and Live Maps.
5. BETTER RSS reading capabilities for Images, videos etc...
6. You can DUPLICATE any Module/feed (in the Edit bar) . Usefull, if you need the same info on different tabs.

WHAT IS STILL MISSING:

1. A total and Personalized Customization of Netvibes: Colours, Backgrounds, Fonts, Sizes...
2. A rating system of MODULES, FEEDS, TABS offered by Netvibes
3. A Security check on MODULES, FEEDS, TABS offered by Netvibes

Security issue with Netvibes_2

Hi,

Just a month ago I was writing about the Security issues with an Ajax Home page and just last Monday Netvibes released a note about "Security update in 3rd parties modules on the ecosystem".

Netvibes writes " (we found) a security vulnerability in webnotes when using a 3rd party module. A fix was due to be launched later this week, but given the recent alert, we have decided to push it today: this vulnerability is now fixed."

And as future solution Netvibes mentionned: "We will also start to introduce the user rating and the certification of modules in the Ecosystem."

So, point 2 of my first post (external modules not verified) has already been proved a real Security problem.

Now, what about my point 1) " Netvibes can help me looking at my gmail, ebay, yahoo, and many other registred services if "I give them" my passwords in order to access directly to the services I am registred to.Passwords must be stored somewhere and there are surely risks of hackers "getting them"." ?

Wait and see...

Security issues with Ajax based homepages_1

Hi,

I was thinking about the potential risks of using a single homepage like Netvibes and was not surprised when an expert on CNET news declared: "... AJAX doesn't just help make Web pages and sites more interactive. It could also provide ways for hackers to hit a Web server and to exploit sites in attacks on visitors...". and also :"An attacker can exploit this type of vulnerability to hijack user accounts, launch information-stealing phishing scams or even download malicious code onto users' computers, experts have said. Big-name Web companies such as Microsoft, eBay, Yahoo and Google have all experienced cross-site scripting flaws on their Web sites".

On the net-security.org web site I also read this more technical paper: Top 10 Ajax Security Holes and Driving Factors by Shreeraj Shah (net square ) Friday, 10 November 2006.

So, here are my points in the discussion.

1) Netvibes can help me looking at my gmail, ebay, yahoo, and many other registred services if "I give them" my passwords in order to access directly to the services I am registred to.
Passwords must be stored somewhere and there are surely risks of hackers "getting them".

How serious are those risks ? What is done to reduce them ?

2) Netvibes offeres modules, feeds, tabs that have been uploaded by external sources with no control by Netvibes as they mention it clearly when you upload them.
Those external applications interact with the Netvibes page and, I believe, my own hardware for instance by opening external browser pages.

How serious are those risks ? What is done to reduce them?

Well, I hope someone will answer...

To be continued.