To the average user I think there is an assumption made that files housed on "legitimate" websites are safe to use. A recent finding by a CodingHorror reader named 'Dustin Brown' shows that trust can have some serious consequences.

There is a piece of software out there known as G-Archiver (DO NOT USE THIS PROGRAM). This program is supposed to back up your Gmail account. All you do is log in through the program and it backs up your email. But that's not all it does. A dump of the code using Reflector shows that the creator, a "John Terry", dumps your username and password to his own personal Gmail account.



From the original post it seems that Mr. Brown cleared the gmail account of all personal information and changed the password. It might have been smarter to compose an email to all of the individuals to let them know of the breach.

How is the average user to know their program is safe for use? For that matter how are the rest of us to know? In this instance the program was written in .NET making it easy to disassemble. With something written in C or C++ there is less of a chance anyone would notice a problem and honestly who wants to sit around decompiling code?

So what is the solution? Short of forcing complete disclosure of all source code I'm not sure. Perhaps an intermediate step requiring software developers wishing to sell their software to have the source code certified by a 3rd party. That 3rd party would then compile and distribute all versions of that program. This is an onerous process not likely to see the light of day. Whatever happens, something must be done to protect users.

[ view entry ] ( 108 views )   |  permalink  |   ( 3 / 45 )

---

<<First <Back | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | Next> Last>>