Like all the other folks with hands out, I'd love a Wave invite. Chris
On 11/18/09, gameman733 <[email protected]> wrote: > Assuming its allowed, I'll be more than happy to help any way I can. Just > shoot me an e-mail or catch me on IRC. The one attack vector I had mentioned > was purely theoretical, however it does raise the issue of whether or not > there is any kind of security mechanisms in a wave. Being able to > collaboratively add widgets or gadgets or whatever they want to call them is > nice, but could cause so many problems. > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of Michael Douglas > Sent: Wednesday, November 18, 2009 8:18 PM > To: PaulDotCom Security Weekly Mailing List > Subject: Re: [Pauldotcom] Google Wave > > I *just* got my invite a few days ago. (thanks again Mr. Operator!) > > I think there's much potential here... both for good and ill. What's > most impressive to me though is just how well it works considering how > young this is. > > I'm looking into the ToS for wave and am trying to see if kicking the > tires and doing some poking and prodding -- you know attack research > -- is allowed. If it is, I think there could be a wealth of research. > > I'm going to be busy to pretty much the end of the year... but if > someone wants to assist with wave attacks and such then, by all means > let me know. > > > > - Mick > > > On Tue, Nov 17, 2009 at 12:22 AM, gameman733 > <[email protected]> wrote: >> Just got a Google Wave invite yesterday and got to sit down and play with > it >> a bit today. I was wondering if anyone else on the list has had a chance > to >> do anything with it. Right off the top of my head, I see a couple things >> that could make things interesting if Google has their way with Wave. >> >> >> >> One of the extensions that have been made is a basic html code inserter, > so >> you can insert HTML code directly into a Wave. Obviously only people you >> trust should be added to any particular wave, but one of Google's examples >> at the developer's preview was using a wave for blog comments. I haven't >> tried anything like it just yet, but if you have a wave that anyone can >> contribute to, what's stopping someone from contributing this html > extension >> with some malicious (or even annoying) code in it. It seems to me like it >> would defeat the purpose of some of the html stripping/encoding mechanisms >> on popular webapps. >> >> >> >> Has anyone else had a chance to look into Google Wave at all? >> >> _______________________________________________ >> Pauldotcom mailing list >> [email protected] >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com >> > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com > -- Sent from my mobile device _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
