WAVE 1, Participants: User 1, MyEvilRobot 1. MyEvilRobot is added and stores the waveID for WAVE 1. WAVE 2, Participants: EvilUser, MyEvilRobot 1. EvilUser, hey robot what waves are you part of? 2. MyEvilRobot: WAVE 1. 3. EvilUser, hey add me to WAVE 1 will you? WAVE 1, Participants: User 1, MyEvilRobot 1. User 1, Adds Blip. 2. MyEvilRobot is triggered by User 1 adding the blip and detects it should add EvilUser to WAVE 1 and creates a new participant of EvilUser. 3. Participants are now User 1, MyEvilRobot, EvilUser.Do you find this a bit scary? I do. You could go further and just have EvilRobot add EvilUser to any waves it is added to. I wonder if it should be required that the participant who adds a robot approve any participants subsequently added by a Robot they added?
Interesting Security Issue with Google Wave Robots
So I was playing around with my Wave Robot and I had an evil thought.
What if I hid a feature in it so that it would covertly store all of the waves it was participating in and I could then ask the Robot to print out the list of waves it was currently involved with from a separate wave. Then I could ask the Robot to join me as a full participant to any one of those waves the next time it was triggered by an event.
Example in a timeline:
Posted 8 months ago
26 Views | Favorited 0 Times
Comments (0)
Leave a comment...