Google Blogoscoped

Friday, March 3, 2006

Gmail Security Flaw Fixed

Google fixes a recently uncovered Gmail security flaw that allowed the attacker to run JavaScript in the context of Gmail (which often lead to XSS exploits).

It seems Google was slightly annoyed that the bug was made public in a blog (and then escalated to Digg) without them being notified. Google, maybe you should make sure you reply to all of your emails so people will be more proactive in writing to you? About 1 in 2 of my emails to Google – including the last one where I've told them about a security flaw – stay unanswered.

Here's another recent XSS-related security bug report (this one via Pd). Look at the telling disclosure history:

IV. HISTORY
30th Jan, 2006 -  Bug originally discovered
2nd Feb, 2006  -  Vendor Notified
... 
... 
No vendor response
...
...
22nd Feb, 2006 -  Vendor Notified again
22nd Feb, 2006 -  Public Disclosre

Gmail Security Flaw Fixed by Philipp Lenssen | Comments (8)

>> More posts

Advertisement

 
Blog  |  Forum     more >> Archive | Feed | Google's blogs | About
Advertisement
Books about Google on Ebay
Want to make money with your website? AllPosters.com Affiliates Program Advertise here?

 

This site unofficially covers Google™ and more with some rights reserved. You can subscribe to the feed, email your tips and join our forum!