Google Blogoscoped

Forum

Google XSS Exploit May Show Some Private Data  (View post)

LMZ [PersonRank 1]

Friday, September 28, 2007
16 years ago6,380 views

FireFox + Linux == Best FireWall!

Stephen Tordoff [PersonRank 10]

16 years ago #

Firefox nor Linux are a Firewall, and none of these would remove this vuln

Stephen Tordoff [PersonRank 10]

16 years ago #

Edit: Doesn't matter, I miss read the post, I've seen too much stuff like this recently

TOMHTML [PersonRank 10]

16 years ago #

LMZ > there is a better firewall when you live in China ;-)

James Xuan [PersonRank 10]

16 years ago #

HAHAHA!!!

Luka [PersonRank 10]

16 years ago #

Dial up connexions are good as firewall too...

Haochi [PersonRank 10]

16 years ago #

Well... The best "firewall" in this case would be NoScript.
https://addons.mozilla.org/en-US/firefox/addon/722

James Xuan [PersonRank 10]

16 years ago #

<<Dial up connexions are good as firewall too>>
:D!!!!

Caleb [PersonRank 0]

16 years ago #

So, ditch my firewall, move to China, get dial-up, install "no-script", then I'll be safe? =P

Juha-Matti Laurio [PersonRank 10]

16 years ago #

CSRF (Cross-site Request Forgery) vulnerability in Gmail is fixed now:
http://news.netcraft.com/archives/2007/09/30/google_fixes_gmail_crosssite_request_forgery_vulnerability.html

Juha-Matti Laurio [PersonRank 10]

16 years ago #

New information:
Google AdSense suffers about the same CSRF vulnerability too.
Link to The Spanner post is
http://www.thespanner.co.uk/2007/09/27/google-adsense-csrf-hole/

Credits goes to person writing comment to this SecuriTeam post:
http://blogs.securiteam.com/index.php/archives/1003

James Xuan [PersonRank 10]

16 years ago #

<<So, ditch my firewall, move to China, get dial-up, install "no-script", then I'll be safe? =P>>

Sounds like a plan! Can I come? Pweeeeeease?

Juha-Matti Laurio [PersonRank 10]

16 years ago #

It appears that the post doesn't include information is this vulnerability fixed by Google yet?

Philipp Lenssen [PersonRank 10]

16 years ago #

Yesterday evening, I checked and it still wasn't fixed...

Juha-Matti Laurio [PersonRank 10]

16 years ago #

Okay, Thanks for sharing this information. Let's hope they will fix it ASAP

Tony Ruscoe [PersonRank 10]

16 years ago #

And it's still not fixed.

Philipp Lenssen [PersonRank 10]

16 years ago #

26 days & not fixed?!

James Xuan [PersonRank 10]

16 years ago #

tut,tut goole

Forum home

Advertisement

 
Blog  |  Forum     more >> Archive | Feed | Google's blogs | About
Advertisement

 

This site unofficially covers Google™ and more with some rights reserved. Join our forum!