Google fixes a recently uncovered Gmail security flaw that allowed the attacker to run JavaScript in the context of Gmail (which often lead to XSS exploits).
It seems Google was slightly annoyed that the bug was made public in a blog (and then escalated to Digg) without them being notified. Google, maybe you should make sure you reply to all of your emails so people will be more proactive in writing to you? About 1 in 2 of my emails to Google – including the last one where I've told them about a security flaw – stay unanswered.
Here's another recent XSS-related security bug report (this one via Pd). Look at the telling disclosure history:
IV. HISTORY 30th Jan, 2006 - Bug originally discovered 2nd Feb, 2006 - Vendor Notified ... ... No vendor response ... ... 22nd Feb, 2006 - Vendor Notified again 22nd Feb, 2006 - Public Disclosre
>> More posts
Advertisement
This site unofficially covers Google™ and more with some rights reserved. Join our forum!