Google Blogoscoped

Friday, March 3, 2006

Gmail Security Flaw Fixed

Google fixes a recently uncovered Gmail security flaw that allowed the attacker to run JavaScript in the context of Gmail (which often lead to XSS exploits).

It seems Google was slightly annoyed that the bug was made public in a blog (and then escalated to Digg) without them being notified. Google, maybe you should make sure you reply to all of your emails so people will be more proactive in writing to you? About 1 in 2 of my emails to Google – including the last one where I've told them about a security flaw – stay unanswered.

Here's another recent XSS-related security bug report (this one via Pd). Look at the telling disclosure history:

30th Jan, 2006 -  Bug originally discovered
2nd Feb, 2006  -  Vendor Notified
No vendor response
22nd Feb, 2006 -  Vendor Notified again
22nd Feb, 2006 -  Public Disclosre


Blog  |  Forum     more >> Archive | Feed | Google's blogs | About


This site unofficially covers Google™ and more with some rights reserved. Join our forum!