Python XSS flaw left Google open to attackers
A security researcher reveals how a scripting flaw left many Google services open to an attacker.
This means that an attacker would have a user's Google.com domain cookie, which is the single sign-On cookie to all Google services.
However rather than publish the vulnerability, Inferno reported it straight to Google, which responded within the hour and fixed the flaw after a little more than two weeks.
Inferno said on the blog: "I believe in responsible disclosure, so I waited for this vulnerability to be fixed completely."
Inferno said that the time Google took to fix the flaw was due to vulnerable python script being used in lots of places.
A Google spokesperson said: "We immediately investigated this issue after it was privately reported to us, and we resolved it prior to publication. We take the security of our users very seriously."
Digital document processes in 2020: A spotlight on Western Europe
The shift from best practice to business necessityDownload now
Four security considerations for cloud migration
The good, the bad, and the ugly of cloud computingDownload now
VR leads the way in manufacturing
How VR is digitally transforming our worldDownload now
Deeper than digital
Top-performing modern enterprises show why more perfect software is fundamental to successDownload now