13 January 2007

On Google Account Hijacking

I wasn’t going to post anything about this security vulnerability I discovered yesterday, but then I read this post by Jim Thomson over on the TechBlog saying:

Tony Ruscoe is a web designer who achieved his 15 minutes of Google fame when he discovered the Google Base domain in October of 2005. There’s no mention of the exploit at Ruscoe’s blog; the most recent thing there is a recipe for his New Year’s Day pie. Apparently he’s been too busy breaking into Google to do much blogging.

Heh. (I guess they got that ‘Google fame’ bit from my About page.)

So anyway, I figured I should probably acknowledge what happened just in case people are visiting my website expecting to find more details about the exploit. Right now, there’s not much more to add to what Philipp’s already said. However, since Google’s Security Team has confirmed the problem is now fixed, I’ll be making a post over at Google Blogoscoped soon that will shed some more light on the ins-and-outs of this particular vulnerability.

Update: 14 January 2007 (17:06)
The post is now online: Details of Google’s Latest Security Hole

And remember, security problems like this are rare at Google – so sleep well and don’t have nightmares.