Got Ads?
1/18/2007
  Google Gmail - XSS Fixes

Om Malik wonders if people are seeing Gmail outages. Yes is the answer.

The reason is that Google is feverishly working to patch Cross-site scripting(XSS) security problems - as reported by Philipp and Jeremiah Grossman.

People have no idea how insecure browser based apps currently are. Read this XSS / CSRF FAQ to start. I predict 2007 will see a massive increase in XSS security problems and awareness.

Simple rule in the meantime: Don't store anything really important on the internet. Seriously.

Update: I feel a little silly about that last piece of advice, since the internet is so intrinsic to business these days.

The CSRF threat is that someone could get a hold of Javascript data while your browser is logged into an app like Google GMail, or AdWords.

It struck me that Google AdWords, MSN AdCenter and Yahoo's Panama probably have a ton of interesting stuff sitting in Javascript data structures. That data was / is probably vulnerable as well. It's probably just a matter of time until someone exploits one of those.

Labels:

 


Links to this post:

Create a Link



<< Home

Subscribe to GotAds?



Links



Recent Posts

Google Gmail - XSS Fixes


Archives

February 2005 /  March 2005 /  April 2005 /  May 2005 /  June 2005 /  July 2005 /  August 2005 /  September 2005 /  October 2005 /  November 2005 /  December 2005 /  January 2006 /  February 2006 /  March 2006 /  April 2006 /  May 2006 /  June 2006 /  July 2006 /  August 2006 /  September 2006 /  October 2006 /  November 2006 /  December 2006 /  January 2007 /  February 2007 /  March 2007 /  April 2007 /  May 2007 /  June 2007 /  July 2007 /  August 2007 /  September 2007 /  October 2007 /  November 2007 /  December 2007 /  January 2008 /  February 2008 /  March 2008 /  April 2008 /  May 2008 /  June 2008 /  July 2008 /  August 2008 /  September 2008 /  November 2008 /  December 2008 /  January 2009 /  March 2009 /