The Wake of Google Security Concerns
Coop, Did You Mean, Office, Oops, Security, YouTube
RSnake of web security site Ha.ckers.org reports a serious XSS vulnerability in Google’s online office suite - Google Docs, that’s used by hundreds of thousands users and businesses.
Technically, one can inject malicious code into a document and trick Google Docs so whenever a logged-in Google user visits the Google Docs document, the user’s cookies will be sent and recorded on a non-Google server. Non-technically, some bad guys can have full access to your Google Docs documents without your knowledge and do whatever they want, if you step on a wrong site. I advise you to only visit trusted sites or install AdBlock Plus and configure to block the Google Docs’ site. I heard that it helps, can’t guarantee though.
Another vulnerability, not a direct threat to your Google data, but to the sites that uses Google’s Custom Search Engine. So just as above, some bad guys can steal your data (information) of whatever site you are on.
Also, security research Christian posted an ultimatum on the Sla.ckers’ forum regarding to multiple security holes in the YouTube system that can cause a privacy concern for YouTube users. He said that he would fully disclose the vulnerabilities in two weeks if Google doesn’t work with him to solve the issue. This is after he informed the Google security team, which handled his email carelessly.
None of these seem to be fixed as I am writing this, so keep an careful eye on the sites you are visiting. Good luck. :)
