Google XSS Flaw Patched
Two things we’ve learned: Google is quick about patching security flaws; we can expect that as Google increases its dominance on the Web, it will become a bigger target for hackers.
Dutiful bloggers and Google experts reported this week that a cross-site scripting (XSS) vulnerability could allow malicious hackers to access services associated with Google Accounts. Reluctant to reveal the details of the security hole, these investigators alerted Google to the HTML issue, which Google promptly corrected.
Google said it received no reports of any compromised accounts, but as David Utter wrote yesterday, this a hit to the online giant’s trust bank. Users, perhaps more than Google, dislike reading advice telling them to log out of their accounts when surfing the Web or risk having their accounts hi-jacked.
But it could have been nastier than hackers screwing around with Google Documents and Spreadsheets, or Gmail accounts. Writes Utter:
Imagine the chatter on the blogosphere if someone who profits nicely from AdSense discovered a criminal changed the name and address of the payee account, and got a revenue check redirected by exploiting a cross-site flaw.
Yes, indeed. It’s all fun and games until you mess with another man’s money.
But the larger issue all along has been privacy. When the search pundits realized that the industry was headed toward more personalized search results, created by robots very familiar with your information, preferences, and history, the collective spine-chills took them all aback with what-if scenarios.
And here is one of those what-ifs surfacing. Will the public trust Google and other online companies enough to protect their information. How long and with what conditions will the public trade off their personal data for cool new online applications?