Archive for August 17th, 2007

Today RSnake revealed a cross site scripting vulnerability affecting Google Gadgets in the gmodules.com domain.
This XSS hole allows anybody to store his/her own web content, including JavaScript code, anywhere and to have it rendered and executed in the context of the gmodules.com domain, with no further validation of sort.
RSnake responsibly reported his finding to Google before resorting to public disclosure, but the G guys answered that this behavior is "by design" and won't be fixed.

What does it mean?
(more...)

Bad Behavior has blocked 3411 access attempts in the last 7 days.