Last Friday, Philipp Lenssen wrote a fascinating post describing how his associate Tony Ruscoe was able to access Philipp’s Google account: “It’s your worst nightmare – someone reads parts of your Google emails, views your docs, modifies your spreadsheets, checks out your reading habits on the Google personalized homepage or Google Reader, and goes through your search history.”
Tony’s a white-hat hacker, so he reported his exploit to Google’s security team, and they’ve now closed the hole that allowed this to happen. Today, Tony explains what he did and how he thinks Google fixed the problem in Details of Google’s Latest Security Hole, writing “In doing so, I hope to educate other developers about the potential flaws that can occur in growingly complex web applications.”
Opinions expressed in this article are those of the guest author and not necessarily Search Engine Land. Staff authors are listed here.