Comments on: All Your Google Docs are Belong To US…

By: Tim Acheson

Tim Acheson — Thu, 16 Jul 2009 14:35:50 +0000

Twitter’s internal systems have just been hacked into, along with the accounts of Twitter users (including celebrities):

http://www.timacheson.com/Blog/2009/jul/twitter_hacked_via_google_apps

The initial point of entry wasn’t a gap in Twitter’s security. The hacker(s) gained access through a Google Apps account. The worry with a Google account is, it’s web-based and therefore only as secure as the rest of the Internet. If yuor Google account is compromised and you use Google Docs in a serious commercial setting, your Twitter account will be the least of your worries.

By: yahoo on vanindita domain name » » Google Mashups Vulnerability

yahoo on vanindita domain name » » Google Mashups Vulnerability — Fri, 27 Feb 2009 18:37:00 +0000

[...] I wanted to be part of this hell of a week (Google’s Dark [...]

By: Google Health « NonaTheNinja

Google Health « NonaTheNinja — Fri, 23 May 2008 14:05:34 +0000

[...] on the article, mentioning several past vulnerabilities: ownership of content issues, Google Docs theft, a cross-domain hole, Google XSS, and a Google Picasa protocol handler issue leading to the theft [...]

By: Zero Day mobile edition

Zero Day mobile edition — Thu, 22 May 2008 15:03:37 +0000

[...] This means that some of the more interesting attacks pulled off on Google applications, see Billy Rios and my previous work on Google Docs, get’s only as much coverage as the security researcher [...]

By: Zero Day mobile edition

Zero Day mobile edition — Wed, 19 Mar 2008 05:06:26 +0000

[...] This reminds me a lot of the work that Billy Rios has helped Google out with, as referenced here, here, and here. In these examples arbitrary user’s documents could be stolen from the Google Docs [...]

By: ibz

ibz — Sat, 29 Sep 2007 19:27:50 +0000

kudos to the Gst team..at least theyre fast at patching vulnerabilities…unlike microcrap

By: sirdarckcat

sirdarckcat — Fri, 28 Sep 2007 16:48:59 +0000

muahaha, now I’m part of the Google’s Dark Week

http://sirdarckcat.blogspot.com/2007/09/google-mashups-vulnerability.html

This is a historic event hehe

Greetz!!

By: Nathan McFeters

Nathan McFeters — Fri, 28 Sep 2007 15:02:29 +0000

Whoa whoa whoa, WE use AppScan, we don’t need consultants! Hahaha. Nothing against WebInspect, AppScan, Fortify, any of them. They are great tools, but they are simply that tools. A machine will never be able to replace the thinking, feeling human mind when it comes to this kind of testing. An application can’t purchase a TV for -$1,000.00 and know that if it get’s credited back to their credit card it’s a bad thing.

I’ve worked with Billy a lot over the last two years, this is just another of the many examples we’ve provided during that time that show you cannot replace the value of a good app security tester.

By: Kishor

Kishor — Fri, 28 Sep 2007 13:59:45 +0000

Good stuff!