Simon Willison’s Weblog

Subscribe

Sunday, 14th January 2007

Details of Google’s Latest Security Hole. For a brief while you could use Blogger Custom Domains to point a Google subdomain at your own content, letting you hijack Google cookies and steal accounts for any Google services.

# 1:36 pm / xss, domainsecurity, google, security