Simon Willison’s Weblog


Sunday, 14th January 2007

Details of Google’s Latest Security Hole. For a brief while you could use Blogger Custom Domains to point a Google subdomain at your own content, letting you hijack Google cookies and steal accounts for any Google services.

# 1:36 pm / domainsecurity, google, security, xss