
Finding security issues in a website (or: How to get paid by Google) - twapi
http://adblockplus.org/blog/finding-security-issues-in-a-website-or-how-to-get-paid-by-google
======
tptacek
_Do not_ do this to random people's websites. Google is one of an enlightened
few. You will be surprised how easy it is to piss people off just by looking
for cross-site scripting; something innocuous you do is going to cause popups
to appear for all their customers, and they're going to go ballistic.

People have gotten into legal trouble doing this.

~~~
fmavituna
Just for the record that Google announced that they allow certain checks -
[http://googleonlinesecurity.blogspot.com/2010/11/rewarding-w...](http://googleonlinesecurity.blogspot.com/2010/11/rewarding-
web-application-security.html) (actually encourage and reward - better than
people publicly releasing these for sure) but even for them many
vulnerabilities are still out of scope. Otherwise as you stated this is
illegal in almost all countries.

------
riprock
At the risk of being downvoted, here's a "conspiracy theory." Why did the ad
block for firefox recently stop working for youtube and google sponsored video
ads? Personally, firefox's superior ad block was the last thing preventing me
from defaulting chrome. Maybe google engineers figured out a way around the ad
block, who knows. Regardless, does anyone know an ad block that still takes
care of the video ads?

~~~
Jach
I had this happen to me several weeks ago, it turned out the blocking list I
had subscribed to (EasyList) got switched with the new default "Fanboy's
List". I had switched back and haven't been plagued by video ads since.

~~~
riprock
Yay thanks, that fixed it! Okay now I just sound like a stupid douchebag :)
Hopefully this helps some other people too.

