
Google App Engine page already owned by hackers - nickb
http://valleywag.com/377603/google-app-engine-page-already-owned-by-hackers
======
thorax
An XSS is a tad different than being owned (IMHO), but certainly isn't an
ideal thing to see right away.

The cool part is that things like this will encourage them to put more
security-by-default sorts of APIs into GAE.

------
staunch
Most everyone doing lots of web apps gets bitten by XSS at some point. Nothing
embarrassing about it IMHO.

~~~
dcurtis
But Google has probably hired ten PhDs just to make sure none of their
products gets exploited like this.

But the PhDs failed. Thus, it's newsworthy.

~~~
jmzachary
Hiring PhDs for this task was their first mistake.

------
malanalars
That's a simple XSS example hack. Google should have filtered that out, but
it's not that bad either (as long as they react fast).

~~~
apgwoz
While THAT may be an example of a SIMPLE attack, probably for the sake of
showing off, what if "the goog" had exposed web services retrievable by Ajax
for logged in users as part of AppEngine and THAT was exploited via the SIMPLE
XSS hack?

It makes no sense. Why do we just brush stuff under the rug when it's Google
or some other major player that's generally well liked?

------
webframp
misleading headline. plus why is a valleywag article showing up on HN, I can
get that elsewhere.

~~~
m0nty
"misleading headline"

Absolutely. Any fewl know it should be "pwned".

