Hacker News new | past | comments | ask | show | jobs | submit login

It's clear this issue will be resolved shortly by Google (the site's already dead).

I just hope that, once fixed, the exploit is released for inspection.

It's not like it was a Google site (gmail, gCal, or whatever) they took down. Google took down his personal blog, which seems really sketchy. Fixing the problem involves more than just taking down the site they says there is a problem.

Posting an active exploit to their hosting service is a pretty massive violation of the blogger ToS, though...

Why is it clear?

They've already taken down the shortened link and blog, so they're definitely working on it. It's a major enough issue that they'll definitely work on it until it's fixed. Plus it seems quite likely that it's a random little exploit in blogspot, and I strongly suspect it's the kind of exploit that's impressive while a secret, and turns out to be some stupidly basic trick with a really easy fix.

See they are just covering their asses at this point. Besides, bugs are not random nor can one casually observe them to be little until more is known.

Might be a huge problem that takes them weeks to solve.

From what I've seen, the majority of privacy issues like this tend to be an exploitation of a feature, i.e. finding a way to use something that it wasn't meant to be used for. As such, fixing the feature (and/or disabling) resolves it.

Sure, it could turn out I'm wrong, but I think the odds are in my favour.

One thing I know for sure, finding security bugs is never an easy task, nobody gives you anything for free on this world. So when I see people who are thinking like you minimizing it I'm saying to myself people should start thinking twice before releasing their findings for free because nobody gonna acknowledge your work anyway.

First, I haven't said that it was easy to find the bug. Second, I said I hope it's released after it's already fixed, so your "for free" point is pretty irrelevant.

Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact