Monday, September 15, 2008

Mystery Flaw in Google Docs

A potential security flaw was found by accident at Google Docs. The Google Docs session appeared to have "crossed over" with another users. Meaning you may end up seeing a document owned by you (after login), but not (supposed to) owned by you.

Till now, there is no way to re-produce the security flaw at the moment. It suspects the Google Docs flaw comes from a JavaScript error in how Google manages user sessions.

>>> http://blog.isc2.org/isc2_blog/2008/09/serious-securit.html