A Less Obvious Way in Which Technology is Disrupting Economics.
July 31, 2014
Top 5 Web Application Vulnerabilities.
June 15, 2014
A security researcher from Israel has discovered a very basic, almost “school boy” level bug in Gmail that could have potentially compromised millions of email addresses. He notified Google, who have rectified the problem and have rewarded the honest fellow with the whooping $500.
Here is the news article that details these events:
For those technically minded, watch the embedded Youtube video that details how Oren Hafif did it.
This news has been circulating around the web causing facepalm reactions for a few days now. We are really not sure what is the bigger PR embarrassment for Google - the simplicity of the bug or the $500 amount.
As a brief background detour, in general there are five types of web application vulnerabilities:
Remote code execution
Format string vulnerabilities
Cross Site Scripting (XSS)
The particular Gmail vulnerability described above can be loosely classed as “username enumeration”.
All five of these types of attacks have been around since the very inception of the Web and despite decades of awareness, haven't diminished but in fact have grown in abundance.