Thursday, December 4, 2008

Is it google's security hole?

Free Image Hosting at

This morning, I've seen a big surprise of Google account. Actually I was signed in with my google account and was exploring around my sites and features. A few minutes later, I was invited to Google Friend Connect application to use as a site owner. So i was trying to put that code in my site. Surprisingly! my account was automatically redirected to someone's account as and been to his site I was so surprised and amazed in stunned, then I checked if I can manage everything at his site, the result is YES! So I dropped a few comments in his home page and then logged out. I dont know how it was happened. Any can explain me that, means it is google security hole, or I accidentially hacked someone site, or my account was hacked?

ဒီေန့ ထူးထူးဆန္းဆန္း တစ္ခုေတြ့တယ္။ ေတာှေတာှေလး ထူးဆန္းတယ္ ေျပာရမလားပဲ။ ဂူဂယ္လ္ဆိုက္ကို သံုးေနရင္း က်ြန္ေတာှ အလိုလို အျခားတစ္ေယာက္ရဲ့ အေကာင့္ထဲကို ေရာက္သြားတယ္။ အေကာင့္က ဒါနဲ့ သူ့ရဲ့ root ကိုျကည့္လိုက္ေတာ့ Soethura.Org ဆိုတဲ့ ဝဘ္ဆိုဒ္တစ္ခုကို ဖြင့္ထားတယ္။ က်ြန္ေတာှ့အေကာင့္နဲ့ မဟုတ္ဘဲ သူ့အေကာင့္နဲ့ ဝင္သြားတာေနာှ။ သူ့ဆိုဒ္ထဲမွာ က်ြန္ေတာှ ျကိုက္တာ လုပ္လို့ရေနတယ္။ ဒါနဲ့ က်ြန္ေတာှ သူ့ကို သတိေပးတဲ့စာေလး ေရးျပီး ျပန္ထြက္လာခဲ့တယ္။ ေတာှေတာှေလး ထူးဆန္းတယ္။ 

Updated (1)

Yes it must be google's big security hole. But I m not the first one to whom it was happened: I found out a case which was quite similar with me, perhaps I didnt touch anything at dns. I think its vulnerability is in either Google Site or Google Friend Connect; the new one! See here [link]

They said fixed, but now you see how? :) [link]

I've already reported to Google Security Team and waiting for their reply.

Update (2) 

Sorry for my mistake: the correct link is 

PS. I forgot to put a big smile (:)) at last! Just wanna remind you all, dont believe on net, and dont put every secrets on net or electronic devices. me tooo (again :))

No comments: