Already besieged by complaints of shoddy user privacy, Google Buzz is susceptible to exploits that allow an attacker to commandeer accounts and even learn where victims are located, a security researcher said Tuesday.
The XSS, or cross-site scripting, vulnerability is unusual because it affects google.com, the domain that sets authentication cookies for a variety of popular Google services, including Mail, Calendar and Documents. That means an attacker might be able to hijack victims' account simply by tricking them into visiting a booby-trapped link.
What's more, the vulnerability ties into to the much-vaunted Google Location Services, making it possible for the attacker to learn the geographical location of users who have already opted in.
Uzivajte u oblacima... ovakve stvari su samo sneak-preview sveta kada masa ljudi bude "zivela" u nekom "cloud" servisu...
Pitanje je vremena kada ce se desiti prvo ubistvo uz pomoc "oblaka" #)*@(&@#