Bug in Google's Bug Tracker Lets Researcher Access List of Company's Vulnerabilities
https://motherboard.vice.com/en_us/article/evbvqj/bug-in-googles-bug-tracker-lets-researcher-access-list-of-companys-vulnerabilities Google's platform to deal with bugs and unpatched vulnerabilities had a bug that allowed a security researcher to see a full list of known, unpatched vulnerabilities within Google, creating a kind of bug inception that could have led to more damaging hacks. Alex Birsan, a security researcher, found three vulnerabilities inside the Google Issue Tracker, the company's internal platform where employees keep track of requested features or unpatched bugs in Google's products. The largest one of these was one that allowed him to access the internal platform at all. The company has quickly patched the bugs found by Birsan, and there's no evidence anyone else found the bugs and exploited them. - - - OK, external access to random internal Buganizer threads -- and I know Buganizer well from my time consulting internally at Google -- is quite problematic. HOWEVER, the article notes a key point -- in order to exploit this (now fixed) situation, you would have to be someone external who had already been associated with a bug thread. So this was not a good situation, but it was appropriately reported and repaired, and I suspect no damage was done. No harm, no foul. --Lauren-- Lauren Weinstein ([email protected]): https://www.vortex.com/lauren Lauren's Blog: https://lauren.vortex.com Google Issues Mailing List: https://vortex.com/google-issues Founder: Network Neutrality Squad: https://www.nnsquad.org PRIVACY Forum: https://www.vortex.com/privacy-info Co-Founder: People For Internet Responsibility: https://www.pfir.org/pfir-info Member: ACM Committee on Computers and Public Policy Google+: https://google.com/+LaurenWeinstein Twitter: https://twitter.com/laurenweinstein Tel: +1 (818) 225-2800 --- Impeach Trump --- _______________________________________________ nnsquad mailing list https://lists.nnsquad.org/mailman/listinfo/nnsquad
