Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Security Bug Google

Bug in Google's Bug Tracker Lets Researcher Access List of Company's Vulnerabilities (vice.com) 37

Lorenzo Franceschi-Bicchierai, writing for Motherboard: Google's platform to deal with bugs and unpatched vulnerabilities had a bug that allowed a security researcher to see a full list of known, unpatched vulnerabilities within Google, creating a kind of bug inception that could have led to more damaging hacks. Alex Birsan, a security researcher, found three vulnerabilities inside the Google Issue Tracker, the company's internal platform where employees keep track of requested features or unpatched bugs in Google's products. The largest one of these was one that allowed him to access the internal platform at all. The company has quickly patched the bugs found by Birsan, and there's no evidence anyone else found the bugs and exploited them. Still, these were bad bugs, especially the one that gave him access to the bug-tracking platform, which could have provided hackers with a list of vulnerable targets at Google. "Exploiting this bug gives you access to every vulnerability report anyone sends to Google until they catch on to the fact that you're spying on them," Birsan told Motherboard in an online chat. "Turning those vulnerability reports into working attacks also takes some time/skill. But the bigger the impact, the quicker it gets fixed by Google. So even if you get lucky and catch a good one as soon as it's reported, you still have to have a plan for what you do with it."
This discussion has been archived. No new comments can be posted.

Bug in Google's Bug Tracker Lets Researcher Access List of Company's Vulnerabilities

Comments Filter:

As you will see, I told them, in no uncertain terms, to see Figure one. -- Dave "First Strike" Pare

Working...