|
|
|
|
|
|
by martinced
4858 days ago
|
|
|
Apparently nobody mentioned it yet but TFA talks about the "timeline" and ends up saying that, two days before publicly reporting, Google did change something (after all, after saying for 6 months that the exploit was an expected behavior): "2013/02/21: Fix is pushed by Google to prevent ASP-initiated sessions from accessing sensitive account interfaces." So is that one particular hole describe in the article / blog fixed or not!? |
|
|