Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

(Googler, opinions on my own)

Are you sure this impacted multiple products? Reading the article the main reason he was able to exploit this for Google docs was the X-Frame-Options header. It's not clear that other products have this.



It works on other Google product that has the "Submit Feedback" link on it. I just tested this out with Google Webmasters and it's an issue there as well.


It is unlikely they wouldn't have checked other products as part of the fix. So I'm going to ask for more proof that you "tested this out".


[flagged]


You can't comment like this on HN; accusing other commenters of having secret conflicts of interest is the HN Guideline 'dang corrects most often here:

https://hn.algolia.com/?dateRange=all&page=0&prefix=false&qu...


Doesn’t seem like an accusation of a conflict of interest to me. Just pointing out who has the burden to test. Since one is paid by the company, it does make sense for testing the company’s products would be his responsibility first.

Whereas the previous comment was accusing the other one of lying about testing it.


Did I miss the place on this thread where the person we're talking about said they worked for Google?


Nope. Sorry. I messed up. Thought I saw the same person commenting who he already said they worked at Google.


An employee of X is better suited to investigate a bug in X than a non-employee is




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: