Sign in / up

back to article Choc Factory patches zero day Google for Work hack hole

Google has patched a vulnerability in the Google Admin application that could allow attackers to steal enterprise accounts. MWR Labs researcher Rob Miller reported the sandbox-hopping hole, rated medium severity, which can be exploited by malware residing on a user's device. The flaw can be used to steal Google for Work …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Anonymous Coward
    Anonymous Coward

    See, it works

    You give a company a deadline, and when that deadline passes, you expose their flaws...and then they'll issue a patch.

    4 0 Reply
    1. Pascal Monett Silver badge
      Reply Icon

      If the deadline is reasonable, yes.

      A better way would be to agree on a deadline. If you can't agree on one, there's a good chance that the company won't be patching anything anyway so by all means, impose a deadline.

      But it's always nicer when people can agree to something.

      1 1 Reply
      1. Steve Evans
        Reply Icon

        It's a tricky thing to judge.

        It's not safe to assume that the white hat hacker is the only person to discover the flaw, a black hat could have discovered the flaw since, or more concerning, before.

        3 0 Reply
        1. phil dude
          Reply Icon
          Thumb Up

          Oh yeah...!

          @Steve Evans: and this is something the political classes haven't learnt regarding backdoors.

          Making stuff work properly is hard enough...

          P.

          2 0 Reply
      2. James 100
        Reply Icon

        No, if you can't agree on a deadline (or equivalent criteria; sometimes there might be a dependence on a third party, like submitting a patched version to the Apple App Store then having to wait for Apple to approve it so users can actually install it) - release it straight away, because they're not engaging properly.

        Anything other than agreeing to expedite a fix with a reasonable timescale sounds too much to me as if they're planning to hide it instead - so if you don't disclose ASAP, you'll probably find their lawyers trying to bury you instead. Every day you delay disclosure is another day they might be using to get a court injunction to gag you about it, as Ross Anderson's guys at Cambridge University have encountered in the past.

        1 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like