Google Blog WAS Hacked
Earlier today we reported on a possible hack on the google blog. At the time we were speculating that the mystery post was the result of a hack, It turned out our speculation was correct.
A bug in Blogger enabled an unauthorized user to make a fake post on the Google Blog last night, claiming that we've discontinued our AdWords click-to-call test. The bug was fixed quickly and the post removed. As for the click-to-call test, it is progressing on schedule, and we're pleased with the results thus far.The Google Blog.
This raises a few questions, How secure is the blogger software? Like all software it is inevitable that there are going to be flaws, holes and vulnerabilities. But as the blogger software is not open source it makes finding these holes a lot harder for an attacker, but it also means spotting potential flaws is a lot harder for a patcher.
If an attacker was able to make an unauthorized post on the official google blog, What does that mean for the rest of us? How many other blogs have had unauthorized people make posts on them? In a way Google were very lucky that all this attacker had in mind was a fake news story stating AdWords click-to-call was being scrapped, They could have put anything they wanted on there, The mind boggles.
Google say the "bug" (read as critical vulnerability) was "fixed", But i guess it's only fixed until the next one is found.