So you might be asking why this isn't bigger news. Well, Google has since fixed this problem and turned this issue into a non-issue. One must wonder whether this form of bug discovery is more sensible or 'correct' than the constant Microsoft bugs published online. Perhaps if Google continues to handle low key notices seriously, they'll never find themselves in the same position as Microsoft?"How did an anti-phishing plugin wind up exposing user names and passwords to the general public? Google's software used a public blacklist, available from Google's servers, which listed sites that were fraudulently pretending to be banking or other financial institutions. Unfortunately, some of these sites embedded usernames and passwords directly into the URL — obviously phishing sites didn't have concerns about security — and were thus viewable by anyone.
Slashdot videos: Now with more Slashdot!
We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).