Google's website optimizer has a major flaw that allows a hacker to execute malicious script on your site.
Anyone got the warning email from Google?
Andy (December 7th, 2010)
Thanks Clinton. Never saw an email from G. It's good to know.
P.S. Just checked, I did get an email today.
Yeah I got it too. I'm not terribly worried because "This attack can only take place if a website or browser has already been compromised by a separate attack" although I'd like to know what that other attack is.
I like this proactive action though, emailing directly rather than just placing a warning in the GWO accounts or on their blog. If Google ever reach Microsoft's level of releasing 'vunerable' software I'll start to worry about them but this is the first time I've known this to happen, anyone know if it's ever happened before?.
As SearchEngineLand reveals, there's been a second security alert from Google within 12 hours. This time it's the goo.gl URL shortening service (but that's more a Twitter problem).
Google's blog doesn't seem to mention the scripting issue. Was the email sent out to only those with active experiments or to everyone?
Anyone knows anything about the wider issue of cross site scripting attacks that this email raises which affects even those who don't have active experiments.