Security Flaw in Google Reader Added Subscribers Without Intent

Jul 19, 2007 - 9:27 am 0 by
Filed Under Misc Google

A DigitalPoint Forums member points to a vulnerability within Google Reader that enables blog owners to add code to their blog that will allow any visitor to automatically subscribe to the RSS feed. Patrick Altoft wrote about this discovery and says that if you copy certain code to your site and a user has logged into his/her account, they will automatically be subscribed to your blog:

The problem is that unscrupulous websites can copy the links to Add to Google homepage or Add to Google Reader and open them up in an IFRAME for every visitor, meaning that anybody who visits their website while signed in to a Google account will suddenly have subscribed to the RSS feed on both Google Reader and the Google homepage automatically.

I tried Patrick's demo and it seems to have been fixed. In fact, Matt Cutts responded as well and it appears that the hole has been patched.

In any event, if you want to subscribe to our feeds (and we know you do), we have two RSS feeds (a normal feed and a full feed) and one email feed. You're welcome to Subscribe to any of our feeds.

Forum discussion at DigitalPoint Forums.

 

Popular Categories

The Pulse of the search community

Follow

Search Video Recaps

 
Google Core Update Rumbling, Manual Actions FAQs, Core Web Vitals Updates, AI, Bing, Ads & More - YouTube
Video Details More Videos Subscribe to Videos

Most Recent Articles

Search Forum Recap

Daily Search Forum Recap: March 15, 2024

Mar 15, 2024 - 4:00 pm
Search Video Recaps

Search News Buzz Video Recap: Google Core Update Rumbling, Manual Actions FAQs, Core Web Vitals Updates, AI, Bing, Ads & More

Mar 15, 2024 - 8:01 am
Google Updates

Google March 2024 Core & Spam Update Movement Today

Mar 15, 2024 - 7:51 am
Google

Google Image Search Results Testing Like Button

Mar 15, 2024 - 7:41 am
Google

Google Merchant Center Product Studio With Themed Templates Including St. Patrick's Day

Mar 15, 2024 - 7:31 am
Google Maps

Google Search Dishes Nearby Carousel

Mar 15, 2024 - 7:21 am
Previous Story: Yahoo! Acquires Stake in Tyroo, an Indian Online Advertising Agency