Blogger Custom Domains, the new feature that allows you to have a blog on your own domain, but hosted by Google for free, had a small bug discovered by Tony Ruscoe and Art-One. When you enter a domain, Google doesn't check if it's your domain (there's no reliable way to do that). To setup your blog, you need to create a CNAME record that points your domain to ghs.google.com. But it's not necessary to do that for ghs.google.com itself.
As Art-One discovered, a blog owner entered ghs.google.com by mistake and his blog was hosted on google.com. The problem is that a page hosted on google.com can read your Google cookie and send it to a server. Someone who has your Google cookie can access your account, if you're already logged in. Fortunately, that blog didn't use any malicious scripts, Google was notified and the problem was fixed quickly.
Tony writes more about the issue and reveals some interesting things:
* You can use Blogger Custom Domains to redirect your blog to another domain or subdomain (you can claim it only once). Even though this feature is useful if you move from Blogger and decide to use another blog software (for example, Wordpress installed on your domain), spammers will have an easier way to redirect BlogSpot blogs to their ugly domains.
* Google should make sure "nobody can host or inject content (and particularly scripts)" on google.com.
* It's a good idea to log out of Google when you're not using Google services and to delete your cookies from time to time (for example, at the end of each bowser session).
Incidents like this are rare and there's no reason to panic.
Labels
Web Search
Gmail
Google Docs
Mobile
YouTube
Google Maps
Google Chrome
User interface
Tips
iGoogle
Social
Google Reader
Traffic Making Devices
cpp programming
Ads
Image Search
Google Calendar
tips dan trik
Google Video
Google Translate
web programming
Picasa Web Albums
Blogger
Google News
Google Earth
Yahoo
Android
Google Talk
Google Plus
Greasemonkey
Security
software download
info
Firefox extensions
Google Toolbar
Software
OneBox
Google Apps
Google Suggest
SEO Traffic tips
Book Search
API
Acquisitions
InOut
Visualization
Web Design Method for Getting Ultimate Traffic
Webmasters
Google Desktop
How to Blogging
Music
Nostalgia
orkut
Google Chrome OS
Google Contacts
Google Notebook
SQL programming
Google Local
Make Money
Windows Live
GDrive
Google Gears
April Fools Day
Google Analytics
Google Co-op
visual basic
Knowledge
java programming
Google Checkout
Google Instant
Google Bookmarks
Google Phone
Google Trends
Web History
mp3 download
Easter Egg
Google Profiles
Blog Search
Google Buzz
Google Services
Site Map for Ur Site
game download
games trick
Google Pack
Spam
cerita hidup
Picasa
Product's Marketing
Universal Search
FeedBurner
Google Groups
Month in review
Twitter Traffic
AJAX Search
Google Dictionary
Google Sites
Google Update
Page Creator
Game
Google Finance
Google Goggles
Google Music
file download
Annoyances
Froogle
Google Base
Google Latitude
Google Voice
Google Wave
Google Health
Google Scholar
PlusBox
SearchMash
teknologi unik
video download
windows
Facebook Traffic
Social Media Marketing
Yahoo Pipes
Google Play
Google Promos
Google TV
SketchUp
WEB Domain
WWW World Wide Service
chord
Improve Adsence Earning
jurnalistik
sistem operasi
AdWords Traffic
App Designing
Tips and Tricks
WEB Hosting
linux
How to Get Hosting
Linux Kernel
WEB Errors
Writing Content
award
business communication
ubuntu
unik