Security Hole Fixed in Google Reader

Google late Wednesday fixed a security flaw in its Google Reader RSS feed aggregation tool, which opened the door for a cross-site scripting attack. The vulnerability was disclosed in detail on Tuesday, and enabled an attacker to steal personal data from Google users.

"What are the implications of this attack for Google? Well, for starters, I can put a phishing site on Google. “Sign up for Google World Beta.” I can steal cookies to log in as the user in question, I can use the credentials of the user to screen scrape any of the content off of the www cname, including changing options like adding my RSS feed to your page, or deleting them," read a post on the ha.ckers.org blog.