Google Buzz 'web bug' patched and Option to disable Buzz added

Google fixed a Web flaw that gave hackers a way to take control of Google Buzz accounts. The bug lay in the m.google.com domain used by Google Buzz for mobile, and could have been exploited by hackers to manipulate other people's Google Buzz accounts. This type of flaw, known as a cross-site scripting error, is […]

Google fixed a Web flaw that gave hackers a way to take control of Google Buzz accounts. The bug lay in the m.google.com domain used by Google Buzz for mobile, and could have been exploited by hackers to manipulate other people's Google Buzz accounts. This type of flaw, known as a cross-site scripting error, is common, but it can have nasty consequences on widely used sites such as Google. In addition to taking control of Buzz accounts, scammers could have leveraged the flaw to create hard-to-detect phishing pages that used the Google.com Web domain. In an email message confirming that the bug had been patched, Google spokesman Jay Nancarrow said that the company has "no indication that the vulnerability was actively abused." Also, Google eanabled a faster way to fully disable Buzz “clicking hyperlink at the bottom of your Gmail screen that turns Buzz off, you'll be taken to your Settings screen, where you'll have options about displaying Buzz in Gmail, and even disabling Google Buzz completely. Choose this latter option to nix Buzz in Gmail, unfollow buddies, break off any connected sites associated with your name, and eradicate both your Google Profile and Buzz posts.”