Armenian computer professional finds major exploit in Google

PanARMENIAN.Net - "I found this security hole a month ago and immediately informed Google about it, but haven't got any response so far", Vahe G., who doesn't want to reveal his full name, told a PanARMENIAN.Net reporter.

While not getting a response from Google, Vahe decided to demonstrate the security hole in his blog on Google's own blogging platform (Blogger.com). He included a small code that was able to harvest Google e-mail addresses of its visitors who were logged into their Google account. To prove it, the visitors were getting e-mails with Google's headers that were inviting them to revisit the blog. The exploit was affecting also Google Apps users (Google's enterprise solution that has customers among many private and governmental organizations).

Vahe then wrote to a popular technology blog TechCrunch which featured the story bringing Google's attention to the issue. His email was featured in the TechCrunch story where Vahe described himself as "21yrs Armenian guy whom Google doesn’t even want to talk to".

In his e-mail Vahe wrote that he just wanted to challenge the assumption that "big companies act like they all really protect our privacy and such."

Vahe's blog was shut down by Google and the company started an investigation after which the issue was fixed the next day. In a conversation with a PanARMENIAN.Net reporter, Vahe exclusively revealed, that Google has contacted him for details about the application he used on his blog to demonstrate the exploit.