How to confirm a Google user’s specific email address (Bug Bounty Submission)

I recently reported an issue to Google, which allows an attacker to confirm whether a visitor to a web page is logged in to any one of a list of specific Google accounts (including GSuite accounts). It is possible to check about 1000 email addresses every 25 seconds. Google have confirmed this as working as intended, and not considered a bug.

You can test it out yourself on this demo page.

Firstly, a video of a proof of concept, where I identify an account (myself) against a list of 20 accounts:

Continue reading

Googlebot now accepting Cookies

In the last couple of days Google announced that they were going to start executing javascript on most pages they visit and thus rendering pages far more akin to how our browsers do it. It was inevitable they’d need to do this, so it is a welcome update.

Then today, they announced an updated tool in Webmaster Tools that extends the previous “Fetch as Googlebot” feature with an additional option which enables this new javascript capabilities and returns you a screenshot of the rendered page. Very cool!

Continue reading

Google Exploit – Steal Account Login Email Addresses

tl;dr I found a bug that allowed me to find anyone with a Google+ account’s login email address (even if they chose not to share it). This could be used to target specific people or just crawl Google+ collecting emails, and tying them easily to other social accounts as step one of something nefarious (e.g spear phishing, or other account compromise). This has now been fixed by Google’s security ninjas.

Continue reading

Machine Learning for SEOs (on Moz)

Since the Panda and Penguin updates, the SEO community has been talking more and more about machine learning, and yet often the term still isn’t well understood. We know that it is the “magic” behind Panda and Penguin, but how does it work? Why didn’t they use it earlier? What does it have to do with the periodic “data refreshes” we see for both of these algorithms? I think that machine learning is going to be playing a bigger and bigger role in SEO, and so I think it is important that we have a basic understanding of how it works.

From Keywords to Contexts: the New Query Model (on Moz)

As SEOs we talk a lot about “search queries” (or simply “searches”), yet I think search has outgrown our definition of what exactly a search query is. In this post I’m going to explain how I think the old definition is fast becoming less and less useful to us, and also how I believe this is going to mean we’re going to talk about keywords less and less. Our understanding of what we mean when we say “query” has become too narrow.

Linkgex: Tool to Get Links to Specific Subsets of Pages (on Distilled)

Recently I have found myself fairly frequently wanting to get links that are linking to a certain sub-section of a website (i.e. links to only certain pages on the domain). I tend to use a mix of OpenSiteExplorer, Majestic, and Ahrefs when I get backlinks, but currently none of these services actually allow me to get backlinks in such a fashion. I decided to put together a short script proof of concept script to do this.