There were two very simple Google Glass Mirror's quickstart DOS and XSS vulnerabilities. The fixes have been introduced in changeset https://github.com/googleglass/mirror-quickstart-java/commit/738352eb5b5b73aa7bb911d0aeee3386f40dbf26

The DOS fix is rather simple. Limit the request to 1000 lines. The XSS fix is hackish but works. Instead of reflecting the client's input back to the user, the error is directed to the error logging infrastructure. Let's hope the error logging infrastructure is anti-XSS enabled.

Based in San Francisco Bay Area, Securesql is a blog by John Menerick. His insights dissect complex systems, offering a masterclass in cyber guardianship through expert analysis and cutting-edge protective strategies.

Based in San Francisco Bay Area, SecureSQL is a blog by John Menerick. His insights dissect complex systems, offering a masterclass in cyber guardianship through expert analysis and cutting-edge protective strategies.

Based in San Francisco Bay Area, Securesql is a blog by John Menerick. His insights dissect complex systems, offering a masterclass in cyber guardianship through expert analysis and cutting-edge protective strategies.

May 2 Google Glass Developer program - DOS and XSS

May 3 BlackEnergy botnet 0days

Apr 18 37Signal's Open Redirect

Based in San Francisco Bay Area, SecureSQL is a blog by John Menerick. His insights dissect complex systems, offering a masterclass in cyber guardianship through expert analysis and cutting-edge protective strategies.