GWA exploit with WP?

Easy – do not use GWA.

Yeh, i know but I mean If people use GWA and browse photomatt.net for example while they are logged in, They might be logged in as PhotoMatt instead of their real username.

Yes, that’s one solution, but only a partial one. If, as the article says, it’s allowing people to post whatever using some other username other than their own the possibilities for comment and MB spam become somewhat more serious to site owners. There is a fix posted, but that’s to block the IP of the google proxy that’s serving the GWA. Somehow that doesn’t seem appetizing, since it’s punishing the people who will not misuse the GWA. Apparently there’s also some changing of webcontent being served via the proxy going on as well (can we say AutoLinks Part 2?)

There are other issues- people using the accelerator, if they mouseover an ad on YOUR site, or a shopping cart button, it seems to be registering as a click even if the mousebutton is not used. What’s that doing to those of you who serve ppc ads??? It’s also screwing up the google adserver, and ignoring robots.txt. More here:

https://fantomaster.com/fantomNews/archives/2005/05/05/the-google-web-accelerator-fiasco/
https://www.threadwatch.org/node/2450#comment-14611
https://fantomaster.com/fantomNews/archives/2005/05/04/google-the-coming-out-of-a-datascraper-spook/
https://blog.searchenginewatch.com/blog/050504-145307

So “Easy” becomes not so easy. Iit affects you if you have a site, even if you don’t use the GWA. Let’s face it, most, if not all, of the people on this support board have a site.

Feel free to voice your concerns with this issue here:
https://www.oag.state.ny.us/online_forms/complaint_misc.jsp

Okay …. I will NEVER use this GWA crap.
That’s not at all ever, even to test.

So if I don’t use it, how is someone going to get MY login details / passwords etc given that google NEVER sees it ? If I do not put my details into that system, then my details cannot be got OUT of that system can they ?

Ads are another thing entirely – if you are talking exploits that does not cover your adsense cash being screwed up.

from what i have read, you only get to see a cached version of what another user sees, but you cannot do anything with that.

would be just like having a picture of the admin interface. they cannot do anything with that.

The problem with the cached picture (assuming that’s what the deal really is – and there’s a fair amount of conjecture that the real deal is something else entirely) lies in the fact that login info may appear in that cached picture. Presumably the password wouldn’t show as text, but even so, it’s a security issue.