On Tuesday he demonstrated an ingenious potential application of the bug: a phishing exploit that announced that Google was becoming a subscription service, and invited the victim to enter their credit card details. Still no response.
Google finally sat up and took notice after the vulnerability was posted on the Security Focus BugTraq mailing list. Google couldn't explain why it didn't have a working email or phone contact for security alerts, but according to Jim, seemed anxious that he remove the phishing example.
In fact as he points out, the vulnerability is over two years old.
"Hopefully Google will get in touch explain what went wrong with the communication of the issue, hopefully Google will realise that a phone number of the security team on the web would also help," he writes.
It's good to know Google takes security as seriously as it takes privacy. ®
Gates: PC will replace TV, TV will become a giant Google
Talented flunkeys unite against phishing
Google Desktop privacy branded 'unacceptable'
Google's Gmail: spook heaven?
Google's Ethics Committee revealed
Google decides banner ads, skyscrapers are not evil
Google values its own privacy. How does it value yours?