Couldn’t think of a sarcastic title for this post, and I don’t think it makes a heck of a lot of difference anyway - it’s just news, and not much to worry about. The Google Search Appliance, that box companies throw on the rack to help them weed through data on their own networks, opens up a cross-site scripting vulnerability that can allow phishers to promote their own scams.

Google has already issued a fix, and if the organizations using the system don’t want to pay attention, it becomes their problem alone.