ThinkFree Online, the free online edition of ThinkFree Office that says "[t]he importance of security for all Personally Identifiable Information associated with our user is of utmost concern to us" in their Privacy Policy failed to address to a XSS vulnerability in more than 45 days after I sent them the email regarding to the vulnerability in July (which was "referred to the development team" a day later).

According to the ThinkFree Blog, they have over 1 million document hosted and more than 335,000 users, as of August 12.

I mean like, it's only going to take them 3 minutes to have a temporally fix. They must be high on Kool-Aid or something.

FTW.

Comments

Haochi,

Actually, this issue has been resolved. As you can imagine, information security and privacy is of utmost importance to us at ThinkFree. If you have any further suggestions or comments please feel free to contact us at support@thinkfree.com.

Best regards,
Kevin

Kevin - 09.18.07 #