Full Disclosure mailing list archives
Re: Slashdot: Gmail Accounts Vulnerable to XSS Exploit
From: Nancy Kramer <nekramer () mindtheater net>
Date: Sun, 31 Oct 2004 03:05:09 -0500
Google is very secretive about everything. Don't expect them to share information.
Regards, Nancy Kramer Webmaster http://www.americandreamcars.com Free Color Picture Ads for Collector Cars One of the Ten Best Places To Buy or Sell a Collector Car on the Web At 11:22 PM 10/30/2004, n3td3v wrote:
I feel sorry for all the security pros outside of gmail and google, so I say the below on behalf of them... Should the general public be expecting a disclosure of the vulnerability to security mailing lists once a solution has been implemented to patch the hole, so other web-based services are aware of the possibility of the same problem being an issue for them, or should gmail be keeping everything secret after they patch. I guess if gmail team did not want to make a public disclosure of the vulnerability, the gmail folks would send a private e-mail to people like yahoo, if it was found to be a current issue for other webbased e-mail services, or in future possibilities. If none of the above, can we expect the "hacker" to make an announcement once he has heard back from the vendor that a solution and patch has been implemented. If this was a private disclosure, then no one would be asking for a public announcement of the vulnerability, but since this has been made into a public, high profile disclosure, is it not right in the public interest for ethier the "hacker" or gmail team to make the vulnerability known, after its safe to do so. Thanks, n3td3v _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.784 / Virus Database: 530 - Release Date: 10/27/2004
--- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.784 / Virus Database: 530 - Release Date: 10/27/2004
Current thread:
- Slashdot: Gmail Accounts Vulnerable to XSS Exploit Shoshannah Forbes (Oct 30)
- Re: Slashdot: Gmail Accounts Vulnerable to XSS Exploit n3td3v (Oct 30)
- Re: Slashdot: Gmail Accounts Vulnerable to XSS Exploit Calum Power (Oct 30)
- Re: Slashdot: Gmail Accounts Vulnerable to XSS Exploit morning_wood (Oct 30)
- Re: Slashdot: Gmail Accounts Vulnerable to XSS Exploit Calum Power (Oct 30)
- Re: Slashdot: Gmail Accounts Vulnerable to XSS Exploit morning_wood (Oct 30)
- Re: Slashdot: Gmail Accounts Vulnerable to XSS Exploit n3td3v (Oct 30)
- Re: Slashdot: Gmail Accounts Vulnerable to XSS Exploit Nancy Kramer (Oct 31)
- Re: Slashdot: Gmail Accounts Vulnerable to XSS Exploit n3td3v (Oct 31)
- Re: Slashdot: Gmail Accounts Vulnerable to XSS Exploit Jesse Ruderman (Oct 31)
- Re: Slashdot: Gmail Accounts Vulnerable to XSS Exploit morning_wood (Oct 30)