Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Gmail Information Disclosure Vulnerability

From: Rudolf Polzer <divzero () gmail com>
Date: Mon, 5 Jul 2004 08:27:34 +0200
Gmail service is in Beta. You have no credibility posting this advisory. The correct channel to post such "bugs" is 
the Gmail contact link for "bug reports". 
If you weren't a script kiddie or scene whore, you would have known to hold information until such a time that Gmail 
became a public service.


Then he'd probably be regarded as a kiddie too... unless he has
reported the bug before. Keeping bugs secret and waiting until many
people use a product, then releasing the advisory is in two senses
contraproductive:

a) if you had disclosed the information to the author (here: Google)
before, the bug would most probably have been fixed
b) more people are affected by waiting

Posting it here while gmail is in beta stadium is not SO bad - but one
should also report it to gmail themselves.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: