Full Disclosure mailing list archives
Re: Gmail Information Disclosure Vulnerability
From: System Outage <system_outage () yahoo com>
Date: Mon, 5 Jul 2004 10:57:31 -0700 (PDT)
It's against my morals to give tips on how to hack,exploit,compromise Gmail on a public mailing list, which could assist malicious users to further destroy the service. However, I welcome users to compromise my Gmail account. My address is system.outage () gmail com I suspect I won't have that account for very much longer. Happy hacking. Cheerio amforward () mailsurf com wrote: System Outage wrote: |...why do many decide to post the exploit along with the advisory. I'd like to draw your attention to the fact that the accompanying code to the advisories you talk about is usually not referred to as "exploits." These are actually called "proof of concepts." It's true some people misuse them, but these "exploits" do help greatly in understanding the problem, finding more similar/related problems, and even patching it/them. |...a serious hole exposed to the public, before the vendor (Gmail) has had a |chance to scramble |together an incident response and get the hole patched |out, before a serious number of account's |become compromised on the service. I agree with you. "Serious" holes should be reported to the vendor some time before it's disclosed to public. Patience is a must in this case (not infinite though). However, I don't think this applies to the thread we are talking about. This is a vulnerability with very low severity. This is also a beta service and you should use it at your own risk. Aside from that, I am, however, still concerned whether this vulnerability can be escalated to higher severity. Could the same problem exist with other scripts? Can I edit my profile, for example, and find someone else's profile, and perhaps his secret answer? Your thoughts are highly appreciated. Regards, Ahmed Motaz ------------------------------------------------------ Mailsurf.com your communication portal for SMS, Email, Fax, E-Cards and more. www.mailsurf.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html --------------------------------- Do you Yahoo!? Yahoo! Mail - 50x more storage than other providers!
Current thread:
- Re: Gmail Information Disclosure Vulnerability, (continued)
- Re: Gmail Information Disclosure Vulnerability a (Jul 11)
- Re: Gmail Information Disclosure Vulnerability Maarten (Jul 05)
- Re: Gmail/Yahoo! System Outage (Jul 05)
- Re: Gmail/Yahoo! VX Dude (Jul 06)
- Re: Yahoo! System Outage (Jul 07)
- Re: Yahoo! Geoffrey Huntley (Jul 07)
- Re: Yahoo! System Outage (Jul 07)
- Re: Yahoo! System Outage (Jul 07)
- RE: Gmail Information Disclosure Vulnerability Rodrigo Gutierrez (Jul 06)
- Re: Gmail Information Disclosure Vulnerability System Outage (Jul 05)