Full Disclosure mailing list archives
Re: Gmail Information Disclosure Vulnerability
From: Maarten <fulldisc () ultratux org>
Date: Mon, 5 Jul 2004 20:55:12 +0200
On Monday 05 July 2004 18:00, System Outage wrote:
If it's about posting advisories, why do many decide to post the exploit along with the advisory. To me this is not a responsible thing to do. Whoever knows how many script kiddies are sleeping on this list and taking advantage of the free exploit giveaway's seen here.
Can we please not have this discussion again ? Even IF you have a valid point, this list was conceived to include PoC code, despite the possible evil consequences. Read the list archives for lots more discussion on this.
10 days isn't an awful long time and the vendor never made primary contact with the user in question. Meaning, for whatever reason the e-mail may not have been delivered and because of this the Gmail Team could easily of been caught short on this issue and a serious hole exposed to the public, before the vendor (Gmail) has had a chance to scramble together an incident response and get the hole patched out, before a serious number of account's become compromised on the service.
Ten days is more than enough for them to answer "Yes we received your mail / Yes we're looking into it, it will take some time before we have an update." Maybe not for microsoft, but what can you do when you receive no reply at all? And if the email actually did not reach them, all the more reason to post to this list. How else do you suggest that people become aware of an issue? Besides, the hole isn't that serious, so where's the fire anyway ? Maarten -- Yes of course I'm sure it's the red cable. I guarante[^%!/+)F#0c|'NO CARRIER _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Gmail Information Disclosure Vulnerability, (continued)
- Re: Gmail Information Disclosure Vulnerability Tremaine (Jul 05)
- Re: Gmail Information Disclosure Vulnerability System Outage (Jul 05)
- Re: Gmail Information Disclosure Vulnerability Rodrigo Barbosa (Jul 05)
- Re: Gmail Information Disclosure Vulnerability Eric LeBlanc (Jul 05)
- Re: Gmail Information Disclosure Vulnerability Tremaine (Jul 05)
- Re: Gmail Information Disclosure Vulnerability System Outage (Jul 05)
- Re: Gmail Information Disclosure Vulnerability Maarten (Jul 05)
- Re: Gmail Information Disclosure Vulnerability Remko Lodder (Jul 05)
- Re: Gmail Information Disclosure Vulnerability Eric LeBlanc (Jul 05)
- Re: Gmail Information Disclosure Vulnerability a (Jul 11)
- Re: Gmail Information Disclosure Vulnerability Maarten (Jul 05)
- Re: Gmail/Yahoo! System Outage (Jul 05)
- Re: Gmail/Yahoo! VX Dude (Jul 06)
- Re: Yahoo! System Outage (Jul 07)
- Re: Yahoo! Geoffrey Huntley (Jul 07)
- Re: Yahoo! System Outage (Jul 07)
- Re: Yahoo! System Outage (Jul 07)
- RE: Gmail Information Disclosure Vulnerability Rodrigo Gutierrez (Jul 06)
- Re: Gmail Information Disclosure Vulnerability System Outage (Jul 05)