RE: Re: Google is vulnerable from XSS attack

["jpierini" <jpierini () hotmail com>]

N3td3v,

I'm just a CISSP, and as discussed numerous times I'm without the elite mad
skills of a hacker (XSS wasn't even on our test!), so it's my guess you must
have found something so amazing insidious, so heavily integrated into the
very bowels of their system, that they're beside themselves with terror. Oh,
those 0-day exploit releases! Why won't the hacking community give the
vendors a reasonable amount of time to cover their asses? Still, the damage
is done, and I'm sure it weighs heavily on your conscious.  Don't blame
yourself, I'm sure that if they had just listened to what you had to say
regarding Yahoo, they could have saved themselves all this misery.

You're a wry one Mr. N3td3v, use your powers for good.

Joseph Pierini, CISSP 

-----Original Message-----
From: full-disclosure-bounces () lists grok org uk
[mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of n3td3v
Sent: Wednesday, December 07, 2005 6:25 AM
To: full-disclosure () lists grok org uk
Subject: Re: [Full-disclosure] Re: Google is vulnerable from XSS attack

Four days on and Google has yet to implement a patch. I guess groups
getting deleted, harvesting of e-mail addresses, and theft of Google /
Gmail accounts isn't that important. :-(

On 12/5/05, Joseph Pierini <jpierini () hotmail com> wrote:
> N3td3v,
>
> Thanks for the info. Wow, it must have been an exhaustive search to find
> that needle in a haystack. I'm sure Google appreciates your time and
effort.
> Keep up the good work!
>
> -J
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/