Re: Re: [WEB SECURITY] Cross Site Scripting in Google

[nocfed <nocfed () gmail com>]

On 7/7/06, Mike Duncan <security () randomtask net> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Martin O'Neal wrote:
>
> Actually, I think this is the point the author was trying to make. We
> should not be thinking about the interests of a company who has ignored
> issues in the past.

Ignored what?  A non-security alert that was probably understood as a joke?

> The author did the right thing here by posting examples in the past of
> Google ignoring possible issues with their website.

Just because someone does not get a reply to an email does not mean
that the issue(s) are ignored.

> I think the author
> actually went above and beyond the "requirements" of the list(s) and its
> reader base as well.

I think not.

http://www.wiretrip.net/rfp/policy.html

> And the debate continues...

Nothing to really debate.  This list is not a band wagon.  You should
not just jump on and assume you know the ACCEPTED and UNDERSTOOD
guidelines.

On top of that, what is up with your ignorance with adding every
person in the thread to your CC list?  You like duplicate emails so
force them on other people?  Read http://www.ietf.org/rfc/rfc1855.txt

> Mike Duncan
> security () randomtask net
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.2.2 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFErnK1OSRBehttuMoRAu2KAKDCWdH1z3RuZ4stX0PeQY5ely3KiQCfaR8b
> y4pY794d1xgNW6P1tsIdqtk=
> =a/SO
> -----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/