Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Gmail Information Disclosure Vulnerability
From: "D.J. Capelis" <djcapelisp () yahoo com>
Date: Sun, 4 Jul 2004 17:41:19 -0700 (PDT)

The notion that this list is only for reporting
bugs in software that isn't in beta is absurd. 
If there's a major vulnerablity in gaim or
firefox I'd expect to hear about them on this
list.  (Both are in beta (firefox is alpha I
think they like to say these days?))  If there is
a large userbase using it that is vulnerable to a
security concern then it should be on this list. 
That's what this list is about, making people
aware and sharing new security vulnerabilities.

So stop shouting that (s)he's losing
"credibility" in the "scene."  In my eyes he
gained a lot by actually classifying his neat
little hack by saying it's got a really low
severity.  (And by finding a small hole in gmail,
there's plenty of people looking and google has
some great coders.)  More "respected" security
firms should take a leaf from his/her book and
learn to mark severity of their discoveries
correctly.

(And really?  The security "scene?"  What is this
too you, a little social teaparty?)

~D.J. Capelis~
Security and Cryptography Researcher

--- System Outage <system_outage () yahoo com>
wrote:
Gmail service is in Beta. You have no
credibility posting this advisory. The correct
channel to post such "bugs" is the Gmail
contact link for "bug reports". 
 
If you weren't a script kiddie or scene whore,
you would have known to hold information until
such a time that Gmail became a public service.
 
Then and only then would anyone take this
advisory seriously!
 
You obviously have no understanding of the
"Beta" state of a development. The fact that a
team of developers are in the state of "Beta"
means that the developers are fully aware the
service may not be entirely secure and they
wish feedback via Google's own beta "bug
report" channels.
 
All in all, this is  a "beta bug report" and
nothing else. If you had waited until the Gmail
dev team declared gmail a public release, you
would have gained more respect in the security
community scene.
 
Cheerio
 




        
                
__________________________________
Do you Yahoo!?
New and Improved Yahoo! Mail - 100MB free storage!
http://promotions.yahoo.com/new_mail 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]