mailing list archives
Re: Gmail Information Disclosure Vulnerability
From: Rudolf Polzer <divzero () gmail com>
Date: Mon, 5 Jul 2004 08:27:34 +0200
Gmail service is in Beta. You have no credibility posting this advisory. The correct channel to post such "bugs" is
the Gmail contact link for "bug reports".
If you weren't a script kiddie or scene whore, you would have known to hold information until such a time that Gmail
became a public service.
Then he'd probably be regarded as a kiddie too... unless he has
reported the bug before. Keeping bugs secret and waiting until many
people use a product, then releasing the advisory is in two senses
a) if you had disclosed the information to the author (here: Google)
before, the bug would most probably have been fixed
b) more people are affected by waiting
Posting it here while gmail is in beta stadium is not SO bad - but one
should also report it to gmail themselves.
Full-Disclosure - We believe in it.