Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Gmail Information Disclosure Vulnerability
From: Rudolf Polzer <divzero () gmail com>
Date: Mon, 5 Jul 2004 08:27:34 +0200

Gmail service is in Beta. You have no credibility posting this advisory. The correct channel to post such "bugs" is 
the Gmail contact link for "bug reports". 
If you weren't a script kiddie or scene whore, you would have known to hold information until such a time that Gmail 
became a public service.

Then he'd probably be regarded as a kiddie too... unless he has
reported the bug before. Keeping bugs secret and waiting until many
people use a product, then releasing the advisory is in two senses

a) if you had disclosed the information to the author (here: Google)
before, the bug would most probably have been fixed
b) more people are affected by waiting

Posting it here while gmail is in beta stadium is not SO bad - but one
should also report it to gmail themselves.

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]