Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Gmail Information Disclosure Vulnerability
From: "Geoff Shively" <gshively () pivx com>
Date: Mon, 5 Jul 2004 12:04:35 -0700

Full disclosure... True. Nobody is taking issue with the content, just the timing.

10 days is an unreal expectation. Though 10 days may feel like a long time to you sir, it whizez by inside of a growth 
company such as Google.

This type of disclosure is where the motivation for OIS comes from. I am not saying I agree with the OIS 'partner' 
agendas or their execution- though there is some genuine interest in setting basic guidelines based on industry 
experiance, not regulating research or its biproducts (imho not gunna happen). So where is the middle ground as it 
applies to research.


Cheers,
Geoff Shively
Chief Scientist, Founder
PivX Solutions, Inc.

23 Corporate Plaza #280
Newport Beach, CA 92660

http://www.pivx.com
gshively () pivx com
Ticker: PIVX.OB

Mobile: 949.903.8856


-----Original Message-----
From: Tremaine <tremaine () gmail com>
To: System Outage <system_outage () yahoo com>
CC: full-disclosure () lists netsys com <full-disclosure () lists netsys com>
Sent: Mon Jul 05 07:46:16 2004
Subject: Re: [Full-disclosure] Gmail Information Disclosure Vulnerability

It's about posting security advisories.  The initial poster advises
they notified the gmail team, and posted this advisory 10 days later.

It is immaterial whether an application is in alpha, beta or
production.  If the software or application is in use outside the
development team, and there is a security issue, it is relevant to
this list.


It's called Full Disclosure for a reason... not partial disclosure,
not disclosure of production applications only... Full Disclosure.

If you want partial disclosure, you may need to rethink your
subscription to the list.



-- 
Tremaine
IT Security Consultant


----- Original Message -----
From: System Outage <system_outage () yahoo com>
Date: Mon, 5 Jul 2004 06:46:42 -0700 (PDT)
Subject: Re: [Full-disclosure] Gmail Information Disclosure Vulnerability
To: full-disclosure () lists netsys com


If it's not about respect then what is it about? 
 
You have no respect for the Gmail Team, that's for sure.
 
I guess this list isn't about respect...
 
It's about kiddies posting advisories and exploits for fun and little
care for the vendor(s).
 
 
Cheerio


 

amforward () mailsurf com wrote:
System Outage wrote:

|The correct channel to post such "bugs" is the Gmail contact link for "bug 
|reports". 

I have already contacted Gmail about 10 days ago, but I have not received any 
replies till this moment.

|If you had waited until the Gmail dev team declared gmail a public release, 
|you would have gained more respect in the security community scene.

I don't think this is about respect afterall.

Regards,
Ahmed Motaz

------------------------------------------------------
Mailsurf.com your communication portal for SMS,
Email, Fax, E-Cards and more. www.mailsurf.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


________________________________
Do you Yahoo!?
Yahoo! Mail - Helps protect you from nasty viruses.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]