Full Disclosure: Re: Google vulnerabilities with PoC

Re: Google vulnerabilities with PoC

From: M Kirschbaum <pr0ix () yahoo co uk>
Date: Sat, 15 Mar 2014 11:27:28 +0000 (GMT)

Dear Mario,
 
There is nothing to gain being on either side. I have already read the thread replies by M. Zalewski. I believe Google 
is false and does not honor the security community.
 Rgds,

M. Kirschbaum 
 
 
 
 
 



On Saturday, 15 March 2014, 11:11, Mario Vilas <mvilas () gmail com> wrote:
  
I believe Zalewski has explained very well why it isn't a vulnerability, and you couldn't possibly be calling him 
hostile. :) 



On Sat, Mar 15, 2014 at 11:20 AM, M Kirschbaum <pr0ix () yahoo co uk> wrote:

I have been watching this thread for a while and I think some people are being hostile here.

  
There is nothing to gain being on eithers side but for the sake of security. As a penetration tester, writer, and 
malware analyst with a long and rewarding career...it would be absurd to admit that this is not a vulnerability. If 
the content-type fields can be altered and the API accepts it that is undoubtedly a vulnerability, I believe that it 
shouldn't be there. It would be a shame to say that this is not a security problem. I have seen different responses on 
this thread but having seen the proof of concept images as well I just think that some of the people commenting here 
are just being hostile. 
  
It doesn't take much for somebody in the field, to see clearly that Google does not want to pay. And I bet any amount 
of money that the bug bounty program is a way for filing potential threats by name and bank details. 
 
Rgds,
M. Kirschbaum  
 
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



-- 
“There's a reason we separate military and the police: one fights the enemy of the state, the other serves and protects 
the people. When the military becomes both, then the enemies of the state tend to become the people.”

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

By Date By Thread

Current thread:

Re: Fwd: Google vulnerabilities with PoC, (continued)
- Re: Fwd: Google vulnerabilities with PoC M Kirschbaum (Mar 15)
  - Re: Fwd: Google vulnerabilities with PoC Michal Zalewski (Mar 15)
- Re: Google vulnerabilities with PoC M Kirschbaum (Mar 15)
  - Re: Google vulnerabilities with PoC Mario Vilas (Mar 15)
    - Re: Google vulnerabilities with PoC antisnatchor (Mar 15)
    - Re: Google vulnerabilities with PoC M Kirschbaum (Mar 15)
    - Re: Google vulnerabilities with PoC Gynvael Coldwind (Mar 15)
    - Re: Google vulnerabilities with PoC Mario Vilas (Mar 15)
    - Re: Google vulnerabilities with PoC M Kirschbaum (Mar 16)
    - Re: Google vulnerabilities with PoC Mario Vilas (Mar 15)
    - Re: [SPAM] [Bayesian][bayesTestMode] Re: Google vulnerabilities with PoC Thomas Williams (Mar 16)
    - Re: [SPAM] [Bayesian][bayesTestMode] Re: Google vulnerabilities with PoC Mario Vilas (Mar 15)
    - Re: [SPAM] [Bayesian][bayesTestMode] Re: Google vulnerabilities with PoC Stefan Jon Silverman (Mar 15)
    - Re: [SPAM] [Bayesian][bayesTestMode] Re: Google vulnerabilities with PoC The Doctor (Mar 18)
    - Re: [SPAM] [Bayesian][bayesTestMode] Re: Google vulnerabilities with PoC Leutnant Steiner (Mar 19)
    - Re: [SPAM] [Bayesian][bayesTestMode] Re: Google vulnerabilities with PoC Exibar (Mar 16)
(Thread continues...)