Full Disclosure mailing list archives
Re: Gmail Information Disclosure Vulnerability
From: System Outage <system_outage () yahoo com>
Date: Mon, 5 Jul 2004 09:00:20 -0700 (PDT)
If it's about posting advisories, why do many decide to post the exploit along with the advisory. To me this is not a responsible thing to do. Whoever knows how many script kiddies are sleeping on this list and taking advantage of the free exploit giveaway's seen here. 10 days isn't an awful long time and the vendor never made primary contact with the user in question. Meaning, for whatever reason the e-mail may not have been delivered and because of this the Gmail Team could easily of been caught short on this issue and a serious hole exposed to the public, before the vendor (Gmail) has had a chance to scramble together an incident response and get the hole patched out, before a serious number of account's become compromised on the service. There is a difference between responsible "Full Disclosure" and irresponsible "Full Disclosure". Cheerio Tremaine <tremaine () gmail com> wrote: It's about posting security advisories. The initial poster advises they notified the gmail team, and posted this advisory 10 days later. It is immaterial whether an application is in alpha, beta or production. If the software or application is in use outside the development team, and there is a security issue, it is relevant to this list. It's called Full Disclosure for a reason... not partial disclosure, not disclosure of production applications only... Full Disclosure. If you want partial disclosure, you may need to rethink your subscription to the list. -- Tremaine IT Security Consultant ----- Original Message ----- From: System Outage Date: Mon, 5 Jul 2004 06:46:42 -0700 (PDT) Subject: Re: [Full-disclosure] Gmail Information Disclosure Vulnerability To: full-disclosure () lists netsys com If it's not about respect then what is it about? You have no respect for the Gmail Team, that's for sure. I guess this list isn't about respect... It's about kiddies posting advisories and exploits for fun and little care for the vendor(s). Cheerio amforward () mailsurf com wrote: System Outage wrote: |The correct channel to post such "bugs" is the Gmail contact link for "bug |reports". I have already contacted Gmail about 10 days ago, but I have not received any replies till this moment. |If you had waited until the Gmail dev team declared gmail a public release, |you would have gained more respect in the security community scene. I don't think this is about respect afterall. Regards, Ahmed Motaz ------------------------------------------------------ Mailsurf.com your communication portal for SMS, Email, Fax, E-Cards and more. www.mailsurf.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ________________________________ Do you Yahoo!? Yahoo! Mail - Helps protect you from nasty viruses. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Current thread:
- Gmail Information Disclosure Vulnerability amforward (Jul 04)
- Re: Gmail Information Disclosure Vulnerability System Outage (Jul 04)
- Re: Gmail Information Disclosure Vulnerability D.J. Capelis (Jul 04)
- Re: Gmail Information Disclosure Vulnerability Rudolf Polzer (Jul 05)
- <Possible follow-ups>
- Re: Gmail Information Disclosure Vulnerability amforward (Jul 05)
- Re: Gmail Information Disclosure Vulnerability System Outage (Jul 05)
- Re: Gmail Information Disclosure Vulnerability Syke (Jul 05)
- RE: Gmail Information Disclosure Vulnerability Mark Laurence (Jul 05)
- Re: Gmail Information Disclosure Vulnerability Will Image (Jul 05)
- Re: Gmail Information Disclosure Vulnerability Tremaine (Jul 05)
- Re: Gmail Information Disclosure Vulnerability System Outage (Jul 05)
- Re: Gmail Information Disclosure Vulnerability Rodrigo Barbosa (Jul 05)
- Re: Gmail Information Disclosure Vulnerability Eric LeBlanc (Jul 05)
- Re: Gmail Information Disclosure Vulnerability Tremaine (Jul 05)
- Re: Gmail Information Disclosure Vulnerability System Outage (Jul 05)
- Re: Gmail Information Disclosure Vulnerability Maarten (Jul 05)
- Re: Gmail Information Disclosure Vulnerability Remko Lodder (Jul 05)
- Re: Gmail Information Disclosure Vulnerability Eric LeBlanc (Jul 05)
- Re: Gmail Information Disclosure Vulnerability a (Jul 11)
- Re: Gmail Information Disclosure Vulnerability System Outage (Jul 05)
- Re: Gmail Information Disclosure Vulnerability Maarten (Jul 05)
- Re: Gmail/Yahoo! System Outage (Jul 05)
- Re: Gmail Information Disclosure Vulnerability System Outage (Jul 04)