[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Gmail Information Disclosure Vulnerability

To: System Outage <system_outage@xxxxxxxxx>
Subject: Re: [Full-Disclosure] Gmail Information Disclosure Vulnerability
From: Rudolf Polzer <divzero@xxxxxxxxx>
Date: Mon, 5 Jul 2004 08:27:34 +0200

> Gmail service is in Beta. You have no credibility posting this advisory. The 
> correct channel to post such "bugs" is the Gmail contact link for "bug 
> reports". 
> If you weren't a script kiddie or scene whore, you would have known to hold 
> information until such a time that Gmail became a public service.

Then he'd probably be regarded as a kiddie too... unless he has
reported the bug before. Keeping bugs secret and waiting until many
people use a product, then releasing the advisory is in two senses
contraproductive:

a) if you had disclosed the information to the author (here: Google)
before, the bug would most probably have been fixed
b) more people are affected by waiting

Posting it here while gmail is in beta stadium is not SO bad - but one
should also report it to gmail themselves.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- Re: [Full-Disclosure] Gmail Information Disclosure Vulnerability
  - From: System Outage

Prev by Date: Re: [Full-Disclosure] Gmail Information Disclosure Vulnerability
Next by Date: [Full-Disclosure] XSS in 12Planet Chat Server 2.9
Previous by thread: Re: [Full-Disclosure] Gmail Information Disclosure Vulnerability
Next by thread: Re: [Full-Disclosure] Gmail Information Disclosure Vulnerability
Index(es):
- Date
- Thread