[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Google open redirect
- To: "full-disclosure@xxxxxxxxxxxxxxxxx" <full-disclosure@xxxxxxxxxxxxxxxxx>
- Subject: Re: [Full-disclosure] Google open redirect
- From: Gage Bystrom <themadichib0d@xxxxxxxxx>
- Date: Thu, 8 Dec 2011 09:49:17 -0800
Good point.
Makes me wonder though how many people realize that ZDi and such are third
parties.....
On Dec 8, 2011 9:47 AM, <Valdis.Kletnieks@xxxxxx> wrote:
> On Thu, 08 Dec 2011 14:24:21 -0300, Pablo Ximenes said:
> > 2011/12/8 Michal Zalewski <lcamtuf@xxxxxxxxxxx>
> > > If you don't like it, let us know how to improve it. You also always
> > > have the option of not researching vulnerabilities in these platforms;
> > > going with the full-disclosure approach; or selling the flaws to a
> > > willing third party.
>
> > Well, selling flaws to third parties might be considered a crime in some
> > places, so I would be cautious with that approach.
>
> I suspect a large portion of the people who are selling flaws to third
> parties
> are not at all concerned about whether selling the flaw is a crime, as
> often the
> bigger question is how many crimes were committed in the discovery
> process...
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/