[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Google vulnerabilities with PoC

To: Mario Vilas <mvilas@xxxxxxxxx>
Subject: Re: [Full-disclosure] Google vulnerabilities with PoC
From: M Kirschbaum <pr0ix@xxxxxxxxxxx>
Date: Sat, 15 Mar 2014 11:27:28 +0000 (GMT)

Dear Mario,
 
There is nothing to gain being on either side. I have already read the thread 
replies by M. Zalewski. I believe Google is false and does not honor the 
security community.
 Rgds,

M. Kirschbaum 
 
 
 
 
 



On Saturday, 15 March 2014, 11:11, Mario Vilas <mvilas@xxxxxxxxx> wrote:
  
I believe Zalewski has explained very well why it isn't a vulnerability, and 
you couldn't possibly be calling him hostile. :) 



On Sat, Mar 15, 2014 at 11:20 AM, M Kirschbaum <pr0ix@xxxxxxxxxxx> wrote:

I have been watching this thread for a while and I think some people are being 
hostile here. 
>  
>There is nothing to gain being on eithers side but for the sake of security. 
>As a penetration tester, writer, and malware analyst with a long and rewarding 
>career...it would be absurd to admit that this is not a vulnerability. If the 
>content-type fields can be altered and the API accepts it that is undoubtedly 
>a vulnerability, I believe that it shouldn't be there. It would be a shame to 
>say that this is not a security problem. I have seen different responses on 
>this thread but having seen the proof of concept images as well I just think 
>that some of the people commenting here are just being hostile. 
>  
>It doesn't take much for somebody in the field, to see clearly that Google 
>does not want to pay. And I bet any amount of money that the bug bounty 
>program is a way for filing potential threats by name and bank details. 
> 
>Rgds,
>M. Kirschbaum  
> 
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>Hosted and sponsored by Secunia - http://secunia.com/
>


-- 
“There's a reason we separate military and the police: one fights the enemy of 
the state, the other serves and protects the people. When the military becomes 
both, then the enemies of the state tend to become the people.”

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Google vulnerabilities with PoC
  - From: Gynvael Coldwind

References:
- Re: [Full-disclosure] Google vulnerabilities with PoC
  - From: M Kirschbaum
- Re: [Full-disclosure] Google vulnerabilities with PoC
  - From: Mario Vilas

Prev by Date: Re: [Full-disclosure] Fwd: Google vulnerabilities with PoC
Next by Date: [Full-disclosure] [CVE-2013-5951] Multiple Cross Site Scripting Vulnerabilities in eXtplorer 2.1.3
Previous by thread: Re: [Full-disclosure] Google vulnerabilities with PoC
Next by thread: Re: [Full-disclosure] Google vulnerabilities with PoC
Index(es):
- Date
- Thread