lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: nekramer at mindtheater.net (Nancy Kramer)
Subject: Slashdot: Gmail Accounts Vulnerable to
  XSS Exploit

Google is very secretive about everything.  Don't expect them to share 
information.

Regards,

Nancy Kramer
Webmaster http://www.americandreamcars.com
Free Color Picture Ads for Collector Cars
One of the Ten Best Places To Buy or Sell a Collector Car on the Web

At 11:22 PM 10/30/2004, n3td3v wrote:

>I feel sorry for all the security pros outside of gmail and google, so
>I say the below on behalf of them...
>
>Should the general public be expecting a disclosure of the
>vulnerability to security mailing lists once a solution has been
>implemented to patch the hole, so other web-based services are aware
>of the possibility of the same problem being an issue for them, or
>should gmail be keeping everything secret after they patch.
>
>I guess if gmail team did not want to make a public disclosure of the
>vulnerability, the gmail folks would send a private e-mail to people
>like yahoo, if it was found to be a current issue for other webbased
>e-mail services, or in future possibilities.
>
>If none of the above, can we expect the "hacker" to make an
>announcement once he has heard back from the vendor that a solution
>and patch has been implemented.
>
>If this was a private disclosure, then no one would be asking for a
>public announcement of the vulnerability, but since this has been made
>into a public, high profile disclosure, is it not right in the public
>interest for ethier the "hacker" or gmail team to make the
>vulnerability known, after its safe to do so.
>
>Thanks,
>
>n3td3v
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.netsys.com/full-disclosure-charter.html
>
>
>
>
>---
>Incoming mail is certified Virus Free.
>Checked by AVG anti-virus system (http://www.grisoft.com).
>Version: 6.0.784 / Virus Database: 530 - Release Date: 10/27/2004
-------------- next part --------------

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.784 / Virus Database: 530 - Release Date: 10/27/2004

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ