| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: system_outage at yahoo.com (System Outage) Subject: Gmail Information Disclosure Vulnerability I fully agree with you on this topic. I found it hard to believe users were posting advisories for Gmail before public release. In my view all issues should be directed to Gmail and if the user wishes to use lists, such as FD. The user should wait until the service is available to the public and then, perhaps, send it to FD for discussion. The user could also state the discovery date and various other timeline dates, to give the user some better acknowledgement in the advisory. This will prove (If the user wishes it to be known) they did find the hole at the Beta stage and that Gmail let it slip through the net. I suspect -alot- of vulnerabilities will come to light of the week that Gmail makes the service public. I think alot of users are holding back until then, I maybe wrong though. Cheerio Eric LeBlanc <inouk@....net> wrote: I agree with "System Outage". Gmail clearly told us that their website is in BETA stage. For me, when a software is in 'BETA' (or 'ALPHA'), we SHOULD expect that this software MAY HAVE security holes. That's why they want us to test this site before going to the public release, and it's our job to notify to the gmail team all bugs AND security holes we may find. As long as this website is in beta stage, all advisory that someone may send in this list or elsewhere are NOT considered 'Security Advisory' for me. The original author may not receive answers from the Gmail Team, but this site is NOT IN PRODUCTION. When gmail site will be official and when this bug is still there, NOW you can publish your security advisory. Futhermore, the best people for testing the software (bugs and security holes) is the public. They can do many things which we will never thought or imagined. BTW, I'm sure that the Gmail developers expect that the public will find some security holes... If we must publish all security advisorys about beta software, this list will be flooded... E. -- Eric LeBlanc inouk@....net -------------------------------------------------- UNIX is user friendly. It's just selective about who its friends are. ================================================== _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html --------------------------------- Do you Yahoo!? Take Yahoo! Mail with you! Get it on your mobile phone. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040705/d0dea567/attachment.html
Powered by blists - more mailing lists