lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed Dec  7 17:09:56 2005
From: jpierini at hotmail.com (jpierini)
Subject: Re: Google is vulnerable from XSS attack

N3td3v,

I'm just a CISSP, and as discussed numerous times I'm without the elite mad
skills of a hacker (XSS wasn't even on our test!), so it's my guess you must
have found something so amazing insidious, so heavily integrated into the
very bowels of their system, that they're beside themselves with terror. Oh,
those 0-day exploit releases! Why won't the hacking community give the
vendors a reasonable amount of time to cover their asses? Still, the damage
is done, and I'm sure it weighs heavily on your conscious.  Don't blame
yourself, I'm sure that if they had just listened to what you had to say
regarding Yahoo, they could have saved themselves all this misery.

You're a wry one Mr. N3td3v, use your powers for good.

Joseph Pierini, CISSP 

-----Original Message-----
From: full-disclosure-bounces@...ts.grok.org.uk
[mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of n3td3v
Sent: Wednesday, December 07, 2005 6:25 AM
To: full-disclosure@...ts.grok.org.uk
Subject: Re: [Full-disclosure] Re: Google is vulnerable from XSS attack

Four days on and Google has yet to implement a patch. I guess groups
getting deleted, harvesting of e-mail addresses, and theft of Google /
Gmail accounts isn't that important. :-(

On 12/5/05, Joseph Pierini <jpierini@...mail.com> wrote:
>
> N3td3v,
>
> Thanks for the info. Wow, it must have been an exhaustive search to find
> that needle in a haystack. I'm sure Google appreciates your time and
effort.
> Keep up the good work!
>
> -J
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ