| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAM2Hf5kKo5smiEgN=i11VOLD7Xajn4W=v6w99sxxfjtE0bhjRw@mail.gmail.com>
Date: Thu, 8 Dec 2011 09:49:17 -0800
From: Gage Bystrom <themadichib0d@...il.com>
To: "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk>
Subject: Re: Google open redirect
Good point.
Makes me wonder though how many people realize that ZDi and such are third
parties.....
On Dec 8, 2011 9:47 AM, <Valdis.Kletnieks@...edu> wrote:
> On Thu, 08 Dec 2011 14:24:21 -0300, Pablo Ximenes said:
> > 2011/12/8 Michal Zalewski <lcamtuf@...edump.cx>
> > > If you don't like it, let us know how to improve it. You also always
> > > have the option of not researching vulnerabilities in these platforms;
> > > going with the full-disclosure approach; or selling the flaws to a
> > > willing third party.
>
> > Well, selling flaws to third parties might be considered a crime in some
> > places, so I would be cautious with that approach.
>
> I suspect a large portion of the people who are selling flaws to third
> parties
> are not at all concerned about whether selling the flaw is a crime, as
> often the
> bigger question is how many crimes were committed in the discovery
> process...
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists