lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 16 Aug 2013 02:42:11 +0300
From: Julius Kivimäki <julius.kivimaki@...il.com>
To: Vulnerability Lab <research@...nerability-lab.com>
Cc: "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk>
Subject: Re: Google - (Pin via Postal Delivery)
 Information Disclosure - Video

So, what exactly is this "advisory" supposed to be about?  The lack of your
camera skills? Or perhaps about the fact that google sent you a letter?
Oh, and I really wonder how you calculated your CVSS. The NVD calculator
comes up with 0 for me.


2013/8/16 Vulnerability Lab <research@...nerability-lab.com>

> Title:
> ======
> Google - (Pin via Postal Delivery) Information Disclosure :)
>
>
> Date:
> =====
> 2013-08-15
>
>
> References:
> ===========
> http://www.vulnerability-lab.com/get_content.php?id=1046
>
> View: http://www.youtube.com/watch?v=nnAAdX9a3eU
>
>
>
> VL-ID:
> =====
> 1046
>
>
> Common Vulnerability Scoring System:
> ====================================
> 4.5
>
>
> Status:
> ========
> Published
>
>
> Exploitation-Technique:
> =======================
> Defensiv
>
>
> Severity:
> =========
> Medium
>
>
> Details:
> ========
> The video shows the session of a german researcher of the laboratory. The
> video explains an information disclosure issue inside of
> the postal delivery infrastructure service of google to verify a business
> account.
>
>
> Credits:
> ========
> Vulnerability Laboratory [Research Team]
>
>
> Disclaimer:
> ===========
> The information provided in this advisory is provided as it is without any
> warranty. Vulnerability Lab disclaims all warranties,
> either expressed or implied, including the warranties of merchantability
> and capability for a particular purpose. Vulnerability-
> Lab or its suppliers are not liable in any case of damage, including
> direct, indirect, incidental, consequential loss of business
> profits or special damages, even if Vulnerability-Lab or its suppliers
> have been advised of the possibility of such damages. Some
> states do not allow the exclusion or limitation of liability for
> consequential or incidental damages so the foregoing limitation
> may not apply. We do not approve or encourage anybody to break any vendor
> licenses, policies, deface websites, hack into databases
> or trade with fraud/stolen material.
>
> Domains:    www.vulnerability-lab.com           - www.vuln-lab.com
>                       - www.evolution-sec.com
> Contact:    admin@...nerability-lab.com         -
> research@...nerability-lab.com               - admin@...lution-sec.com
> Section:    www.vulnerability-lab.com/dev       -
> forum.vulnerability-db.com                   -
> magazine.vulnerability-db.com
> Social:     twitter.com/#!/vuln_lab             -
> facebook.com/VulnerabilityLab                -
> youtube.com/user/vulnerability0lab
> Feeds:      vulnerability-lab.com/rss/rss.php   -
> vulnerability-lab.com/rss/rss_upcoming.php   -
> vulnerability-lab.com/rss/rss_news.php
>
> Any modified copy or reproduction, including partially usages, of this
> file requires authorization from Vulnerability Laboratory.
> Permission to electronically redistribute this alert in its unmodified
> form is granted. All other rights, including the use of other
> media, are reserved by Vulnerability-Lab Research Team or its suppliers.
> All pictures, texts, advisories, source code, videos and
> other information on this website is trademark of vulnerability-lab team &
> the specific authors or managers. To record, list (feed),
> modify, use or edit our material contact (admin@...nerability-lab.com or
> research@...nerability-lab.com) to get a permission.
>
>                                 Copyright © 2013 | Vulnerability
> Laboratory [Evolution Security]
>
>
>
> --
> VULNERABILITY LABORATORY RESEARCH TEAM
> DOMAIN: www.vulnerability-lab.com
> CONTACT: research@...nerability-lab.com
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists