| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <3b1bce211eaabe561f4d6ac155b03fb9@davenport.net.nz> Date: Fri, 14 Mar 2014 11:05:23 +1300 From: Hugh Davenport <hugh@...enport.net.nz> To: full-disclosure@...ts.grok.org.uk Subject: Re: Google vulnerabilities with PoC On 2014-03-14 10:56, andfarm wrote: > On Mar 13, 2014, at 10:33, Brandon Perry <bperry.volatile@...il.com> > wrote: >> If you were evil, you could upload huge blobs and just take up space >> on the google servers. Who knows what will happen if you upload a >> couple hundred gigs of files. They dont disappear, they are just >> unretrievable afaict. It is a security risk in the sense that >> untrusted data is being persisted *somewhere*. > > It's not even clear at this point that the uploaded data is even being > persisted! Since the uploaded file is not made available for download, > it's entirely possible that it is being deleted as soon as Google's > video transcoding systems discover it isn't a supported video format. In the email reply from google they confirmed that it was stored, but you can't get it out so kind of a moot point :D > > The comments on the Softpedia article are painfully stupid, by the > way. I recommend not reading them. :) > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists