Dear Mario,
There is nothing to gain being on either side. I have already read the thread
replies by M. Zalewski. I believe Google is false and does not honor the
security community.
Rgds,
M. Kirschbaum
On Saturday, 15 March 2014, 11:11, Mario Vilas <mvi...@gmail.com> wrote:
I believe Zalewski has explained very well why it isn't a vulnerability, and
you couldn't possibly be calling him hostile. :)
On Sat, Mar 15, 2014 at 11:20 AM, M Kirschbaum <pr...@yahoo.co.uk> wrote:
I have been watching this thread for a while and I think some people are being
hostile here.
>
>There is nothing to gain being on eithers side but for the sake of security.
>As a penetration tester, writer, and malware analyst with a long and rewarding
>career...it would be absurd to admit that this is not a vulnerability. If the
>content-type fields can be altered and the API accepts it that is undoubtedly
>a vulnerability, I believe that it shouldn't be there. It would be a shame to
>say that this is not a security problem. I have seen different responses on
>this thread but having seen the proof of concept images as well I just think
>that some of the people commenting here are just being hostile.
>
>It doesn't take much for somebody in the field, to see clearly that Google
>does not want to pay. And I bet any amount of money that the bug bounty
>program is a way for filing potential threats by name and bank details.
>
>Rgds,
>M. Kirschbaum
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>Hosted and sponsored by Secunia - http://secunia.com/
>
--
“There's a reason we separate military and the police: one fights the enemy of
the state, the other serves and protects the people. When the military becomes
both, then the enemies of the state tend to become the people.”
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
