Webcast Reminder
Data, data, data! I can't make bricks without clay
Thanks for registering for
Garage4hacker'shttp://garage4hackers.us3.list-manage.com/track/click?u=3bbddc138252bc94f75024ab7id=8f7c43f38fe=672cdb4173Ranchoddas
Series. Below are details for the online presentation.
*Speaker*:
Hi
I concur that we are mainly discussing a terminology problem.
In the context of a Penetration Test or WAPT, this is a Finding.
Reporting this finding makes sense in this context.
As a professional, you would have to explain if/how this finding is a
Weakness*, a Violation (/Regulations,
Zakewski,
Thank you for your e-mail. I welcome all opinions, that are backed up by
evidences.
I am not just a security researcher, I am also an academic in the field and
lecturer.
All right :-) Thank you for the overview of CIA triad. I don't think
there's a good probability that our
On Thu, Mar 13, 2014 at 10:30 PM, Nicholas Lemonias.
lem.niko...@googlemail.com wrote:
We confirm this to be a valid vulnerability for the following reasons.
The access control subsystem is defeated, resulting to arbitrary write
access of any file of choice.
1. You Tube defines which file
==Advisory: GNUboard SQL Injection Vulnerability
Author: claepo.w...@dbappsecurity.com.cn
Affected Version: GNUboard5(the latest version)
Vendor URL: http://sir.co.kr/
Vendor Status: Unfixed(I know little about Korean,so i do not know how to describe this vul to the
MacOSX Safari Firefox Kaspersky RegExp Remote/Local Denial of Service
http://cxsecurity.com/
0. Where is the problem?
Some time ago I have reported vulnerabilities in regcomp() in BSD
implementation (CVE-2011-3336) and GNU libc implementation (CVE-2010-4051
CVE-2010-4052).
Now is the
Look, you keep calling it a vulnerability with 0 evidence that it's even
exploitable. Until you can prove otherwise this is like speculating the
potential security repercussions of uploading files to EC2 (Which would
probably have potential to be much more severe than what you're discussing
here
We confirm this to be a valid vulnerability for the following reasons.
The access control subsystem is defeated, resulting to arbitrary write
access of any file of choice.
1. You Tube defines which file types are permitted to be uploaded.
2. Exploitation is achieved by circumvention of
Here's my evidence.
Live Proof Of Concept
==
http://upload.youtube.com/?authuser=0upload_id=AEnB2UqVZlaog3GremriQEGDoUK3cdGGPu9MVIfyObgYajjo6i1--uQicn6jhbwsdNrqSF4ApbUbhCcwzdwe4xf_XTbL_t5-aworigin=CiNodHRwOi8vd3d3LnlvdXR1YmUuY29tL3VwbG9hZC9ydXBpbxINdmlkZW8tdXBsb2Fkcw
Zakewski,
Thank you for your e-mail. I welcome all opinions, that are backed up by
evidences.
I am not just a security researcher, I am also an academic in the field and
lecturer.
However, from an academic perspective, when it comes to certain
security designs the mere existence of unvalidated
Hi Jerome,
Thank you for agreeing on access control, and separation of duties.
However successful exploitation permits arbitrary write() of any file of
choice.
I could release an exploit code in C Sharp or Python that permits multiple
file uploads of any file/types, if the Google security team
Thanks Michal,
We are just trying to improve Google's security and contribute to the
research community after all. If you are still on EFNet give me a shout
some time.
We have done so and consulted to hundreds of clients including Microsoft,
Nokia, Adobe and some of the world's biggest
Are you a Google employee...I wonder?
There is nothing else to be said regarding this. Our research for remote
code execution continues and will let you and Google know once that is
confirmed; through the coordinated security program.
And please OWASP, is recognised worldwide.
Best Regards,
# App : Trixbox all versions
# vendor : trixbox.com
# Author : i-Hmx
# mail : n0p1...@gmail.com
# Home : security arrays inc , sec4ever.com ,exploit4arab.net
Well well well , we decided to give schmoozecom a break and have a look @
fonality products
do you think they have better product than the
You're still missing the attack vector (and the point of the discussion
too, but that's painfully obvious).
On Fri, Mar 14, 2014 at 4:21 AM, Nicholas Lemonias.
lem.niko...@googlemail.com wrote:
Here's my evidence.
Live Proof Of Concept
==
On 13 Mar 2014 14:30, Nicholas Lemonias. lem.niko...@googlemail.com
wrote:
I suggest you to read on Content Delivery Network Architectures .
YouTube.com populates and distributes stored files to multiple servers
through a CDN (Content Delivery Architecture), where each video uses more
than
But do you have all the required EH certifications? Try this one from the
Institute for
Certified Application Security Specialists: http://www.asscert.com/
On Fri, Mar 14, 2014 at 7:41 AM, Nicholas Lemonias.
lem.niko...@googlemail.com wrote:
Thanks Michal,
We are just trying to improve
We are on a different level perhaps. We do certainly disagree on those
points.
I wouldn't hire you as a consultant, if you can't tell if that is a valid
vulnerability..
Best Regards,
Nicholas Lemonias.
On Fri, Mar 14, 2014 at 10:10 AM, Mario Vilas mvi...@gmail.com wrote:
But do you have all
Nicholas Lemonias. wrote:
Hi Jerome,
Thank you for agreeing on access control, and separation of duties.
However successful exploitation permits arbitrary write() of any file of
choice.
I could release an exploit code in C Sharp or Python that permits multiple
file uploads of any
Jerome of Mcafee has made a very valid point on revisiting separation of
duties in this security instance.
Happy to see more professionals with some skills. Some others have also
mentioned the feasibility for Denial of Service attacks. Remote code
execution by Social Engineering is also a
Live Proof Of Concept
==
http://upload.youtube.com/?authuser=0upload_id=
AEnB2UqVZlaog3GremriQEGDoUK3cdGGPu9MVIfyObgYajjo6i1--
uQicn6jhbwsdNrqSF4ApbUbhCcwzdwe4xf_XTbL_t5-aworigin=
CiNodHRwOi8vd3d3LnlvdXR1YmUuY29tL3VwbG9hZC9ydXBpbxINdmlkZW8tdXBsb2Fkcw
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2014:059
http://www.mandriva.com/en/support/security/
Dear Nicholas Lemonias,
I don't use to get in these scrapy discussions, but yeah you are in a
completetly different level if you compare yourself with Mario.
You are definitely a Web app/metasploit-user guy and pick up a discussion with
a binary and memory corruption ninja exploit writter like
Go to sleep.
-- Forwarded message --
From: Nicholas Lemonias. lem.niko...@googlemail.com
Date: Fri, Mar 14, 2014 at 2:16 PM
Subject: Re: [Full-disclosure] Google vulnerabilities with PoC
To: Sergio 'shadown' Alvarez shad...@gmail.com
Go to sleep
On Fri, Mar 14, 2014 at 1:50
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2014:060
http://www.mandriva.com/en/support/security/
I will, it's late here, but I'm enjoying the show way too much. xD
Instead of discussing why don't you show a client side attack with that thing
that you call a vulnerability and make every one shut up?, oh wait...because
you can't! ;-)
A fail has thousand excuses, but success doesn't require
Enough with this thread.
On Fri, Mar 14, 2014 at 2:37 PM, Nicholas Lemonias.
lem.niko...@googlemail.com wrote:
I am too buy researching satellite security. Been doing that since the
times of TESO, probably before you were born.
Have a good night's sleep.
On Fri, Mar 14, 2014 at 2:33 PM,
On Fri, Mar 14, 2014 at 12:38 PM, Nicholas Lemonias.
lem.niko...@googlemail.com wrote:
Jerome of Mcafee has made a very valid point on revisiting separation of
duties in this security instance.
Happy to see more professionals with some skills. Some others have also
mentioned the
LOL, thanks for the undeserved praise! xD
On Fri, Mar 14, 2014 at 2:50 PM, Sergio 'shadown' Alvarez shad...@gmail.com
wrote:
Dear Nicholas Lemonias,
I don't use to get in these scrapy discussions, but yeah you are in a
completetly different level if you compare yourself with Mario.
You
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2014:061
http://www.mandriva.com/en/support/security/
People can read the report if they like. Can't you even do basic things
like reading a vulnerability report?
Can't you see that the advisory is about writing arbitrary files. If I was
your boss I would fire you.
-- Forwarded message --
From: Nicholas Lemonias.
LOL you're hopeless.
Good luck with your business. Brave customers!
Cheers
antisnatchor
Nicholas Lemonias. wrote:
People can read the report if they like. Can't you even do basic
things like reading a vulnerability report?
Can't you see that the advisory is about writing arbitrary files.
Says the script kiddie... Beg for some publicity. My customers are FTSE 100.
-- Forwarded message --
From: Nicholas Lemonias. lem.niko...@googlemail.com
Date: Fri, Mar 14, 2014 at 5:58 PM
Subject: Re: [Full-disclosure] Fwd: Google vulnerabilities with PoC
To: antisnatchor
The full-disclosure mailing list has really changed. It's full of lamers
nowdays aiming high.
On Fri, Mar 14, 2014 at 5:58 PM, Nicholas Lemonias.
lem.niko...@googlemail.com wrote:
Says the script kiddie... Beg for some publicity. My customers are FTSE
100.
-- Forwarded message
You can't even find a cross site scripting on google.
Find a vuln on Google seems like a dream to some script kiddies.
On Fri, Mar 14, 2014 at 6:00 PM, Nicholas Lemonias.
lem.niko...@googlemail.com wrote:
The full-disclosure mailing list has really changed. It's full of lamers
nowdays
Ahah, I don't want to loose my time with public bug bounties, it's not
even cost-effective.
Sei proprio un nabbo
Nicholas Lemonias. wrote:
You can't even find a cross site scripting on google.
Find a vuln on Google seems like a dream to some script kiddies.
On Fri, Mar 14, 2014 at 6:00
This is one of the most fun threads I've read in fd, and that's no small
feat. Thanks for the laughs.
On Fri, Mar 14, 2014 at 3:00 PM, Nicholas Lemonias.
lem.niko...@googlemail.com wrote:
The full-disclosure mailing list has really changed. It's full of lamers
nowdays aiming high.
On
No, you're saying something's a vulnerability without showing any
indication of how it can be abused.
On Fri, Mar 14, 2014 at 11:00 AM, Nicholas Lemonias.
lem.niko...@googlemail.com wrote:
The full-disclosure mailing list has really changed. It's full of lamers
nowdays aiming high.
On
Quite funnily, most erratic comments originate from a @gmail.com host. Does
that mean that Google and Co are attacking the researcher ?
On Fri, Mar 14, 2014 at 6:06 PM, Nicholas Lemonias.
lem.niko...@googlemail.com wrote:
Quite funnily, most erratic comments originate from a @gmail.com host.
LOL I don't work for Google and you can easily verify that.
Also, your XSS PoCs suck, they don't even trigger automatically but the
victim needs to
go with the mouse over the element LOL:
http://packetstormsecurity.com/files/125135/Visa-Europe-Cross-Site-Scripting.html
Lame
Nicholas Lemonias.
That's why its called proof of concept, you lamer. Google and Co on the
counter attack. hahaha
On Fri, Mar 14, 2014 at 6:07 PM, antisnatchor antisnatc...@gmail.comwrote:
LOL I don't work for Google and you can easily verify that.
Also, your XSS PoCs suck, they don't even trigger
Too bad the findings were manual.. no tools used. raw http communication.
Took me less than 2 minutes to find, following an initial conv I had with
Google Sec Team.
On Fri, Mar 14, 2014 at 6:02 PM, Nicholas Lemonias.
lem.niko...@googlemail.com wrote:
You can't even find a cross site
Security vulnerabilities need to be published and reported. That's the
spirit.
Attacking the researcher, won't make it go away.
On Fri, Mar 14, 2014 at 6:12 PM, Julius Kivimäki
julius.kivim...@gmail.comwrote:
Dude, seriously. Just stop.
2014-03-14 20:02 GMT+02:00 Nicholas Lemonias.
Google is a great service, but according to our proof of concepts (images,
poc's, codes) presented to Softpedia, and verified
by a couple of recognised experts including OWASP - that was a serious
vulnerability.
Now you can say whatever you like, and argue about it. You can argue about
the impact
Google is a great service, but according to our proof of concepts (images,
poc's, codes) presented to Softpedia, and verified
by a couple of recognised experts including OWASP - that was a serious
vulnerability.
Now you can say whatever you like, and argue about it. You can argue about
the impact
Jerome of MacAfee has made a very valid point on revisiting separation of
duties in this security instance.
Remote code execution by Social Engineering is also a prominent scenario.
If you can't tell that that is a vulnerability (probably coming from a
bunch of CEH's), I feel sorry for those
Laughing at the incompetency of some people, who wish to discredit
OWASP and their reports. Say that to any serious professional, and they
will laugh at you. Writing arbitrary files to a remote network is a serious
risk, irrelevantly of how good and reputable that service is.
Best,
We have many PoC's including video clips. We may upload for the security
world to see.
However, this is not the way to treat security vulnerabilities. Attacking
the researcher and bringing you friends to do aswell, won't mitigate the
problem.
___
Google research not awarded.
http://www.techworm.net/2014/03/security-research-finds-flaws-in.html
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia -
You are wrong, because we do have proof of concepts. If we didn't have
them, then there would be no case.
But if there are video clips, images demonstrating impact - in which case
arbitrary file uploads (which is a write() call ) to a remote network, then
it is a vulnerability. It is not about
We are not asking for a payment. But at least a thank you for our efforts
would do.
Saying that it is not an issue, to upload remotely any file of choice, that
is ridiculous for the organisation they represent.
On Fri, Mar 14, 2014 at 7:09 PM, Nicholas Lemonias.
lem.niko...@googlemail.com
And I am not referring just to Google. But for those people who support
that remote uploads to a trusted network is not an issue. Then that also
means that firewalls and IPS systems are worthless. Why spend so much time
protecting the network layers if a user can send any file of choice to a
And I am not referring just to Google. But for those people who support
that remote uploads to a trusted network is not an issue. Then that also
means that firewalls and IPS systems are worthless. Why spend so much time
protecting the network layers if a user can send any file of choice to a
Then that also means that firewalls and IPS systems are worthless. Why
spend so much time protecting the network layers if a user can send any
file of choice to a remote network through http...
As for the uploaded files being persistent, there is evidence of that. For
instance a remote admin
It is an example, citing that there has been a security hole on Youtube
that needs patching. End of Story.
On Fri, Mar 14, 2014 at 7:32 PM, Julius Kivimäki
julius.kivim...@gmail.comwrote:
Wait, so remote code execution by social engineering wasn't a troll? I'm
confused.
2014-03-14 21:28
http://upload.youtube.com/?authuser=0upload_id=
AEnB2UqVZlaog3GremriQEGDoUK3cdGGPu9MVIfyObgYajjo6i1--
uQicn6jhbwsdNrqSF4ApbUbhCcwzdwe4xf_XTbL_t5-aworigin=
CiNodHRwOi8vd3d3LnlvdXR1YmUuY29tL3VwbG9hZC9ydXBpbxINdmlkZW8tdXBsb2Fkcw
That information can be queried from the db, where the metadata are
My claim is now verified
Cheers!
On Fri, Mar 14, 2014 at 8:04 PM, Nicholas Lemonias.
lem.niko...@googlemail.com wrote:
http://upload.youtube.com/?authuser=0upload_id=
AEnB2UqVZlaog3GremriQEGDoUK3cdGGPu9MVIfyObgYajjo6i1--
uQicn6jhbwsdNrqSF4ApbUbhCcwzdwe4xf_XTbL_t5-aworigin=
So you can query a file that I uploaded, and you can see that is uploaded
successfully and saved. That information does not require the user to be
logged in.
On Fri, Mar 14, 2014 at 8:08 PM, Nicholas Lemonias.
lem.niko...@googlemail.com wrote:
My claim is now verified
Cheers!
On Fri,
You are trying to execute an sh script through a video player. That's an
exec() command. So its the wrong way about accessing the file.
On Fri, Mar 14, 2014 at 8:20 PM, R D rd.secli...@gmail.com wrote:
No it's not. As Chris and I are saying, you don't have proof your file is
accessible to
Are you sure this json response, or this file, will be there in a month? Or
in a year? Is the fact that this json response exists a threat to youtube?
Can you quantify how of a threat? How much, in dollars, does it hurt their
business?
This file may be here if the admins don't delete it. Now they
So where do you think that information is coming from? The metadata and
tags, and headers are contained in a database.
The files are stored persistently , since they can be quoted. So the API
works both ways. The main thing here is that the files are there, otherwise
there metadata information
In my expertise, that is a vulnerability.
Now if Google doesn't want to fix patch that, it's their choice. However I
have already disclosed that to them.
On Fri, Mar 14, 2014 at 8:25 PM, Nicholas Lemonias.
lem.niko...@googlemail.com wrote:
So where do you think that information is coming
Try learning how to properly send emails before critizicing anyone, pal. ;)
On Fri, Mar 14, 2014 at 6:44 PM, Nicholas Lemonias.
lem.niko...@googlemail.com wrote:
People can read the report if they like. Can't you even do basic things
like reading a vulnerability report?
Can't you see that
Not to mention imaginary.
On Fri, Mar 14, 2014 at 6:58 PM, Nicholas Lemonias.
lem.niko...@googlemail.com wrote:
Says the script kiddie... Beg for some publicity. My customers are FTSE
100.
-- Forwarded message --
From: Nicholas Lemonias. lem.niko...@googlemail.com
Date:
[image: Inline image 1]
On Fri, Mar 14, 2014 at 7:07 PM, Nicholas Lemonias.
lem.niko...@googlemail.com wrote:
Quite funnily, most erratic comments originate from a @gmail.com host.
Does that mean that Google and Co are attacking the researcher ?
On Fri, Mar 14, 2014 at 6:06 PM, Nicholas
So if you can upload a file to Google Drive and trick someone to run it,
you'd call that a vulnerability too?
Hey, I've got another one. I can upload a video on Youtube telling people
to download and install a virus. I'll claim a prize too!
Keep at it man, you're hilarious! xDDD
/me goes grab
Please provide an attack scenario. Can you do that?
On Fri, Mar 14, 2014 at 9:23 PM, Nicholas Lemonias.
lem.niko...@googlemail.com wrote:
Are you sure this json response, or this file, will be there in a month?
Or in a year? Is the fact that this json response exists a threat to
youtube?
*) Author:
l0om ( http://l0om.org )
*) Date:
10.03.2014
*) Overview:
Cosmoshop is installed with a lot of admin scripts which should be only accessible as the
logged-in admin. The script pwd.cgi is not protected and will create a .htaccess file
for the admin-directory with any content. This
Dude, seriously. Just stop.
2014-03-14 20:02 GMT+02:00 Nicholas Lemonias. lem.niko...@googlemail.com:
You can't even find a cross site scripting on google.
Find a vuln on Google seems like a dream to some script kiddies.
On Fri, Mar 14, 2014 at 6:00 PM, Nicholas Lemonias.
You have a Googlemail account. How do we know you don't work for Google
too...
Inception type stuff going on here.
Nicholas Lemonias.
14 March 2014
18:17
Google is a
great service, but according to our proof of concepts (images, poc's,
codes) presented to Softpedia,
Mario has years of experience (more than 10 in fact) in exploit writing
and vulnerability assessment. I would consider his position on the subject.
If you don't believe me, Argentina extended me certifications that
proves that I can tell who has vulnerability assesment skills and who
does not.
Oh and this guy Shadown seems pretty knowledgeable too.
BTW now I have to read what is this about,lets see...
Alright, from TFA:
That means that a door was open for anyone to upload any file of
choice. Whether this is a security vulnerability or not, I will leave
that to your discretion
Not
Nicholas, seriously, just stop.
You have found an 'arbitrary file upload' in a file hosting service and
claim it is a serious vulnerability. With no proof that your 'arbitrary
file' is being used anywhere in any context that would lead to code
execution - on server or client side. You cite OWASP
congrats for your discover, get you prize
[image: 24167992.jpg (1024×768)]
On Fri, Mar 14, 2014 at 3:56 PM, Nicholas Lemonias.
lem.niko...@googlemail.com wrote:
Google research not awarded.
http://www.techworm.net/2014/03/security-research-finds-flaws-in.html
If he can change the mime type, then he indeed may have an attack
vector, e.g. he could upload a complete youtube-lookalike site and
snatch credentials. If you can access the fake site via HTTPS with a
youtube cert, it's an obvious vulnerability.
On 03/14/2014 07:05 AM, Mario Vilas wrote:
Care to report the same to Dropbox and Pastebin? It's a gold mine, you
know...
2014-03-14 20:09 GMT+01:00 Nicholas Lemonias. lem.niko...@googlemail.com:
You are wrong, because we do have proof of concepts. If we didn't have
them, then there would be no case.
But if there are video clips,
Wait, so remote code execution by social engineering wasn't a troll? I'm
confused.
2014-03-14 21:28 GMT+02:00 Nicholas Lemonias. lem.niko...@googlemail.com:
Then that also means that firewalls and IPS systems are worthless. Why
spend so much time protecting the network layers if a user can
Then that also means that firewalls and IPS systems are worthless. Why
spend so much time protecting the network layers if a user can send any
file of choice to a remote network through http...
well, if you are running a file upload system, or any webserver, you really
should block any incoming
Hi Nicholas,
Again, you hypothesize that you are getting a response from the database,
but you really don't know that. You have no idea when the code is doing
behind the endpoint.
upload.youtube.com is simple an endpoint that you are sending a request to
and getting a response from -
Can you
No it's not. As Chris and I are saying, you don't have proof your file is
accessible to others, only that is was uploaded. Now, you see, when you
upload a video to youtube, you get the adress where it will be viewable in
the response. In your case :
Does anybody still have some popcorn left?
They ran out of it in the tax free zone in here due to this thread...
Kind regards,
Yvan Janssens
Sent from my PDA - excuse me for my brevity
On 14 Mar 2014, at 18:40, Nicholas Lemonias. lem.niko...@googlemail.com
wrote:
We have many PoC's
I'm going to try to spell it out clearly.
You don't have unrestricted file upload[1]. Keep in mind you're trying to
abuse youtube, which is essentially a video file upload service. So the
fact that you can upload files is not surprising.
Now you're uploading non-video files. Cool. But not
Hi Nikolas,
Please do read (and understand) my entire email before responding - I
understand your frustration trying to get your message across but maybe
this will help.
Please put aside professional pride for the time being - I know how it
feels to be passionate about something yet have others
2014-03-14 20:28 GMT+01:00 Nicholas Lemonias. lem.niko...@googlemail.com:
Then that also means that firewalls and IPS systems are worthless. Why
spend so much time protecting the network layers if a user can send any
file of choice to a remote network through http...
No, they are not
Hey dude just give up!
You can convince a lot of journalists without professional skills but if
you cant convince Google or at least the community, so you doing it wrong.
by the way you can upload everything to youtube just tricking the file's
magic number but you cant retrieve it back. so what?
Go to sleep. You have absolutely no understanding of the vulnerability, nor
you have the facts.
If you want a full report ask Softpedia, because we aint releasing them.
On Fri, Mar 14, 2014 at 8:39 PM, R D rd.secli...@gmail.com wrote:
You are trying to execute an sh script through a video
Happy trolling...
On Fri, Mar 14, 2014 at 7:49 PM, R D rd.secli...@gmail.com wrote:
Then that also means that firewalls and IPS systems are worthless. Why
spend so much time protecting the network layers if a user can send any
file of choice to a remote network through http...
well, if you
Oh, wow :-)
To put things in perspective, it probably helps to understand that
virtually all video hosting sites perform batch, queue-based
conversions of uploaded content. There is a good reason for this
design: video conversions are extremely CPU-intensive - and an
orderly, capped-throughput
If you wish to talk seriously about the problem, please send me an email
privately. And we can talk about what we have found so far, and perhaps
present some more proof of concepts for this on going research. This is
between the researcher and Google.
People who do not have the facts have been,
You are too vague. Please keep this to a level.
Thank you.
*Best Regards,*
*Nicholas Lemonias*
*Advanced Information Security Corporation.*
On Sat, Mar 15, 2014 at 5:06 AM, Colette Chamberland
cjchamberl...@gmail.com wrote:
Omg please for the love of all things human STFU!!!
Sent from
Correct.
The mime type can be circumvented. We can confirm this to be a valid
vulnerability.
For the PoC's :
http://news.softpedia.com/news/Expert-Finds-File-Upload-Vulnerability-in-YouTube-Google-Denies-It-s-a-Security-Issue-431489.shtml
On Fri, Mar 14, 2014 at 8:40 PM, Krzysztof Kotowicz
91 matches
Mail list logo
