N3td3v, I'm just a CISSP, and as discussed numerous times I'm without the elite mad skills of a hacker (XSS wasn't even on our test!), so it's my guess you must have found something so amazing insidious, so heavily integrated into the very bowels of their system, that they're beside themselves with terror. Oh, those 0-day exploit releases! Why won't the hacking community give the vendors a reasonable amount of time to cover their asses? Still, the damage is done, and I'm sure it weighs heavily on your conscious. Don't blame yourself, I'm sure that if they had just listened to what you had to say regarding Yahoo, they could have saved themselves all this misery.
You're a wry one Mr. N3td3v, use your powers for good. Joseph Pierini, CISSP -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of n3td3v Sent: Wednesday, December 07, 2005 6:25 AM To: [email protected] Subject: Re: [Full-disclosure] Re: Google is vulnerable from XSS attack Four days on and Google has yet to implement a patch. I guess groups getting deleted, harvesting of e-mail addresses, and theft of Google / Gmail accounts isn't that important. :-( On 12/5/05, Joseph Pierini <[EMAIL PROTECTED]> wrote: > > N3td3v, > > Thanks for the info. Wow, it must have been an exhaustive search to find > that needle in a haystack. I'm sure Google appreciates your time and effort. > Keep up the good work! > > -J _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
