On 12/7/05, jpierini <[EMAIL PROTECTED]> wrote: "I'm just a CISSP, and as discussed numerous times I'm without the elite mad skills of a hacker (XSS wasn't even on our test!)"
You're not a professional then in my eyes and don't have a right to be even in this thread let alone go around wtih your CISSP title. "Why won't the hacking community give the vendors a reasonable amount of time to cover their asses" Because Google took less than 48-hours to fix a less severe XSS flaw the last time: http://www.zone-h.org/en/news/read/id=4439/ As a owner of a Google Group, I would personally like this patched for the security of my group and that of my personal computer and web browser. "the damage is done" Not yet, the longer Google leave it the more likely an attack on all groups could be carried out. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
