-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 You can use the "forgot password" feature on a google account to find out someone's full name.
Test it out for yourself: https://www.google.com/accounts/recovery/ Select "I don't know my password" Enter [email protected] (or another gmail address) On the next screen you will be shown the persons full name and account avatar. In this case "Daniel Miller". kevin mcsheehan: >> When you sign up for a Google account and create a profile > > when they say "create a profile" they're referring to google plus. > the 302 on https://profiles.google.com should be a solid indicator > of that. this vulnerability is capable of targeting non-g+ users, > and that's the point. > > here is an example of google acknowledging that names are personal > information: http://i.imgur.com/VHLfcC2.png > > > Quoting Daniel Miller <[email protected]>: > >> On Wed, Jan 21, 2015 at 2:26 PM, kevin mcsheehan >> <[email protected]> wrote: >> >>> exploit title: full name disclosure information leak in google >>> drive software link: https://drive.google.com/drive/#my-drive >>> author: kevin mcsheehan website: http://mcsheehan.com email: >>> [email protected] date: 01/20/15 >>> >>> source: http://mcsheehan.com/?p=15 >>> >>> description: google drive leaks the full name of a target >>> email address when said email address is associated with an >>> uploaded file. the full name is displayed whether or not the >>> target has made that information publicly accessible by >>> creating a google plus account. >>> >> >> I'm pretty sure Google doesn't consider this sort of thing a >> vulnerability. Here's their "it's not a bug" page for it: >> https://sites.google.com/site/bughunteruniversity/nonvuln/discover-your-name-based-on-e-mail-address >> >> >> >> Dan > > > > _______________________________________________ Sent through the > Full Disclosure mailing list > https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & > RSS: http://seclists.org/fulldisclosure/ > -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJUwFjlAAoJECvXMxgH8tI50mUP/2dzSpP7uP4cTXLxyAzXEoqu 0ZqxtwOc8TmLuc8+avX6o8YdJn30Cb8RFBsXXKm+N9ogcByBt/6AzX69VrVby8jY l0NSlMjg7j6k6UkyaeTcM96Ezr1Exro0rILw5HIyqgMFN3kz6fR+KPtDtKjpw5ZQ HyhIZjOG80Ic7Qkr0TWNAsSNqEh4XX3YmeQHlSVQIC83m7GtwcsfYHJX4LA8jqMC JPeJXGlNNNjQT6axOKFJQ22mTpJ3yWAqPKfFDk/F0VdMXKo4Ub7bGYo4kUps0WyJ sWgNlZxpjszYmYYOY8wJWcGPEDQI+Xub54w5yr+J+rbhpnRO7PrzLSqwBeFwBXaj OZ84hym1nNEUjbw1HQmc3HV4eVHwPdz7EM0p7/Wj+uw3E7jUJJEhX+NMl3hncSwG FWi8hSwPYOX6W5eNREEaJvLqmxQ8JG8lqs0gb+jYJvGV/RaNccqtfNNw64tGKdGF JS/ya8aiv94ahZ1lpFnD/4NK9OfzheGegL/SCyzYprS08w60Fs+3CP+nIoVfSaln K1uyGUdYYCgqqVqZcLesNF7/cYUY96LwwqYsFKohjxoadDosJ/4latu7k5Shrk3c Lmet5EspvZADOYVLEtZtotoGoZBuQa3gCaUro2Pd1YxDEdkydUj5Bq15SHwUEk0F qhIMz8Y/vde4wQA32hWW =34Sn -----END PGP SIGNATURE----- _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
