[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [WEB SECURITY] Cross Site Scripting in Google

From: "Dennis Groves" <dennis.groves@xxxxxxxxx>
Subject: Re: [WEB SECURITY] Cross Site Scripting in Google
Date: Fri, 7 Jul 2006 14:06:18 -0700

------=_Part_24538_868230.1152306378792
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

I love google - I really do - however, I think we all need to be careful in
the security industry of creating "sacred cows". At the end of the day we
are security professionals not corporate loyalists, and our duty is to
protect the innocent bystandards; some of whom may even be other security
professionals who specialize in other areas of security. We must be true to
our profession first and foremost.  You can put me down on the "he did the
right thing" side of the debate.

On 7/7/06, Joseph Peloquin <jpelo1@jcpenney.com> wrote:

"The author did the right thing here by posting examples in the past of
> Google ignoring possible issues with their website. I think the author
> actually went above and beyond the "requirements" of the list(s) and its
> reader base as well."
>
> Agreed.  Especially in light of the fact that FD worked as intended in
> this case.
>
> Joey
>
> [snip]
>
>
> The information transmitted is intended only for the person or entity to
> which it is addressed and may contain confidential and/or privileged
> material.  If the reader of this message is not the intended recipient,
> you are hereby notified that your access is unauthorized, and any review,
> dissemination, distribution or copying of this message including any
> attachments is strictly prohibited.   If you are not the intended
> recipient, please contact the sender and delete the material from any
> computer.
>
>
>
>
> ----------------------------------------------------------------------------
> The Web Security Mailing List:
> http://www.webappsec.org/lists/websecurity/
>
> The Web Security Mailing List Archives:
> http://www.webappsec.org/lists/websecurity/archive/
> http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
>
>

-- 
Dennis Groves
<a href="http://homepage.mac.com/dennisgr/FileSharing13.html";>vcard</a>

Be who you are and say what you feel,
because those who mind don't matter
and those who matter don't mind.
Theodor Geisel

------=_Part_24538_868230.1152306378792
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

I love google - I really do - however, I think we all need to be careful in the security industry of creating &quot;sacred cows&quot;. At the end of the day we are security professionals not corporate loyalists, and our duty is to protect the innocent bystandards; some of whom may even be other security professionals who specialize in other areas of security. We must be true to our profession first and foremost.&nbsp; You can put me down on the &quot;he did the right thing&quot; side of the debate.
<br><br><div><span class="gmail_quote">On 7/7/06, <b class="gmail_sendername">Joseph Peloquin</b> &lt;<a href="mailto:jpelo1@jcpenney.com";>jpelo1@jcpenney.com</a>&gt; wrote:<br><br></span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
&quot;The author did the right thing here by posting examples in the past of<br>Google ignoring possible issues with their website. I think the author<br>actually went above and beyond the &quot;requirements&quot; of the list(s) and its
<br>reader base as well.&quot;<br><br>Agreed.&nbsp;&nbsp;Especially in light of the fact that FD worked as intended in<br>this case.<br><br>Joey<br><br>[snip]<br><br><br>The information transmitted is intended only for the person or entity to
<br>which it is addressed and may contain confidential and/or privileged<br>material.&nbsp;&nbsp;If the reader of this message is not the intended recipient,<br>you are hereby notified that your access is unauthorized, and any review,
<br>dissemination, distribution or copying of this message including any<br>attachments is strictly prohibited.&nbsp;&nbsp; If you are not the intended<br>recipient, please contact the sender and delete the material from any<br>computer.
<br><br><br><br>----------------------------------------------------------------------------<br>The Web Security Mailing List:<br><a href="http://www.webappsec.org/lists/websecurity/";>http://www.webappsec.org/lists/websecurity/
</a><br><br>The Web Security Mailing List Archives:<br><a href="http://www.webappsec.org/lists/websecurity/archive/";>http://www.webappsec.org/lists/websecurity/archive/</a><br><a href="http://www.webappsec.org/rss/websecurity.rss";>
http://www.webappsec.org/rss/websecurity.rss</a> [RSS Feed]<br><br></blockquote></div><br><br clear="all"><br>-- <br>Dennis Groves<br>&lt;a href=&quot;<a href="http://homepage.mac.com/dennisgr/FileSharing13.html";>http://homepage.mac.com/dennisgr/FileSharing13.html
</a>&quot;&gt;vcard&lt;/a&gt;<br><br>Be who you are and say what you feel, <br>because those who mind don't matter <br>and those who matter don't mind.<br>Theodor Geisel

------=_Part_24538_868230.1152306378792--

References:
- [WEB SECURITY] RE: [Full-disclosure] Re: [WEB SECURITY] Cross Site Scripting in Google
  - From: Mike Duncan
- Re: [WEB SECURITY] Cross Site Scripting in Google
  - From: Joseph Peloquin

Prev by Date: Re: [WEB SECURITY] Cross Site Scripting in Google
Next by Date: [WEB SECURITY] application security consulting
Previous by thread: Re: [WEB SECURITY] Cross Site Scripting in Google
Next by thread: [WEB SECURITY] application security consulting
Index(es):
- Date
- Thread

Brought to you by http://www.webappsec.org
Search this site