[WEB SECURITY] Cross Site Scripting in Google

Dennis Groves dennis.groves at gmail.com
Fri Jul 7 17:06:18 EDT 2006


I love google - I really do - however, I think we all need to be careful in
the security industry of creating "sacred cows". At the end of the day we
are security professionals not corporate loyalists, and our duty is to
protect the innocent bystandards; some of whom may even be other security
professionals who specialize in other areas of security. We must be true to
our profession first and foremost.  You can put me down on the "he did the
right thing" side of the debate.

On 7/7/06, Joseph Peloquin <jpelo1 at jcpenney.com> wrote:

"The author did the right thing here by posting examples in the past of
> Google ignoring possible issues with their website. I think the author
> actually went above and beyond the "requirements" of the list(s) and its
> reader base as well."
>
> Agreed.  Especially in light of the fact that FD worked as intended in
> this case.
>
> Joey
>
> [snip]
>
>
> The information transmitted is intended only for the person or entity to
> which it is addressed and may contain confidential and/or privileged
> material.  If the reader of this message is not the intended recipient,
> you are hereby notified that your access is unauthorized, and any review,
> dissemination, distribution or copying of this message including any
> attachments is strictly prohibited.   If you are not the intended
> recipient, please contact the sender and delete the material from any
> computer.
>
>
>
>
> ----------------------------------------------------------------------------
> The Web Security Mailing List:
> http://www.webappsec.org/lists/websecurity/
>
> The Web Security Mailing List Archives:
> http://www.webappsec.org/lists/websecurity/archive/
> http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
>
>


-- 
Dennis Groves
<a href="http://homepage.mac.com/dennisgr/FileSharing13.html">vcard</a>

Be who you are and say what you feel,
because those who mind don't matter
and those who matter don't mind.
Theodor Geisel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20060707/41fc0e0b/attachment.html>


More information about the websecurity mailing list