Cenzic 232 Patent
Paid Advertising
web application security lab

Google Doesn’t Thank RSnake

After having read Jeremiah’s post about being thanked publically by Google for responsible disclosure I was a bit ticked. I’ve probably done more for Google security than almost anyone who has worked there by various means of disclosure over the years and do I get any credit for it? No! Well that’s just unacceptable and I will not stand for it.

So I had to take matters into my own hands. Take that, Google!

Okay, all kidding aside, I was a little amused at this obvious con artistry. I’m not quite so easily socially engineered. Just because I get my name in lights that doesn’t exactly make me feel like I’m safe. And I _KNOW_ other people have disclosed vulnerabilities in their stuff over the years. So only with the vague hope that I might get my name on some obscure page on some website that is subject to change at any time I can fail to alert consumers that they are at risk and hope instead that Google decides to move quickly. Sorry, consumers first, evil advertizing empires second.

10 Responses to “Google Doesn’t Thank RSnake”

  1. /pd Says:

    Rsnake, FWIW.. I am pretty confident that you really dont need your RL handle to be floated around .. you already have a style and flair which transcends those guys on the list.. in fact, I”ll trust the info you cut more then then some of the guys on that list.. !!

  2. RSnake Says:

    Hahah… I just had to poke some fun at Jeremiah. It’s all in good humor. He even posted about it too: http://jeremiahgrossman.blogspot.com/2006/10/jeremiah-thanks-rsnake.html

    Yah, my RL name isn’t exactly top secret and will probably be far less so after another project I’m working on goes live, but for now it’s fun not to have a real name. Then I can go by “the hacker formerly known as RSnake”

  3. evan Says:

    Dude, I was expecting you to have engineered some hilarious injection of your own name into Google’s page but no such luck. Anyway, I tell people about your XSS cheat sheat all the time.

  4. RSnake Says:

    Hahah, that’s why it was funny - that’s what you were expecting, but no! Like when I was expecting to see my name, you were expecting to see an XSS. We have both been let down now. ;)

  5. quadszilla Says:

    haha - nice post. I’d love to see “Google would like to thank Rsnake and Quadszilla for their contiuned efforts to improve our offerings”.

  6. RSnake Says:

    Hahah, you’re right, they owe us… But no, really!! :)

  7. alf. Says:

    http://images.google.de/images?q=-%28inurl%3A%22%3Fid%3D%22+filetype%3A%22+%22%29

    check this out, internal server error, mailed google 24th of sep didnt even get a response. what do u think of this error?

    cheers..

  8. RSnake Says:

    I definitely think your name should be on there. Responsible disclosure for shoddy programming or security or otherwise should matter and shouldn’t be ignored. You’re as much a contributer to Google’s success as anyone else. We should petition to have our name on the site somewhere. If were slightly more crazy I’d be out at the Googleplex with a picket sign… or something.

  9. Benson Says:

    RSnake, it was entertaining looking at your handmade thankyou :D
    Apparently, Google thank them for a reason and that is Guanxi

  10. RSnake Says:

    Hahah… Indeed… :)