After having read Jeremiah’s post about being thanked publically by Google for responsible disclosure I was a bit ticked. I’ve probably done more for Google security than almost anyone who has worked there by various means of disclosure over the years and do I get any credit for it? No! Well that’s just unacceptable and I will not stand for it.
So I had to take matters into my own hands. Take that, Google!
Okay, all kidding aside, I was a little amused at this obvious con artistry. I’m not quite so easily socially engineered. Just because I get my name in lights that doesn’t exactly make me feel like I’m safe. And I _KNOW_ other people have disclosed vulnerabilities in their stuff over the years. So only with the vague hope that I might get my name on some obscure page on some website that is subject to change at any time I can fail to alert consumers that they are at risk and hope instead that Google decides to move quickly. Sorry, consumers first, evil advertizing empires second.