Full Disclosure mailing list archives
Re: nVidia.com [Url Redirection flaw]
From: Rubén Camarero <rjcamarero () gmail com>
Date: Tue, 24 Mar 2009 15:46:02 -0400
Perhaps. On Tue, Mar 24, 2009 at 3:39 PM, <mac.user () mac hush com> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Are you even aware that you've been arguing with me? Perhaps we should move this discussion off-list, so we don't annoy the rest of the bugtrackers... On Tue, 24 Mar 2009 15:34:32 -0400 Rubén Camarero <rjcamarero () gmail com> wrote:I am only stating that the bug posted here isn't serious. I agree with you on the other issues, more or less anyways. On Tue, Mar 24, 2009 at 3:30 PM, <mac.user () mac hush com> wrote:-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 nvidia has a poor track record with security. I'm citing two examples. One is on their website, and one is in their drivers. Can you cite anything they have done right? Your effectivearguingstrategies makes you a top nominee for Gadi Evron's no-swearing event at defcon. On Tue, 24 Mar 2009 15:27:09 -0400 Rubén Camarero <rjcamarero () gmail com> wrote:That example has nothing to do with this particular bug. Using multiple exclamation or question marks does not help your ineffective argument, either. On Tue, Mar 24, 2009 at 3:15 PM, <mac.user () mac hush com> wrote:-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 With all due respect, my corned beef and sauerkraut smelling friend, I am simply pointing out that when it comes tosecuritynvidia is clueless. Do you not remember the great debacle of2006when Rapid7 showed off remote kernel exploitation of thenvidiadriver by webbrowser? http://kerneltrap.org/node/7228 should refresh your memory. 40 million lost credit cards but atleastthey put nvidia in their rightful place and have theirprioritiesin order. And speaking of security concerns and nvidia, whydoyouthink Microsoft didn't use nvidia in their trusted gamingplatformxbox360???? Everyone in our industry knows that nvidia isshitforsecurity, even their javascript sucks!!! On Tue, 24 Mar 2009 14:45:46 -0400 Rubén Camarero <rjcamarero () gmail com> wrote:If ATI and nVidia were web content developers, this may be avalidargument, but they are not. They are graphics vendors, hardware and software. Not to mention the fact that this isn't a "serious" issue. RFI is a serious issue, IMHO. On Tue, Mar 24, 2009 at 1:37 PM, <mac.user () mac hush com>wrote:-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have been saying for years that ATI is better thannvidiaandhere is just one more reason! You don't see seriousissueslikethis with ATI's website. On Tue, 24 Mar 2009 10:13:21 -0400 Lorenzo Vogelsang <vogelsang.lorenzo () gmail com> wrote:Hi all, i'm new to the list. I'm an italian student wholikessecurity topics in the I.C.T world.. Browsing the nVdia web sites, i have found a very basicUrlredirection flaw. Infact when downloading a driver i get Urls likethis:http://www.nvidia.com/content/DriverDownload/download_confirmation.asp?kw=&url=http://us.download.nvidia.com/Windows/179.48/179.48_notebook_winxp_64bit_beta.exe and connecting to this another Urlhttp://www.nvidia.com/content/DriverDownload/download_confirmation.asp?kw=&url=http://www.google.it will redirects succefully to www.google.it! (or other websiteofyour choice , or downloadble content..) Enjoy! Lorenzo Vogelsang.-----BEGIN PGP SIGNATURE----- Charset: UTF8 Version: Hush 3.0 Note: This signature can be verified athttps://www.hushtools.com/verifywpwEAQMCAAYFAknJGmEACgkQfuF4tUz/X+KtEQP/fg36QI6yY9Hw6Q5eOsLUBGtPjg9/kxEmlsVdQl23h92FU75bHiOHhDMo7nLMCbHH7HHZDMvEw05OCDBaOqTx54xyTHBayH4sxf4joU8LSrTOFrklgT7tGXr+AMIfi4ypgIXzRv6Gx0vD3EAKIR3KWL4qFtg/OahHkl7qjOiz888= =2MOh -----END PGP SIGNATURE----- -- Can't pay your bills? Click here to learn about filingforbankruptcy.http://tagline.hushmail.com/fc/BLSrjkqhNChbdTZRNxLsL4IFkcZYo7APte6MFdjI1xth2KPqL4lm3VupTlG/_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.htmlHosted and sponsored by Secunia - http://secunia.com/-- Rubén Camarero CCNA, CISSP-----BEGIN PGP SIGNATURE----- Charset: UTF8 Version: Hush 3.0 Note: This signature can be verified athttps://www.hushtools.com/verifywpwEAQMCAAYFAknJMWoACgkQfuF4tUz/X+LbggP9GPddhDh3krXB3ieyORr5Yd2RdE6lfoRgQOUAaXbnpxc+d2XFByNe8wAYHF+dheNou5cb0XBF99NmW4wt2uoR57/7PmSp6zdM1bsBzocX6Kkpbl38bMf4ZG/OlEz7cqfNOGExPE5cicr2Y462fk/BAWfUWV6B82ieWz4ZBbBeab8= =ZiqN -----END PGP SIGNATURE----- -- Click to compare and save on auto insurance.http://tagline.hushmail.com/fc/BLSrjkqePmfJGmpcWA2Xcaz2NXhk84bAM4HxiigERihBJ2ZwE0pe0OeJOxS/-- Rubén Camarero CCNA, CISSP-----BEGIN PGP SIGNATURE----- Charset: UTF8 Note: This signature can be verified athttps://www.hushtools.com/verifyVersion: Hush 3.0wpwEAQMCAAYFAknJNO4ACgkQfuF4tUz/X+JobQP/fKdv2DPbFGfAh8+N6GsdKO7ct1B P2h0sXd57nD6bKwOi8CiOZR3/fMjyl72R0xuS0Gtq8PhkX/mMo8GGaHw0h8DdHJ0DIAb jkAY4Pc/oNXtRaO0UoCT0CJA04M9wIgdR0batMc9N0PHhI7Z041w7ycSohm9Q5u6UR9i BR3X0sRc= =ucxK -----END PGP SIGNATURE----- -- Click here for free information on how to reduce your debt byfiling forbankruptcy.http://tagline.hushmail.com/fc/BLSrjkqhNCha09Yyoll97un6Gs8mL19gd7D3 JKfsHHWsIQfxfuSbfcMocNq/-- Rubén Camarero CCNA, CISSP-----BEGIN PGP SIGNATURE----- Charset: UTF8 Version: Hush 3.0 Note: This signature can be verified at https://www.hushtools.com/verify wpwEAQMCAAYFAknJNwcACgkQfuF4tUz/X+IVsQP9HDa6vSSub9nXDYpiBgz1grUqoYbD nVd0ee3CSbBzArov2PK6abL0aNgR4SfDj//dlq+AzUZJz02yCR61+ysv8U7uSUrRmdjD rXjQl21C5vWMAe9FErKxEJFqit5bNhT6NBC0aHftxDnhOiK5VxmrvwiJd9s2VMXp0ob4 xSpn07c= =4By0 -----END PGP SIGNATURE----- -- Looking for insurance? Click to compare and save big. http://tagline.hushmail.com/fc/BLSrjkqeRJSlzyuuSygReQTvYYxFkBk62kTejAkm3iyoX0vxnOgDXtb7ISM/
-- Rubén Camarero CCNA, CISSP
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: nVidia.com [Url Redirection flaw], (continued)
- Re: nVidia.com [Url Redirection flaw] ascii (Mar 24)
- Re: nVidia.com [Url Redirection flaw] Eitan Adler (Mar 24)
- Re: nVidia.com [Url Redirection flaw] Jan G.B. (Mar 25)
- Re: nVidia.com [Url Redirection flaw] Anders Klixbull (Mar 25)
- Re: nVidia.com [Url Redirection flaw] Michal (Mar 25)
- Re: nVidia.com [Url Redirection flaw] mac . user (Mar 24)
- Re: nVidia.com [Url Redirection flaw] Rubén Camarero (Mar 24)
- Re: nVidia.com [Url Redirection flaw] mac . user (Mar 24)
- Re: nVidia.com [Url Redirection flaw] Rubén Camarero (Mar 24)
- Re: nVidia.com [Url Redirection flaw] mac . user (Mar 24)
- Re: nVidia.com [Url Redirection flaw] Rubén Camarero (Mar 24)
- Re: nVidia.com [Url Redirection flaw] mac . user (Mar 24)
- Re: nVidia.com [Url Redirection flaw] mac . user (Mar 25)
- Re: nVidia.com [Url Redirection flaw] Anders Klixbull (Mar 25)
- Re: nVidia.com [Url Redirection flaw] mac . user (Mar 25)
- Re: nVidia.com [Url Redirection flaw] Anders Klixbull (Mar 25)
- Re: nVidia.com [Url Redirection flaw] mac . user (Mar 25)
- Fwd: nVidia.com [Url Redirection flaw] Lorenzo Vogelsang (Mar 25)
- Re: Fwd: nVidia.com [Url Redirection flaw] Jeremy Brown (Mar 25)
- Re: Fwd: nVidia.com [Url Redirection flaw] Pete Licoln (Mar 25)
- Fwd: nVidia.com [Url Redirection flaw] Lorenzo Vogelsang (Mar 25)
- Re: Fwd: nVidia.com [Url Redirection flaw] mac . user (Mar 26)