Full Disclosure mailing list archives
Re: nVidia.com [Url Redirection flaw]
From: mac.user () mac hush com
Date: Tue, 24 Mar 2009 15:50:54 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 dude... off list... "fuera de la lista" ? Can anyone help us overcome this language barrier? On Tue, 24 Mar 2009 15:46:02 -0400 Rubén Camarero <rjcamarero () gmail com> wrote:
Perhaps. On Tue, Mar 24, 2009 at 3:39 PM, <mac.user () mac hush com> wrote:-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Are you even aware that you've been arguing with me? Perhaps we should move this discussion off-list, so we don't annoy the restofthe bugtrackers... On Tue, 24 Mar 2009 15:34:32 -0400 Rubén Camarero <rjcamarero () gmail com> wrote:I am only stating that the bug posted here isn't serious. Iagreewith you on the other issues, more or less anyways. On Tue, Mar 24, 2009 at 3:30 PM, <mac.user () mac hush com> wrote:-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 nvidia has a poor track record with security. I'm citing two examples. One is on their website, and one is in theirdrivers.Can you cite anything they have done right? Your effectivearguingstrategies makes you a top nominee for Gadi Evron's no-swearingevent at defcon. On Tue, 24 Mar 2009 15:27:09 -0400 Rubén Camarero <rjcamarero () gmail com> wrote:That example has nothing to do with this particular bug.Usingmultiple exclamation or question marks does not help your ineffective argument, either. On Tue, Mar 24, 2009 at 3:15 PM, <mac.user () mac hush com>wrote:-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 With all due respect, my corned beef and sauerkrautsmellingfriend, I am simply pointing out that when it comes tosecuritynvidia is clueless. Do you not remember the great debacleof2006when Rapid7 showed off remote kernel exploitation of thenvidiadriver by webbrowser? http://kerneltrap.org/node/7228shouldrefresh your memory. 40 million lost credit cards but atleastthey put nvidia in their rightful place and have theirprioritiesin order. And speaking of security concerns and nvidia,whydoyouthink Microsoft didn't use nvidia in their trusted gamingplatformxbox360???? Everyone in our industry knows that nvidia isshitforsecurity, even their javascript sucks!!! On Tue, 24 Mar 2009 14:45:46 -0400 Rubén Camarero <rjcamarero () gmail com> wrote:If ATI and nVidia were web content developers, this maybe avalidargument, but they are not. They are graphics vendors, hardware and software. Not to mention the fact that this isn't a "serious" issue. RFIis aserious issue, IMHO. On Tue, Mar 24, 2009 at 1:37 PM, <mac.user () mac hush com>wrote:-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have been saying for years that ATI is better thannvidiaandhere is just one more reason! You don't see seriousissueslikethis with ATI's website. On Tue, 24 Mar 2009 10:13:21 -0400 Lorenzo Vogelsang <vogelsang.lorenzo () gmail com> wrote:Hi all, i'm new to the list. I'm an italian studentwholikessecurity topics in the I.C.T world.. Browsing the nVdia web sites, i have found a verybasicUrlredirection flaw. Infact when downloading a driver i get Urls likethis:http://www.nvidia.com/content/DriverDownload/download_confirmation.asp?kw=&url=http://us.download.nvidia.com/Windows/179.48/179.48_notebook_winxp_64bit_beta.exe and connecting to this another Urlhttp://www.nvidia.com/content/DriverDownload/download_confirmation.asp?kw=&url=http://www.google.it will redirects succefully to www.google.it! (or otherwebsiteofyour choice , or downloadble content..) Enjoy! Lorenzo Vogelsang.-----BEGIN PGP SIGNATURE----- Charset: UTF8 Version: Hush 3.0 Note: This signature can be verified athttps://www.hushtools.com/verifywpwEAQMCAAYFAknJGmEACgkQfuF4tUz/X+KtEQP/fg36QI6yY9Hw6Q5eOsLUBGtPjg9/kxEmlsVdQl23h92FU75bHiOHhDMo7nLMCbHH7HHZDMvEw05OCDBaOqTx54xyTHBayH4sxf4joU8LSrTOFrklgT7tGXr+AMIfi4ypgIXzRv6Gx0vD3EAKIR3KWL4qFtg/OahHkl7qjOiz888= =2MOh -----END PGP SIGNATURE----- -- Can't pay your bills? Click here to learn about filingforbankruptcy.http://tagline.hushmail.com/fc/BLSrjkqhNChbdTZRNxLsL4IFkcZYo7APte6MFdjI1xth2KPqL4lm3VupTlG/_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.htmlHosted and sponsored by Secunia - http://secunia.com/-- Rubén Camarero CCNA, CISSP-----BEGIN PGP SIGNATURE----- Charset: UTF8 Version: Hush 3.0 Note: This signature can be verified athttps://www.hushtools.com/verifywpwEAQMCAAYFAknJMWoACgkQfuF4tUz/X+LbggP9GPddhDh3krXB3ieyORr5Yd2RdE6lfoRgQOUAaXbnpxc+d2XFByNe8wAYHF+dheNou5cb0XBF99NmW4wt2uoR57/7PmSp6zdM1bsBzocX6Kkpbl38bMf4ZG/OlEz7cqfNOGExPE5cicr2Y462fk/BAWfUWV6B82ieWz4ZBbBeab8= =ZiqN -----END PGP SIGNATURE----- -- Click to compare and save on auto insurance.http://tagline.hushmail.com/fc/BLSrjkqePmfJGmpcWA2Xcaz2NXhk84bAM4HxiigERihBJ2ZwE0pe0OeJOxS/-- Rubén Camarero CCNA, CISSP-----BEGIN PGP SIGNATURE----- Charset: UTF8 Note: This signature can be verified athttps://www.hushtools.com/verifyVersion: Hush 3.0wpwEAQMCAAYFAknJNO4ACgkQfuF4tUz/X+JobQP/fKdv2DPbFGfAh8+N6GsdKO7ct1BP2h0sXd57nD6bKwOi8CiOZR3/fMjyl72R0xuS0Gtq8PhkX/mMo8GGaHw0h8DdHJ0DIAbjkAY4Pc/oNXtRaO0UoCT0CJA04M9wIgdR0batMc9N0PHhI7Z041w7ycSohm9Q5u6UR9iBR3X0sRc= =ucxK -----END PGP SIGNATURE----- -- Click here for free information on how to reduce your debt byfiling forbankruptcy.http://tagline.hushmail.com/fc/BLSrjkqhNCha09Yyoll97un6Gs8mL19gd7D3JKfsHHWsIQfxfuSbfcMocNq/-- Rubén Camarero CCNA, CISSP-----BEGIN PGP SIGNATURE----- Charset: UTF8 Version: Hush 3.0 Note: This signature can be verified athttps://www.hushtools.com/verifywpwEAQMCAAYFAknJNwcACgkQfuF4tUz/X+IVsQP9HDa6vSSub9nXDYpiBgz1grUqoYb DnVd0ee3CSbBzArov2PK6abL0aNgR4SfDj//dlq+AzUZJz02yCR61+ysv8U7uSUrRmdj DrXjQl21C5vWMAe9FErKxEJFqit5bNhT6NBC0aHftxDnhOiK5VxmrvwiJd9s2VMXp0ob 4xSpn07c= =4By0 -----END PGP SIGNATURE----- -- Looking for insurance? Click to compare and save big.http://tagline.hushmail.com/fc/BLSrjkqeRJSlzyuuSygReQTvYYxFkBk62kTe jAkm3iyoX0vxnOgDXtb7ISM/-- Rubén Camarero CCNA, CISSP
-----BEGIN PGP SIGNATURE----- Charset: UTF8 Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 3.0 wpwEAQMCAAYFAknJOZ4ACgkQfuF4tUz/X+J8uQP/dRdtZikUJJS3hakKd+ADx8isnUxc kJIC3uzG5yp8XFJFWkCR2DaM5tBrLhXhEiIzEzoXJ95M9Gok8+GVH2nvYex6j7bde/tx zvzLqYbum0z96D+c0Ifv2Rk2VCTSGJ+XTlOkCSyO8aASec/XLCWxm9tkLa9wSYtj7VCf KoShv74= =0Wmx -----END PGP SIGNATURE----- -- Become a medical transcriptionist at home, at your own pace. http://tagline.hushmail.com/fc/BLSrjkqfMmc87Q7V886A2pQQnP3wiFzt0CJlXLvT1qRvFNCBvDAhrNqJ8Mw/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: nVidia.com [Url Redirection flaw], (continued)
- Re: nVidia.com [Url Redirection flaw] Eitan Adler (Mar 24)
- Re: nVidia.com [Url Redirection flaw] Jan G.B. (Mar 25)
- Re: nVidia.com [Url Redirection flaw] Anders Klixbull (Mar 25)
- Re: nVidia.com [Url Redirection flaw] Michal (Mar 25)
- Re: nVidia.com [Url Redirection flaw] mac . user (Mar 24)
- Re: nVidia.com [Url Redirection flaw] Rubén Camarero (Mar 24)
- Re: nVidia.com [Url Redirection flaw] mac . user (Mar 24)
- Re: nVidia.com [Url Redirection flaw] Rubén Camarero (Mar 24)
- Re: nVidia.com [Url Redirection flaw] mac . user (Mar 24)
- Re: nVidia.com [Url Redirection flaw] Rubén Camarero (Mar 24)
- Re: nVidia.com [Url Redirection flaw] mac . user (Mar 24)
- Re: nVidia.com [Url Redirection flaw] mac . user (Mar 25)
- Re: nVidia.com [Url Redirection flaw] Anders Klixbull (Mar 25)
- Re: nVidia.com [Url Redirection flaw] mac . user (Mar 25)
- Re: nVidia.com [Url Redirection flaw] Anders Klixbull (Mar 25)
- Re: nVidia.com [Url Redirection flaw] mac . user (Mar 25)
- Fwd: nVidia.com [Url Redirection flaw] Lorenzo Vogelsang (Mar 25)
- Re: Fwd: nVidia.com [Url Redirection flaw] Jeremy Brown (Mar 25)
- Re: Fwd: nVidia.com [Url Redirection flaw] Pete Licoln (Mar 25)
- Fwd: nVidia.com [Url Redirection flaw] Lorenzo Vogelsang (Mar 25)
- Re: Fwd: nVidia.com [Url Redirection flaw] mac . user (Mar 26)
- Fwd: Fwd: nVidia.com [Url Redirection flaw] Lorenzo Vogelsang (Mar 26)
(Thread continues...)