Full Disclosure mailing list archives
Re: nVidia.com [Url Redirection flaw]
From: Chris Evans <scarybeasts () gmail com>
Date: Wed, 25 Mar 2009 12:29:11 -0700
2009/3/25 Rubén Camarero <rjcamarero () gmail com>:
What great references. Owasp isn't the king of vulnerability information, of course a website named XSSed is going to count this as super serious, and while I respect Insecure.. these days, people have exploited web bugs to their max (and I'm waiting for more), but they aren't directly serious. DIRECTLY is the key word.
What about indirectly? People love to rant and rave about redirectors, but none of it is informed. Sure, redirectors often feature in URLs leading to malware etc. But that's irrelevant without click-through rates and block rates on the redirected vs. non-redirected versions. All the evidence I see is that the class of users we're trying to protect will click on arbitrary links without care for the domain. (And enter their passwords in any domain, without checking for https, and etc. etc). Cheers Chris
2009/3/25 yersinia <yersinia.spiros () gmail com>2009/3/24 Rubén Camarero <rjcamarero () gmail com>If ATI and nVidia were web content developers, this may be a valid argument, but they are not. They are graphics vendors, hardware and software. Not to mention the fact that this isn't a "serious" issue. RFI is a serious issue, IMHO.Well, not everyone agreed with your opinion. http://www.owasp.org/index.php/Open_redirect http://www.xssed.com/article/26/Open_redirect_vulnerabilities_definition_and_prevention/ http://www.net-security.org/dl/insecure/INSECURE-Mag-17.pdf-- Rubén Camarero CCNA, CISSP _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- nVidia.com [Url Redirection flaw] Lorenzo Vogelsang (Mar 24)
- Re: nVidia.com [Url Redirection flaw] Martin Aberastegue (Mar 25)
- nVidia.com [Url Redirection flaw] Lorenzo Vogelsang (Mar 25)
- Re: nVidia.com [Url Redirection flaw] Valdis . Kletnieks (Mar 25)
- nVidia.com [Url Redirection flaw] Lorenzo Vogelsang (Mar 25)
- <Possible follow-ups>
- Re: nVidia.com [Url Redirection flaw] mac . user (Mar 24)
- Re: nVidia.com [Url Redirection flaw] Rubén Camarero (Mar 24)
- Re: nVidia.com [Url Redirection flaw] yersinia (Mar 25)
- Re: nVidia.com [Url Redirection flaw] Rubén Camarero (Mar 25)
- Re: nVidia.com [Url Redirection flaw] Chris Evans (Mar 25)
- Re: nVidia.com [Url Redirection flaw] Pete Licoln (Mar 25)
- Re: nVidia.com [Url Redirection flaw] Nick FitzGerald (Mar 26)
- Re: nVidia.com [Url Redirection flaw] Rubén Camarero (Mar 24)
- Re: nVidia.com [Url Redirection flaw] Nick FitzGerald (Mar 25)
- Re: nVidia.com [Url Redirection flaw] Rubén Camarero (Mar 25)
- Re: nVidia.com [Url Redirection flaw] Martin Aberastegue (Mar 25)
- Re: nVidia.com [Url Redirection flaw] ascii (Mar 24)
- Re: nVidia.com [Url Redirection flaw] Eitan Adler (Mar 24)
- Re: nVidia.com [Url Redirection flaw] Jan G.B. (Mar 25)