Re: nVidia.com [Url Redirection flaw]

[Rubén Camarero <rjcamarero () gmail com>]

I shall count the seconds it take for Mr. Mac.User to switch internet pages
to go to Mr. Lincoln's gmail and write a reply to himself: 1, 2, finish it
for me!

On Thu, Mar 26, 2009 at 12:34 PM, <mac.user () mac hush com> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> My favourite sort of internet personality is one that trolls
> grammar nazis in their well structured insults against the
> intelligence of others.  Bravo my friend.
>
> On Thu, 26 Mar 2009 01:09:38 -0400 Rubén Camarero
> <rjcamarero () gmail com> wrote:
> > _You_ are two dim to imagine that this issue is more like a bug
> > than a
> > vulnerability. If _you_ did try to imagine it, your head would
> > probably
> > explode and xssme would ooze out.
> >
> > On Thu, Mar 26, 2009 at 12:42 AM, Nick FitzGerald
> > <nick () virus-l demon co uk>wrote:
> >
> > > Rubén Camarero wrote:
> > >
> > > > What great references. Owasp isn't the king of vulnerability
> > information,
> > > of
> > > > course a website named XSSed is going to count this as super
> > serious, and
> > > > while I respect Insecure.. these days, people have exploited
> > web bugs to
> > > > their max (and I'm waiting for more), but they aren't directly
> > serious.
> > > > DIRECTLY is the key word.
> > >
> > > No, but just because this kind of vulnerability is "only"
> > indirectly
> > > serious dosen't mean that they aren't serious.
> > >
> > > Just because _you_ are too dim to imagine a way that someone can
> > profit
> > > significantly from exploiting this does not mean that there are
> > not such
> > > methods, NOR that use of such exploits won't "damage" nVidia.
> > >
> > > Whether nVidia (and others affected by so many similar
> > vulnerabilities)
> > > will see this and decide to take action is what really matters.
> > In this
> > > regard, I certainly hope that you do not work for, or consult
> > with, or
> > > otherwise represent the view of nVidia on this issue.
> > >
> > >
> > > Regards,
> > >
> > > Nick FitzGerald
> > >
> > >
> > > _______________________________________________
> > > Full-Disclosure - We believe in it.
> > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > > Hosted and sponsored by Secunia - http://secunia.com/
> >
> >
> >
> > --
> > Rubén Camarero
> > CCNA, CISSP
> -----BEGIN PGP SIGNATURE-----
> Charset: UTF8
> Version: Hush 3.0
> Note: This signature can be verified at https://www.hushtools.com/verify
>
> wpwEAQMCAAYFAknLrq4ACgkQfuF4tUz/X+JKzAP/ViirowPihAisi1DFEi4W6jOn/CwQ
> sAU9c5riwPvj5DrYfZYblg2BIduxBYweSAwrcA8TnJNBaBKOIv1weO2MclqEp11xq+Z3
> UfR2UpkldfMWzHpfGkxhwcz2xcy5T9PN/79IGnGk3xiG8zW2eBo88yNrhiE7x2e9PFjI
> BOCaN9A=
> =gYB5
> -----END PGP SIGNATURE-----
>
> --
> Free information on the best Web Hosting. Click Now!
>
> http://tagline.hushmail.com/fc/BLSrjkqe38U7zLZKJoIcSfnZcCPMg2m3CMMZbrY9em4IiOArRQ7ukNi4nK4/


-- 
Rubén Camarero
CCNA, CISSP

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/