Re: [Full-disclosure] nVidia.com [Url Redirection flaw]
- From: Rubén Camarero <rjcamarero@xxxxxxxxx>
- Date: Tue, 24 Mar 2009 15:34:32 -0400
I am only stating that the bug posted here isn't serious. I agree with you
on the other issues, more or less anyways.
On Tue, Mar 24, 2009 at 3:30 PM, <mac.user@xxxxxxxxxxxx> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
nvidia has a poor track record with security. I'm citing two
examples. One is on their website, and one is in their drivers.
Can you cite anything they have done right? Your effective arguing
strategies makes you a top nominee for Gadi Evron's no-swearing
event at defcon.
On Tue, 24 Mar 2009 15:27:09 -0400 Rubén Camarero
<rjcamarero@xxxxxxxxx> wrote:
That example has nothing to do with this particular bug. Using-----BEGIN PGP SIGNATURE-----
multiple
exclamation or question marks does not help your ineffective
argument,
either.
On Tue, Mar 24, 2009 at 3:15 PM, <mac.user@xxxxxxxxxxxx> wrote:
-----BEGIN PGP SIGNED MESSAGE-----2006
Hash: SHA1
With all due respect, my corned beef and sauerkraut smelling
friend, I am simply pointing out that when it comes to security
nvidia is clueless. Do you not remember the great debacle of
when Rapid7 showed off remote kernel exploitation of the nvidiapriorities
driver by webbrowser? http://kerneltrap.org/node/7228 should
refresh your memory. 40 million lost credit cards but at least
they put nvidia in their rightful place and have their
in order. And speaking of security concerns and nvidia, why doyou
think Microsoft didn't use nvidia in their trusted gamingplatform
xbox360???? Everyone in our industry knows that nvidia is shitfor
security, even their javascript sucks!!!valid
On Tue, 24 Mar 2009 14:45:46 -0400 Rubén Camarero
<rjcamarero@xxxxxxxxx> wrote:
If ATI and nVidia were web content developers, this may be a
andargument,
but they are not. They are graphics vendors, hardware and
software. Not to
mention the fact that this isn't a "serious" issue. RFI is a
serious issue,
IMHO.
On Tue, Mar 24, 2009 at 1:37 PM, <mac.user@xxxxxxxxxxxx> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I have been saying for years that ATI is better than nvidia
likehere is just one more reason! You don't see serious issues
likesthis with ATI's website.
On Tue, 24 Mar 2009 10:13:21 -0400 Lorenzo Vogelsang
<vogelsang.lorenzo@xxxxxxxxx> wrote:
Hi all, i'm new to the list. I'm an italian student who
nsecurity
topics in the I.C.T world..
Browsing the nVdia web sites, i have found a very basic Url
redirection
flaw. Infact when downloading a driver i get Urls like this:
http://www.nvidia.com/content/DriverDownload/download_confirmatio
o.
asp?kw=&url=http://us.download.nvidia.com/Windows/179.48/179.48_n
nt
ebook_winxp_64bit_beta.exe
and connecting to this another Url
http://www.nvidia.com/content/DriverDownload/download_confirmatio
site.
asp?kw=&url=http://www.google.it
will redirects succefully to www.google.it! (or other web
9of
https://www.hushtools.com/verifyyour-----BEGIN PGP SIGNATURE-----
choice , or downloadble content..)
Enjoy!
Lorenzo Vogelsang.
Charset: UTF8
Version: Hush 3.0
Note: This signature can be verified at
wpwEAQMCAAYFAknJGmEACgkQfuF4tUz/X+KtEQP/fg36QI6yY9Hw6Q5eOsLUBGtPjg
4/
kxEmlsVdQl23h92FU75bHiOHhDMo7nLMCbHH7HHZDMvEw05OCDBaOqTx54xyTHBayH
7s
xf4joU8LSrTOFrklgT7tGXr+AMIfi4ypgIXzRv6Gx0vD3EAKIR3KWL4qFtg/OahHkl
Mq
jOiz888=bankruptcy.
=2MOh
-----END PGP SIGNATURE-----
--
Can't pay your bills? Click here to learn about filing for
http://tagline.hushmail.com/fc/BLSrjkqhNChbdTZRNxLsL4IFkcZYo7APte6
charter.htmlFdjI1xth2KPqL4lm3VupTlG/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-
https://www.hushtools.com/verify-----BEGIN PGP SIGNATURE-----Hosted and sponsored by Secunia - http://secunia.com/
--
Rubén Camarero
CCNA, CISSP
Charset: UTF8
Version: Hush 3.0
Note: This signature can be verified at
wpwEAQMCAAYFAknJMWoACgkQfuF4tUz/X+LbggP9GPddhDh3krXB3ieyORr5Yd2RdE6
l
foRgQOUAaXbnpxc+d2XFByNe8wAYHF+dheNou5cb0XBF99NmW4wt2uoR57/7PmSp6zd
M
1bsBzocX6Kkpbl38bMf4ZG/OlEz7cqfNOGExPE5cicr2Y462fk/BAWfUWV6B82ieWz4
Z
BbBeab8=http://tagline.hushmail.com/fc/BLSrjkqePmfJGmpcWA2Xcaz2NXhk84bAM4Hx
=ZiqN
-----END PGP SIGNATURE-----
--
Click to compare and save on auto insurance.
iigERihBJ2ZwE0pe0OeJOxS/
--
Rubén Camarero
CCNA, CISSP
Charset: UTF8
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 3.0
wpwEAQMCAAYFAknJNO4ACgkQfuF4tUz/X+JobQP/fKdv2DPbFGfAh8+N6GsdKO7ct1BP
2h0sXd57nD6bKwOi8CiOZR3/fMjyl72R0xuS0Gtq8PhkX/mMo8GGaHw0h8DdHJ0DIAbj
kAY4Pc/oNXtRaO0UoCT0CJA04M9wIgdR0batMc9N0PHhI7Z041w7ycSohm9Q5u6UR9iB
R3X0sRc=
=ucxK
-----END PGP SIGNATURE-----
--
Click here for free information on how to reduce your debt by filing for
bankruptcy.
http://tagline.hushmail.com/fc/BLSrjkqhNCha09Yyoll97un6Gs8mL19gd7D3JKfsHHWsIQfxfuSbfcMocNq/
--
Rubén Camarero
CCNA, CISSP
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- References:
- Re: [Full-disclosure] nVidia.com [Url Redirection flaw]
- From: mac . user
- Re: [Full-disclosure] nVidia.com [Url Redirection flaw]
- Prev by Date: Re: [Full-disclosure] nVidia.com [Url Redirection flaw]
- Next by Date: Re: [Full-disclosure] nVidia.com [Url Redirection flaw]
- Previous by thread: Re: [Full-disclosure] nVidia.com [Url Redirection flaw]
- Next by thread: Re: [Full-disclosure] nVidia.com [Url Redirection flaw]
- Index(es):
Relevant Pages
|
