That example has nothing to do with this particular bug. Using multiple exclamation or question marks does not help your ineffective argument, either.
On Tue, Mar 24, 2009 at 3:15 PM, <mac.u...@mac.hush.com> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > With all due respect, my corned beef and sauerkraut smelling > friend, I am simply pointing out that when it comes to security > nvidia is clueless. Do you not remember the great debacle of 2006 > when Rapid7 showed off remote kernel exploitation of the nvidia > driver by webbrowser? http://kerneltrap.org/node/7228 should > refresh your memory. 40 million lost credit cards but at least > they put nvidia in their rightful place and have their priorities > in order. And speaking of security concerns and nvidia, why do you > think Microsoft didn't use nvidia in their trusted gaming platform > xbox360???? Everyone in our industry knows that nvidia is shit for > security, even their javascript sucks!!! > > > On Tue, 24 Mar 2009 14:45:46 -0400 Rubén Camarero > <rjcamar...@gmail.com> wrote: > >If ATI and nVidia were web content developers, this may be a valid > >argument, > >but they are not. They are graphics vendors, hardware and > >software. Not to > >mention the fact that this isn't a "serious" issue. RFI is a > >serious issue, > >IMHO. > > > >On Tue, Mar 24, 2009 at 1:37 PM, <mac.u...@mac.hush.com> wrote: > > > >> -----BEGIN PGP SIGNED MESSAGE----- > >> Hash: SHA1 > >> > >> I have been saying for years that ATI is better than nvidia and > >> here is just one more reason! You don't see serious issues like > >> this with ATI's website. > >> > >> On Tue, 24 Mar 2009 10:13:21 -0400 Lorenzo Vogelsang > >> <vogelsang.lore...@gmail.com> wrote: > >> >Hi all, i'm new to the list. I'm an italian student who likes > >> >security > >> >topics in the I.C.T world.. > >> > > >> >Browsing the nVdia web sites, i have found a very basic Url > >> >redirection > >> >flaw. Infact when downloading a driver i get Urls like this: > >> > > >> > > >> > >>http://www.nvidia.com/content/DriverDownload/download_confirmation > >. > >> > >>asp?kw=&url=http://us.download.nvidia.com/Windows/179.48/179.48_no > >t > >> >ebook_winxp_64bit_beta.exe > >> > > >> >and connecting to this another Url > >> > > >> > > >> > >>http://www.nvidia.com/content/DriverDownload/download_confirmation > >. > >> >asp?kw=&url=http://www.google.it > >> > > >> > > >> >will redirects succefully to www.google.it! (or other web site > >of > >> >your > >> >choice , or downloadble content..) > >> > > >> > > >> >Enjoy! > >> > > >> >Lorenzo Vogelsang. > >> -----BEGIN PGP SIGNATURE----- > >> Charset: UTF8 > >> Version: Hush 3.0 > >> Note: This signature can be verified at > >https://www.hushtools.com/verify > >> > >> > >wpwEAQMCAAYFAknJGmEACgkQfuF4tUz/X+KtEQP/fg36QI6yY9Hw6Q5eOsLUBGtPjg9 > >/ > >> > >kxEmlsVdQl23h92FU75bHiOHhDMo7nLMCbHH7HHZDMvEw05OCDBaOqTx54xyTHBayH4 > >s > >> > >xf4joU8LSrTOFrklgT7tGXr+AMIfi4ypgIXzRv6Gx0vD3EAKIR3KWL4qFtg/OahHkl7 > >q > >> jOiz888= > >> =2MOh > >> -----END PGP SIGNATURE----- > >> > >> -- > >> Can't pay your bills? Click here to learn about filing for > >bankruptcy. > >> > >> > >http://tagline.hushmail.com/fc/BLSrjkqhNChbdTZRNxLsL4IFkcZYo7APte6M > >FdjI1xth2KPqL4lm3VupTlG/ > >> > >> _______________________________________________ > >> Full-Disclosure - We believe in it. > >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html > >> Hosted and sponsored by Secunia - http://secunia.com/ > >> > > > > > > > >-- > >Rubén Camarero > >CCNA, CISSP > -----BEGIN PGP SIGNATURE----- > Charset: UTF8 > Version: Hush 3.0 > Note: This signature can be verified at https://www.hushtools.com/verify > > wpwEAQMCAAYFAknJMWoACgkQfuF4tUz/X+LbggP9GPddhDh3krXB3ieyORr5Yd2RdE6l > foRgQOUAaXbnpxc+d2XFByNe8wAYHF+dheNou5cb0XBF99NmW4wt2uoR57/7PmSp6zdM > 1bsBzocX6Kkpbl38bMf4ZG/OlEz7cqfNOGExPE5cicr2Y462fk/BAWfUWV6B82ieWz4Z > BbBeab8= > =ZiqN > -----END PGP SIGNATURE----- > > -- > Click to compare and save on auto insurance. > > http://tagline.hushmail.com/fc/BLSrjkqePmfJGmpcWA2Xcaz2NXhk84bAM4HxiigERihBJ2ZwE0pe0OeJOxS/ > > -- Rubén Camarero CCNA, CISSP
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/