_You_ are two dim to imagine that this issue is more like a bug than a vulnerability. If _you_ did try to imagine it, your head would probably explode and xssme would ooze out.
On Thu, Mar 26, 2009 at 12:42 AM, Nick FitzGerald <n...@virus-l.demon.co.uk>wrote: > Rubén Camarero wrote: > > > What great references. Owasp isn't the king of vulnerability information, > of > > course a website named XSSed is going to count this as super serious, and > > while I respect Insecure.. these days, people have exploited web bugs to > > their max (and I'm waiting for more), but they aren't directly serious. > > DIRECTLY is the key word. > > No, but just because this kind of vulnerability is "only" indirectly > serious dosen't mean that they aren't serious. > > Just because _you_ are too dim to imagine a way that someone can profit > significantly from exploiting this does not mean that there are not such > methods, NOR that use of such exploits won't "damage" nVidia. > > Whether nVidia (and others affected by so many similar vulnerabilities) > will see this and decide to take action is what really matters. In this > regard, I certainly hope that you do not work for, or consult with, or > otherwise represent the view of nVidia on this issue. > > > Regards, > > Nick FitzGerald > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -- Rubén Camarero CCNA, CISSP
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/