lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 25 Mar 2009 10:07:42 -0400
From: mac.user@....hush.com
To: full-disclosure@...ts.grok.org.uk, michal@...rescope.co.uk
Subject: Re: nVidia.com [Url Redirection flaw]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Look, this security mailing list is about computer security issues
and not meant to be your video gaming blog  Also you are confusing
the issues of hardware and the drivers and other softwares that
interact with them, but that is beside the point!!!!!!  We are
attempting to discuss serious computer security issues such as XSS,
XSRF, url misguidance attacks, and remote kernel driver
exploitation by way of internet exploration interfaces.  No one on
this list cares about which videocard you prefer for your Rapelay
gameplay, and further this simply isn't the place to talk about
that sort of thing.

On Wed, 25 Mar 2009 05:21:40 -0400 Michal <michal@...rescope.co.uk>
wrote:
>I'd like to quickly jump on this bandwagon, backing up what
>someone said
>about nVidia being a driver company not a website company; nVidia
>drivers
>are far FAR better then ATI. Mentioned is the security, yes ok,
>but in terms
>of putting ATI and nVidia drivers side by side, nVidia win, hands
>down. I
>mean I've played games with ATI cards where you could see through
>a
>wall...it's a wall hack without even wanting one!
>
>-----Original Message-----
>From: full-disclosure-bounces@...ts.grok.org.uk
>[mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of
>mac.user@....hush.com
>Sent: 24 March 2009 17:38
>To: full-disclosure@...ts.grok.org.uk; vogelsang.lorenzo@...il.com
>Subject: Re: [Full-disclosure] nVidia.com [Url Redirection flaw]
>
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>I have been saying for years that ATI is better than nvidia and
>here is just one more reason!  You don't see serious issues like
>this with ATI's website.
>
>On Tue, 24 Mar 2009 10:13:21 -0400 Lorenzo Vogelsang
><vogelsang.lorenzo@...il.com> wrote:
>>Hi all, i'm new to the list. I'm an italian student who likes
>>security
>>topics in the I.C.T world..
>>
>>Browsing the nVdia web sites, i have found a very basic Url
>>redirection
>>flaw. Infact when downloading a driver i get Urls like this:
>>
>>
>>http://www.nvidia.com/content/DriverDownload/download_confirmation
>.
>>asp?kw=&url=http://us.download.nvidia.com/Windows/179.48/179.48_no
>t
>>ebook_winxp_64bit_beta.exe
>>
>>and connecting to this another Url
>>
>>
>>http://www.nvidia.com/content/DriverDownload/download_confirmation
>.
>>asp?kw=&url=http://www.google.it
>>
>>
>>will redirects succefully to www.google.it! (or other web site of
>>your
>>choice , or downloadble content..)
>>
>>
>>Enjoy!
>>
>>Lorenzo Vogelsang.
>-----BEGIN PGP SIGNATURE-----
>Charset: UTF8
>Version: Hush 3.0
>Note: This signature can be verified at
>https://www.hushtools.com/verify
>
>wpwEAQMCAAYFAknJGmEACgkQfuF4tUz/X+KtEQP/fg36QI6yY9Hw6Q5eOsLUBGtPjg9
>/
>kxEmlsVdQl23h92FU75bHiOHhDMo7nLMCbHH7HHZDMvEw05OCDBaOqTx54xyTHBayH4
>s
>xf4joU8LSrTOFrklgT7tGXr+AMIfi4ypgIXzRv6Gx0vD3EAKIR3KWL4qFtg/OahHkl7
>q
>jOiz888=
>=2MOh
>-----END PGP SIGNATURE-----
>
>--
>Can't pay your bills?  Click here to learn about filing for
>bankruptcy.
>
>http://tagline.hushmail.com/fc/BLSrjkqhNChbdTZRNxLsL4IFkcZYo7APte6M
>FdjI1xth2
>KPqL4lm3VupTlG/
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>Hosted and sponsored by Secunia - http://secunia.com/
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>Hosted and sponsored by Secunia - http://secunia.com/
-----BEGIN PGP SIGNATURE-----
Charset: UTF8
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 3.0

wpwEAQMCAAYFAknKOq8ACgkQfuF4tUz/X+LiswP/SpNszHDxCxHdRLNXEZ9PyudFf6tG
sD4FTWqYFJWhM5PZcZSPC7djUddE/nCuZPNv76C08Qmv+6BS4JRmtHAm3tubm4w/koG3
MoKLDxszZNKUynh7DXYc4egF63hGgaGLSeDcpI7QFL20lVdRJMUcWhvyPtuA3TdZJql8
PRQzuNQ=
=ReEr
-----END PGP SIGNATURE-----

--
Click to get kitchen cabinets at affordable prices.
 http://tagline.hushmail.com/fc/BLSrjkqfY0nblyRlNkQ1SnY8628jlkeW1MTprowPLwxdTGFmbz8gxD0kAhC/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ