lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Wed, 25 Mar 2009 15:17:19 +0100
From: "Anders Klixbull" <akl@...erian.dk>
To: <mac.user@....hush.com>, <full-disclosure@...ts.grok.org.uk>,
	<michal@...rescope.co.uk>
Subject: Re: nVidia.com [Url Redirection flaw]

Helol n3td3v 

-----Original Message-----
From: full-disclosure-bounces@...ts.grok.org.uk
[mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of
mac.user@....hush.com
Sent: 25. marts 2009 15:08
To: full-disclosure@...ts.grok.org.uk; michal@...rescope.co.uk
Subject: Re: [Full-disclosure] nVidia.com [Url Redirection flaw]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Look, this security mailing list is about computer security issues and
not meant to be your video gaming blog  Also you are confusing the
issues of hardware and the drivers and other softwares that interact
with them, but that is beside the point!!!!!!  We are attempting to
discuss serious computer security issues such as XSS, XSRF, url
misguidance attacks, and remote kernel driver exploitation by way of
internet exploration interfaces.  No one on this list cares about which
videocard you prefer for your Rapelay gameplay, and further this simply
isn't the place to talk about that sort of thing.

On Wed, 25 Mar 2009 05:21:40 -0400 Michal <michal@...rescope.co.uk>
wrote:
>I'd like to quickly jump on this bandwagon, backing up what someone 
>said about nVidia being a driver company not a website company; nVidia 
>drivers are far FAR better then ATI. Mentioned is the security, yes ok,

>but in terms of putting ATI and nVidia drivers side by side, nVidia 
>win, hands down. I mean I've played games with ATI cards where you 
>could see through a wall...it's a wall hack without even wanting one!
>
>-----Original Message-----
>From: full-disclosure-bounces@...ts.grok.org.uk
>[mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of 
>mac.user@....hush.com
>Sent: 24 March 2009 17:38
>To: full-disclosure@...ts.grok.org.uk; vogelsang.lorenzo@...il.com
>Subject: Re: [Full-disclosure] nVidia.com [Url Redirection flaw]
>
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>I have been saying for years that ATI is better than nvidia and here is

>just one more reason!  You don't see serious issues like this with 
>ATI's website.
>
>On Tue, 24 Mar 2009 10:13:21 -0400 Lorenzo Vogelsang 
><vogelsang.lorenzo@...il.com> wrote:
>>Hi all, i'm new to the list. I'm an italian student who likes security

>>topics in the I.C.T world..
>>
>>Browsing the nVdia web sites, i have found a very basic Url 
>>redirection flaw. Infact when downloading a driver i get Urls like 
>>this:
>>
>>
>>http://www.nvidia.com/content/DriverDownload/download_confirmation
>.
>>asp?kw=&url=http://us.download.nvidia.com/Windows/179.48/179.48_no
>t
>>ebook_winxp_64bit_beta.exe
>>
>>and connecting to this another Url
>>
>>
>>http://www.nvidia.com/content/DriverDownload/download_confirmation
>.
>>asp?kw=&url=http://www.google.it
>>
>>
>>will redirects succefully to www.google.it! (or other web site of your

>>choice , or downloadble content..)
>>
>>
>>Enjoy!
>>
>>Lorenzo Vogelsang.
>-----BEGIN PGP SIGNATURE-----
>Charset: UTF8
>Version: Hush 3.0
>Note: This signature can be verified at 
>https://www.hushtools.com/verify
>
>wpwEAQMCAAYFAknJGmEACgkQfuF4tUz/X+KtEQP/fg36QI6yY9Hw6Q5eOsLUBGtPjg9
>/
>kxEmlsVdQl23h92FU75bHiOHhDMo7nLMCbHH7HHZDMvEw05OCDBaOqTx54xyTHBayH4
>s
>xf4joU8LSrTOFrklgT7tGXr+AMIfi4ypgIXzRv6Gx0vD3EAKIR3KWL4qFtg/OahHkl7
>q
>jOiz888=
>=2MOh
>-----END PGP SIGNATURE-----
>
>--
>Can't pay your bills?  Click here to learn about filing for bankruptcy.
>
>http://tagline.hushmail.com/fc/BLSrjkqhNChbdTZRNxLsL4IFkcZYo7APte6M
>FdjI1xth2
>KPqL4lm3VupTlG/
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>Hosted and sponsored by Secunia - http://secunia.com/
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>Hosted and sponsored by Secunia - http://secunia.com/
-----BEGIN PGP SIGNATURE-----
Charset: UTF8
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 3.0

wpwEAQMCAAYFAknKOq8ACgkQfuF4tUz/X+LiswP/SpNszHDxCxHdRLNXEZ9PyudFf6tG
sD4FTWqYFJWhM5PZcZSPC7djUddE/nCuZPNv76C08Qmv+6BS4JRmtHAm3tubm4w/koG3
MoKLDxszZNKUynh7DXYc4egF63hGgaGLSeDcpI7QFL20lVdRJMUcWhvyPtuA3TdZJql8
PRQzuNQ=
=ReEr
-----END PGP SIGNATURE-----

--
Click to get kitchen cabinets at affordable prices.
 
http://tagline.hushmail.com/fc/BLSrjkqfY0nblyRlNkQ1SnY8628jlkeW1MTprowPL
wxdTGFmbz8gxD0kAhC/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ