| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 26 Mar 2009 12:46:02 -0400
From: Pete Licoln <pete.licoln@...il.com>
To: Rubén Camarero <rjcamarero@...il.com>,
full-disclosure <full-disclosure@...ts.grok.org.uk>
Subject: Re: nVidia.com [Url Redirection flaw]
Wrong on that one .. Ruben.
But i agree on the Anders Klixbull one :)
2009/3/26 Rubén Camarero <rjcamarero@...il.com>
> I shall count the seconds it take for Mr. Mac.User to switch internet pages
> to go to Mr. Lincoln's gmail and write a reply to himself: 1, 2, finish it
> for me!
>
> On Thu, Mar 26, 2009 at 12:34 PM, <mac.user@....hush.com> wrote:
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> My favourite sort of internet personality is one that trolls
>> grammar nazis in their well structured insults against the
>> intelligence of others. Bravo my friend.
>>
>> On Thu, 26 Mar 2009 01:09:38 -0400 Rubén Camarero
>> <rjcamarero@...il.com> wrote:
>> >_You_ are two dim to imagine that this issue is more like a bug
>> >than a
>> >vulnerability. If _you_ did try to imagine it, your head would
>> >probably
>> >explode and xssme would ooze out.
>> >
>> >On Thu, Mar 26, 2009 at 12:42 AM, Nick FitzGerald
>> ><nick@...us-l.demon.co.uk>wrote:
>> >
>> >> Rubén Camarero wrote:
>> >>
>> >> > What great references. Owasp isn't the king of vulnerability
>> >information,
>> >> of
>> >> > course a website named XSSed is going to count this as super
>> >serious, and
>> >> > while I respect Insecure.. these days, people have exploited
>> >web bugs to
>> >> > their max (and I'm waiting for more), but they aren't directly
>> >serious.
>> >> > DIRECTLY is the key word.
>> >>
>> >> No, but just because this kind of vulnerability is "only"
>> >indirectly
>> >> serious dosen't mean that they aren't serious.
>> >>
>> >> Just because _you_ are too dim to imagine a way that someone can
>> >profit
>> >> significantly from exploiting this does not mean that there are
>> >not such
>> >> methods, NOR that use of such exploits won't "damage" nVidia.
>> >>
>> >> Whether nVidia (and others affected by so many similar
>> >vulnerabilities)
>> >> will see this and decide to take action is what really matters.
>> >In this
>> >> regard, I certainly hope that you do not work for, or consult
>> >with, or
>> >> otherwise represent the view of nVidia on this issue.
>> >>
>> >>
>> >> Regards,
>> >>
>> >> Nick FitzGerald
>> >>
>> >>
>> >> _______________________________________________
>> >> Full-Disclosure - We believe in it.
>> >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> >> Hosted and sponsored by Secunia - http://secunia.com/
>> >>
>> >
>> >
>> >
>> >--
>> >Rubén Camarero
>> >CCNA, CISSP
>> -----BEGIN PGP SIGNATURE-----
>> Charset: UTF8
>> Version: Hush 3.0
>> Note: This signature can be verified at https://www.hushtools.com/verify
>>
>> wpwEAQMCAAYFAknLrq4ACgkQfuF4tUz/X+JKzAP/ViirowPihAisi1DFEi4W6jOn/CwQ
>> sAU9c5riwPvj5DrYfZYblg2BIduxBYweSAwrcA8TnJNBaBKOIv1weO2MclqEp11xq+Z3
>> UfR2UpkldfMWzHpfGkxhwcz2xcy5T9PN/79IGnGk3xiG8zW2eBo88yNrhiE7x2e9PFjI
>> BOCaN9A=
>> =gYB5
>> -----END PGP SIGNATURE-----
>>
>> --
>> Free information on the best Web Hosting. Click Now!
>>
>> http://tagline.hushmail.com/fc/BLSrjkqe38U7zLZKJoIcSfnZcCPMg2m3CMMZbrY9em4IiOArRQ7ukNi4nK4/
>>
>>
>
>
> --
> Rubén Camarero
> CCNA, CISSP
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists