I am only stating that the bug posted here isn't serious. I agree with you on the other issues, more or less anyways.
On Tue, Mar 24, 2009 at 3:30 PM, <[email protected]> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > nvidia has a poor track record with security. I'm citing two > examples. One is on their website, and one is in their drivers. > Can you cite anything they have done right? Your effective arguing > strategies makes you a top nominee for Gadi Evron's no-swearing > event at defcon. > > On Tue, 24 Mar 2009 15:27:09 -0400 Rubén Camarero > <[email protected]> wrote: > >That example has nothing to do with this particular bug. Using > >multiple > >exclamation or question marks does not help your ineffective > >argument, > >either. > > > >On Tue, Mar 24, 2009 at 3:15 PM, <[email protected]> wrote: > > > >> -----BEGIN PGP SIGNED MESSAGE----- > >> Hash: SHA1 > >> > >> With all due respect, my corned beef and sauerkraut smelling > >> friend, I am simply pointing out that when it comes to security > >> nvidia is clueless. Do you not remember the great debacle of > >2006 > >> when Rapid7 showed off remote kernel exploitation of the nvidia > >> driver by webbrowser? http://kerneltrap.org/node/7228 should > >> refresh your memory. 40 million lost credit cards but at least > >> they put nvidia in their rightful place and have their > >priorities > >> in order. And speaking of security concerns and nvidia, why do > >you > >> think Microsoft didn't use nvidia in their trusted gaming > >platform > >> xbox360???? Everyone in our industry knows that nvidia is shit > >for > >> security, even their javascript sucks!!! > >> > >> > >> On Tue, 24 Mar 2009 14:45:46 -0400 Rubén Camarero > >> <[email protected]> wrote: > >> >If ATI and nVidia were web content developers, this may be a > >valid > >> >argument, > >> >but they are not. They are graphics vendors, hardware and > >> >software. Not to > >> >mention the fact that this isn't a "serious" issue. RFI is a > >> >serious issue, > >> >IMHO. > >> > > >> >On Tue, Mar 24, 2009 at 1:37 PM, <[email protected]> wrote: > >> > > >> >> -----BEGIN PGP SIGNED MESSAGE----- > >> >> Hash: SHA1 > >> >> > >> >> I have been saying for years that ATI is better than nvidia > >and > >> >> here is just one more reason! You don't see serious issues > >like > >> >> this with ATI's website. > >> >> > >> >> On Tue, 24 Mar 2009 10:13:21 -0400 Lorenzo Vogelsang > >> >> <[email protected]> wrote: > >> >> >Hi all, i'm new to the list. I'm an italian student who > >likes > >> >> >security > >> >> >topics in the I.C.T world.. > >> >> > > >> >> >Browsing the nVdia web sites, i have found a very basic Url > >> >> >redirection > >> >> >flaw. Infact when downloading a driver i get Urls like this: > >> >> > > >> >> > > >> >> > >> > >>>http://www.nvidia.com/content/DriverDownload/download_confirmatio > >n > >> >. > >> >> > >> > >>>asp?kw=&url=http://us.download.nvidia.com/Windows/179.48/179.48_n > >o > >> >t > >> >> >ebook_winxp_64bit_beta.exe > >> >> > > >> >> >and connecting to this another Url > >> >> > > >> >> > > >> >> > >> > >>>http://www.nvidia.com/content/DriverDownload/download_confirmatio > >n > >> >. > >> >> >asp?kw=&url=http://www.google.it > >> >> > > >> >> > > >> >> >will redirects succefully to www.google.it! (or other web > >site > >> >of > >> >> >your > >> >> >choice , or downloadble content..) > >> >> > > >> >> > > >> >> >Enjoy! > >> >> > > >> >> >Lorenzo Vogelsang. > >> >> -----BEGIN PGP SIGNATURE----- > >> >> Charset: UTF8 > >> >> Version: Hush 3.0 > >> >> Note: This signature can be verified at > >> >https://www.hushtools.com/verify > >> >> > >> >> > >> > >>wpwEAQMCAAYFAknJGmEACgkQfuF4tUz/X+KtEQP/fg36QI6yY9Hw6Q5eOsLUBGtPjg > >9 > >> >/ > >> >> > >> > >>kxEmlsVdQl23h92FU75bHiOHhDMo7nLMCbHH7HHZDMvEw05OCDBaOqTx54xyTHBayH > >4 > >> >s > >> >> > >> > >>xf4joU8LSrTOFrklgT7tGXr+AMIfi4ypgIXzRv6Gx0vD3EAKIR3KWL4qFtg/OahHkl > >7 > >> >q > >> >> jOiz888= > >> >> =2MOh > >> >> -----END PGP SIGNATURE----- > >> >> > >> >> -- > >> >> Can't pay your bills? Click here to learn about filing for > >> >bankruptcy. > >> >> > >> >> > >> > >>http://tagline.hushmail.com/fc/BLSrjkqhNChbdTZRNxLsL4IFkcZYo7APte6 > >M > >> >FdjI1xth2KPqL4lm3VupTlG/ > >> >> > >> >> _______________________________________________ > >> >> Full-Disclosure - We believe in it. > >> >> Charter: http://lists.grok.org.uk/full-disclosure- > >charter.html > >> >> Hosted and sponsored by Secunia - http://secunia.com/ > >> >> > >> > > >> > > >> > > >> >-- > >> >Rubén Camarero > >> >CCNA, CISSP > >> -----BEGIN PGP SIGNATURE----- > >> Charset: UTF8 > >> Version: Hush 3.0 > >> Note: This signature can be verified at > >https://www.hushtools.com/verify > >> > >> > >wpwEAQMCAAYFAknJMWoACgkQfuF4tUz/X+LbggP9GPddhDh3krXB3ieyORr5Yd2RdE6 > >l > >> > >foRgQOUAaXbnpxc+d2XFByNe8wAYHF+dheNou5cb0XBF99NmW4wt2uoR57/7PmSp6zd > >M > >> > >1bsBzocX6Kkpbl38bMf4ZG/OlEz7cqfNOGExPE5cicr2Y462fk/BAWfUWV6B82ieWz4 > >Z > >> BbBeab8= > >> =ZiqN > >> -----END PGP SIGNATURE----- > >> > >> -- > >> Click to compare and save on auto insurance. > >> > >> > >http://tagline.hushmail.com/fc/BLSrjkqePmfJGmpcWA2Xcaz2NXhk84bAM4Hx > >iigERihBJ2ZwE0pe0OeJOxS/ > >> > >> > > > > > >-- > >Rubén Camarero > >CCNA, CISSP > -----BEGIN PGP SIGNATURE----- > Charset: UTF8 > Note: This signature can be verified at https://www.hushtools.com/verify > Version: Hush 3.0 > > wpwEAQMCAAYFAknJNO4ACgkQfuF4tUz/X+JobQP/fKdv2DPbFGfAh8+N6GsdKO7ct1BP > 2h0sXd57nD6bKwOi8CiOZR3/fMjyl72R0xuS0Gtq8PhkX/mMo8GGaHw0h8DdHJ0DIAbj > kAY4Pc/oNXtRaO0UoCT0CJA04M9wIgdR0batMc9N0PHhI7Z041w7ycSohm9Q5u6UR9iB > R3X0sRc= > =ucxK > -----END PGP SIGNATURE----- > > -- > Click here for free information on how to reduce your debt by filing for > bankruptcy. > > http://tagline.hushmail.com/fc/BLSrjkqhNCha09Yyoll97un6Gs8mL19gd7D3JKfsHHWsIQfxfuSbfcMocNq/ > > -- Rubén Camarero CCNA, CISSP
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
