-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Are you even aware that you've been arguing with me? Perhaps we should move this discussion off-list, so we don't annoy the rest of the bugtrackers...
On Tue, 24 Mar 2009 15:34:32 -0400 Rubén Camarero <[email protected]> wrote: >I am only stating that the bug posted here isn't serious. I agree >with you >on the other issues, more or less anyways. > >On Tue, Mar 24, 2009 at 3:30 PM, <[email protected]> wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> nvidia has a poor track record with security. I'm citing two >> examples. One is on their website, and one is in their drivers. >> Can you cite anything they have done right? Your effective >arguing >> strategies makes you a top nominee for Gadi Evron's no-swearing >> event at defcon. >> >> On Tue, 24 Mar 2009 15:27:09 -0400 Rubén Camarero >> <[email protected]> wrote: >> >That example has nothing to do with this particular bug. Using >> >multiple >> >exclamation or question marks does not help your ineffective >> >argument, >> >either. >> > >> >On Tue, Mar 24, 2009 at 3:15 PM, <[email protected]> wrote: >> > >> >> -----BEGIN PGP SIGNED MESSAGE----- >> >> Hash: SHA1 >> >> >> >> With all due respect, my corned beef and sauerkraut smelling >> >> friend, I am simply pointing out that when it comes to >security >> >> nvidia is clueless. Do you not remember the great debacle of >> >2006 >> >> when Rapid7 showed off remote kernel exploitation of the >nvidia >> >> driver by webbrowser? http://kerneltrap.org/node/7228 should >> >> refresh your memory. 40 million lost credit cards but at >least >> >> they put nvidia in their rightful place and have their >> >priorities >> >> in order. And speaking of security concerns and nvidia, why >do >> >you >> >> think Microsoft didn't use nvidia in their trusted gaming >> >platform >> >> xbox360???? Everyone in our industry knows that nvidia is >shit >> >for >> >> security, even their javascript sucks!!! >> >> >> >> >> >> On Tue, 24 Mar 2009 14:45:46 -0400 Rubén Camarero >> >> <[email protected]> wrote: >> >> >If ATI and nVidia were web content developers, this may be a >> >valid >> >> >argument, >> >> >but they are not. They are graphics vendors, hardware and >> >> >software. Not to >> >> >mention the fact that this isn't a "serious" issue. RFI is a >> >> >serious issue, >> >> >IMHO. >> >> > >> >> >On Tue, Mar 24, 2009 at 1:37 PM, <[email protected]> >wrote: >> >> > >> >> >> -----BEGIN PGP SIGNED MESSAGE----- >> >> >> Hash: SHA1 >> >> >> >> >> >> I have been saying for years that ATI is better than >nvidia >> >and >> >> >> here is just one more reason! You don't see serious >issues >> >like >> >> >> this with ATI's website. >> >> >> >> >> >> On Tue, 24 Mar 2009 10:13:21 -0400 Lorenzo Vogelsang >> >> >> <[email protected]> wrote: >> >> >> >Hi all, i'm new to the list. I'm an italian student who >> >likes >> >> >> >security >> >> >> >topics in the I.C.T world.. >> >> >> > >> >> >> >Browsing the nVdia web sites, i have found a very basic >Url >> >> >> >redirection >> >> >> >flaw. Infact when downloading a driver i get Urls like >this: >> >> >> > >> >> >> > >> >> >> >> >> >> >>>>http://www.nvidia.com/content/DriverDownload/download_confirmati >o >> >n >> >> >. >> >> >> >> >> >> >>>>asp?kw=&url=http://us.download.nvidia.com/Windows/179.48/179.48_ >n >> >o >> >> >t >> >> >> >ebook_winxp_64bit_beta.exe >> >> >> > >> >> >> >and connecting to this another Url >> >> >> > >> >> >> > >> >> >> >> >> >> >>>>http://www.nvidia.com/content/DriverDownload/download_confirmati >o >> >n >> >> >. >> >> >> >asp?kw=&url=http://www.google.it >> >> >> > >> >> >> > >> >> >> >will redirects succefully to www.google.it! (or other web >> >site >> >> >of >> >> >> >your >> >> >> >choice , or downloadble content..) >> >> >> > >> >> >> > >> >> >> >Enjoy! >> >> >> > >> >> >> >Lorenzo Vogelsang. >> >> >> -----BEGIN PGP SIGNATURE----- >> >> >> Charset: UTF8 >> >> >> Version: Hush 3.0 >> >> >> Note: This signature can be verified at >> >> >https://www.hushtools.com/verify >> >> >> >> >> >> >> >> >> >>>wpwEAQMCAAYFAknJGmEACgkQfuF4tUz/X+KtEQP/fg36QI6yY9Hw6Q5eOsLUBGtPj >g >> >9 >> >> >/ >> >> >> >> >> >> >>>kxEmlsVdQl23h92FU75bHiOHhDMo7nLMCbHH7HHZDMvEw05OCDBaOqTx54xyTHBay >H >> >4 >> >> >s >> >> >> >> >> >> >>>xf4joU8LSrTOFrklgT7tGXr+AMIfi4ypgIXzRv6Gx0vD3EAKIR3KWL4qFtg/OahHk >l >> >7 >> >> >q >> >> >> jOiz888= >> >> >> =2MOh >> >> >> -----END PGP SIGNATURE----- >> >> >> >> >> >> -- >> >> >> Can't pay your bills? Click here to learn about filing >for >> >> >bankruptcy. >> >> >> >> >> >> >> >> >> >>>http://tagline.hushmail.com/fc/BLSrjkqhNChbdTZRNxLsL4IFkcZYo7APte >6 >> >M >> >> >FdjI1xth2KPqL4lm3VupTlG/ >> >> >> >> >> >> _______________________________________________ >> >> >> Full-Disclosure - We believe in it. >> >> >> Charter: http://lists.grok.org.uk/full-disclosure- >> >charter.html >> >> >> Hosted and sponsored by Secunia - http://secunia.com/ >> >> >> >> >> > >> >> > >> >> > >> >> >-- >> >> >Rubén Camarero >> >> >CCNA, CISSP >> >> -----BEGIN PGP SIGNATURE----- >> >> Charset: UTF8 >> >> Version: Hush 3.0 >> >> Note: This signature can be verified at >> >https://www.hushtools.com/verify >> >> >> >> >> >>wpwEAQMCAAYFAknJMWoACgkQfuF4tUz/X+LbggP9GPddhDh3krXB3ieyORr5Yd2RdE >6 >> >l >> >> >> >>foRgQOUAaXbnpxc+d2XFByNe8wAYHF+dheNou5cb0XBF99NmW4wt2uoR57/7PmSp6z >d >> >M >> >> >> >>1bsBzocX6Kkpbl38bMf4ZG/OlEz7cqfNOGExPE5cicr2Y462fk/BAWfUWV6B82ieWz >4 >> >Z >> >> BbBeab8= >> >> =ZiqN >> >> -----END PGP SIGNATURE----- >> >> >> >> -- >> >> Click to compare and save on auto insurance. >> >> >> >> >> >>http://tagline.hushmail.com/fc/BLSrjkqePmfJGmpcWA2Xcaz2NXhk84bAM4H >x >> >iigERihBJ2ZwE0pe0OeJOxS/ >> >> >> >> >> > >> > >> >-- >> >Rubén Camarero >> >CCNA, CISSP >> -----BEGIN PGP SIGNATURE----- >> Charset: UTF8 >> Note: This signature can be verified at >https://www.hushtools.com/verify >> Version: Hush 3.0 >> >> >wpwEAQMCAAYFAknJNO4ACgkQfuF4tUz/X+JobQP/fKdv2DPbFGfAh8+N6GsdKO7ct1B >P >> >2h0sXd57nD6bKwOi8CiOZR3/fMjyl72R0xuS0Gtq8PhkX/mMo8GGaHw0h8DdHJ0DIAb >j >> >kAY4Pc/oNXtRaO0UoCT0CJA04M9wIgdR0batMc9N0PHhI7Z041w7ycSohm9Q5u6UR9i >B >> R3X0sRc= >> =ucxK >> -----END PGP SIGNATURE----- >> >> -- >> Click here for free information on how to reduce your debt by >filing for >> bankruptcy. >> >> >http://tagline.hushmail.com/fc/BLSrjkqhNCha09Yyoll97un6Gs8mL19gd7D3 >JKfsHHWsIQfxfuSbfcMocNq/ >> >> > > >-- >Rubén Camarero >CCNA, CISSP -----BEGIN PGP SIGNATURE----- Charset: UTF8 Version: Hush 3.0 Note: This signature can be verified at https://www.hushtools.com/verify wpwEAQMCAAYFAknJNwcACgkQfuF4tUz/X+IVsQP9HDa6vSSub9nXDYpiBgz1grUqoYbD nVd0ee3CSbBzArov2PK6abL0aNgR4SfDj//dlq+AzUZJz02yCR61+ysv8U7uSUrRmdjD rXjQl21C5vWMAe9FErKxEJFqit5bNhT6NBC0aHftxDnhOiK5VxmrvwiJd9s2VMXp0ob4 xSpn07c= =4By0 -----END PGP SIGNATURE----- -- Always a good call. Click now to establish your local phone service! http://tagline.hushmail.com/fc/BLSrjkqdEiol285IZBaWZwNaaLYjM2ZwrmuXbeUGsMm8hJItZk3LssTfv6A/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
