Perhaps. On Tue, Mar 24, 2009 at 3:39 PM, <[email protected]> wrote:
> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Are you even aware that you've been arguing with me? Perhaps we > should move this discussion off-list, so we don't annoy the rest of > the bugtrackers... > > On Tue, 24 Mar 2009 15:34:32 -0400 Rubén Camarero > <[email protected]> wrote: > >I am only stating that the bug posted here isn't serious. I agree > >with you > >on the other issues, more or less anyways. > > > >On Tue, Mar 24, 2009 at 3:30 PM, <[email protected]> wrote: > > > >> -----BEGIN PGP SIGNED MESSAGE----- > >> Hash: SHA1 > >> > >> nvidia has a poor track record with security. I'm citing two > >> examples. One is on their website, and one is in their drivers. > >> Can you cite anything they have done right? Your effective > >arguing > >> strategies makes you a top nominee for Gadi Evron's no-swearing > >> event at defcon. > >> > >> On Tue, 24 Mar 2009 15:27:09 -0400 Rubén Camarero > >> <[email protected]> wrote: > >> >That example has nothing to do with this particular bug. Using > >> >multiple > >> >exclamation or question marks does not help your ineffective > >> >argument, > >> >either. > >> > > >> >On Tue, Mar 24, 2009 at 3:15 PM, <[email protected]> wrote: > >> > > >> >> -----BEGIN PGP SIGNED MESSAGE----- > >> >> Hash: SHA1 > >> >> > >> >> With all due respect, my corned beef and sauerkraut smelling > >> >> friend, I am simply pointing out that when it comes to > >security > >> >> nvidia is clueless. Do you not remember the great debacle of > >> >2006 > >> >> when Rapid7 showed off remote kernel exploitation of the > >nvidia > >> >> driver by webbrowser? http://kerneltrap.org/node/7228 should > >> >> refresh your memory. 40 million lost credit cards but at > >least > >> >> they put nvidia in their rightful place and have their > >> >priorities > >> >> in order. And speaking of security concerns and nvidia, why > >do > >> >you > >> >> think Microsoft didn't use nvidia in their trusted gaming > >> >platform > >> >> xbox360???? Everyone in our industry knows that nvidia is > >shit > >> >for > >> >> security, even their javascript sucks!!! > >> >> > >> >> > >> >> On Tue, 24 Mar 2009 14:45:46 -0400 Rubén Camarero > >> >> <[email protected]> wrote: > >> >> >If ATI and nVidia were web content developers, this may be a > >> >valid > >> >> >argument, > >> >> >but they are not. They are graphics vendors, hardware and > >> >> >software. Not to > >> >> >mention the fact that this isn't a "serious" issue. RFI is a > >> >> >serious issue, > >> >> >IMHO. > >> >> > > >> >> >On Tue, Mar 24, 2009 at 1:37 PM, <[email protected]> > >wrote: > >> >> > > >> >> >> -----BEGIN PGP SIGNED MESSAGE----- > >> >> >> Hash: SHA1 > >> >> >> > >> >> >> I have been saying for years that ATI is better than > >nvidia > >> >and > >> >> >> here is just one more reason! You don't see serious > >issues > >> >like > >> >> >> this with ATI's website. > >> >> >> > >> >> >> On Tue, 24 Mar 2009 10:13:21 -0400 Lorenzo Vogelsang > >> >> >> <[email protected]> wrote: > >> >> >> >Hi all, i'm new to the list. I'm an italian student who > >> >likes > >> >> >> >security > >> >> >> >topics in the I.C.T world.. > >> >> >> > > >> >> >> >Browsing the nVdia web sites, i have found a very basic > >Url > >> >> >> >redirection > >> >> >> >flaw. Infact when downloading a driver i get Urls like > >this: > >> >> >> > > >> >> >> > > >> >> >> > >> >> > >> > >>>>http://www.nvidia.com/content/DriverDownload/download_confirmati > >o > >> >n > >> >> >. > >> >> >> > >> >> > >> > >>>>asp?kw=&url=http://us.download.nvidia.com/Windows/179.48/179.48_ > >n > >> >o > >> >> >t > >> >> >> >ebook_winxp_64bit_beta.exe > >> >> >> > > >> >> >> >and connecting to this another Url > >> >> >> > > >> >> >> > > >> >> >> > >> >> > >> > >>>>http://www.nvidia.com/content/DriverDownload/download_confirmati > >o > >> >n > >> >> >. > >> >> >> >asp?kw=&url=http://www.google.it > >> >> >> > > >> >> >> > > >> >> >> >will redirects succefully to www.google.it! (or other web > >> >site > >> >> >of > >> >> >> >your > >> >> >> >choice , or downloadble content..) > >> >> >> > > >> >> >> > > >> >> >> >Enjoy! > >> >> >> > > >> >> >> >Lorenzo Vogelsang. > >> >> >> -----BEGIN PGP SIGNATURE----- > >> >> >> Charset: UTF8 > >> >> >> Version: Hush 3.0 > >> >> >> Note: This signature can be verified at > >> >> >https://www.hushtools.com/verify > >> >> >> > >> >> >> > >> >> > >> > >>>wpwEAQMCAAYFAknJGmEACgkQfuF4tUz/X+KtEQP/fg36QI6yY9Hw6Q5eOsLUBGtPj > >g > >> >9 > >> >> >/ > >> >> >> > >> >> > >> > >>>kxEmlsVdQl23h92FU75bHiOHhDMo7nLMCbHH7HHZDMvEw05OCDBaOqTx54xyTHBay > >H > >> >4 > >> >> >s > >> >> >> > >> >> > >> > >>>xf4joU8LSrTOFrklgT7tGXr+AMIfi4ypgIXzRv6Gx0vD3EAKIR3KWL4qFtg/OahHk > >l > >> >7 > >> >> >q > >> >> >> jOiz888= > >> >> >> =2MOh > >> >> >> -----END PGP SIGNATURE----- > >> >> >> > >> >> >> -- > >> >> >> Can't pay your bills? Click here to learn about filing > >for > >> >> >bankruptcy. > >> >> >> > >> >> >> > >> >> > >> > >>>http://tagline.hushmail.com/fc/BLSrjkqhNChbdTZRNxLsL4IFkcZYo7APte > >6 > >> >M > >> >> >FdjI1xth2KPqL4lm3VupTlG/ > >> >> >> > >> >> >> _______________________________________________ > >> >> >> Full-Disclosure - We believe in it. > >> >> >> Charter: http://lists.grok.org.uk/full-disclosure- > >> >charter.html > >> >> >> Hosted and sponsored by Secunia - http://secunia.com/ > >> >> >> > >> >> > > >> >> > > >> >> > > >> >> >-- > >> >> >Rubén Camarero > >> >> >CCNA, CISSP > >> >> -----BEGIN PGP SIGNATURE----- > >> >> Charset: UTF8 > >> >> Version: Hush 3.0 > >> >> Note: This signature can be verified at > >> >https://www.hushtools.com/verify > >> >> > >> >> > >> > >>wpwEAQMCAAYFAknJMWoACgkQfuF4tUz/X+LbggP9GPddhDh3krXB3ieyORr5Yd2RdE > >6 > >> >l > >> >> > >> > >>foRgQOUAaXbnpxc+d2XFByNe8wAYHF+dheNou5cb0XBF99NmW4wt2uoR57/7PmSp6z > >d > >> >M > >> >> > >> > >>1bsBzocX6Kkpbl38bMf4ZG/OlEz7cqfNOGExPE5cicr2Y462fk/BAWfUWV6B82ieWz > >4 > >> >Z > >> >> BbBeab8= > >> >> =ZiqN > >> >> -----END PGP SIGNATURE----- > >> >> > >> >> -- > >> >> Click to compare and save on auto insurance. > >> >> > >> >> > >> > >>http://tagline.hushmail.com/fc/BLSrjkqePmfJGmpcWA2Xcaz2NXhk84bAM4H > >x > >> >iigERihBJ2ZwE0pe0OeJOxS/ > >> >> > >> >> > >> > > >> > > >> >-- > >> >Rubén Camarero > >> >CCNA, CISSP > >> -----BEGIN PGP SIGNATURE----- > >> Charset: UTF8 > >> Note: This signature can be verified at > >https://www.hushtools.com/verify > >> Version: Hush 3.0 > >> > >> > >wpwEAQMCAAYFAknJNO4ACgkQfuF4tUz/X+JobQP/fKdv2DPbFGfAh8+N6GsdKO7ct1B > >P > >> > >2h0sXd57nD6bKwOi8CiOZR3/fMjyl72R0xuS0Gtq8PhkX/mMo8GGaHw0h8DdHJ0DIAb > >j > >> > >kAY4Pc/oNXtRaO0UoCT0CJA04M9wIgdR0batMc9N0PHhI7Z041w7ycSohm9Q5u6UR9i > >B > >> R3X0sRc= > >> =ucxK > >> -----END PGP SIGNATURE----- > >> > >> -- > >> Click here for free information on how to reduce your debt by > >filing for > >> bankruptcy. > >> > >> > >http://tagline.hushmail.com/fc/BLSrjkqhNCha09Yyoll97un6Gs8mL19gd7D3 > >JKfsHHWsIQfxfuSbfcMocNq/ > >> > >> > > > > > >-- > >Rubén Camarero > >CCNA, CISSP > -----BEGIN PGP SIGNATURE----- > Charset: UTF8 > Version: Hush 3.0 > Note: This signature can be verified at https://www.hushtools.com/verify > > wpwEAQMCAAYFAknJNwcACgkQfuF4tUz/X+IVsQP9HDa6vSSub9nXDYpiBgz1grUqoYbD > nVd0ee3CSbBzArov2PK6abL0aNgR4SfDj//dlq+AzUZJz02yCR61+ysv8U7uSUrRmdjD > rXjQl21C5vWMAe9FErKxEJFqit5bNhT6NBC0aHftxDnhOiK5VxmrvwiJd9s2VMXp0ob4 > xSpn07c= > =4By0 > -----END PGP SIGNATURE----- > > -- > Looking for insurance? Click to compare and save big. > > http://tagline.hushmail.com/fc/BLSrjkqeRJSlzyuuSygReQTvYYxFkBk62kTejAkm3iyoX0vxnOgDXtb7ISM/ > > -- Rubén Camarero CCNA, CISSP
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
