Helol n3td3v -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of [email protected] Sent: 25. marts 2009 15:08 To: [email protected]; [email protected] Subject: Re: [Full-disclosure] nVidia.com [Url Redirection flaw]
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Look, this security mailing list is about computer security issues and not meant to be your video gaming blog Also you are confusing the issues of hardware and the drivers and other softwares that interact with them, but that is beside the point!!!!!! We are attempting to discuss serious computer security issues such as XSS, XSRF, url misguidance attacks, and remote kernel driver exploitation by way of internet exploration interfaces. No one on this list cares about which videocard you prefer for your Rapelay gameplay, and further this simply isn't the place to talk about that sort of thing. On Wed, 25 Mar 2009 05:21:40 -0400 Michal <[email protected]> wrote: >I'd like to quickly jump on this bandwagon, backing up what someone >said about nVidia being a driver company not a website company; nVidia >drivers are far FAR better then ATI. Mentioned is the security, yes ok, >but in terms of putting ATI and nVidia drivers side by side, nVidia >win, hands down. I mean I've played games with ATI cards where you >could see through a wall...it's a wall hack without even wanting one! > >-----Original Message----- >From: [email protected] >[mailto:[email protected]] On Behalf Of >[email protected] >Sent: 24 March 2009 17:38 >To: [email protected]; [email protected] >Subject: Re: [Full-disclosure] nVidia.com [Url Redirection flaw] > >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >I have been saying for years that ATI is better than nvidia and here is >just one more reason! You don't see serious issues like this with >ATI's website. > >On Tue, 24 Mar 2009 10:13:21 -0400 Lorenzo Vogelsang ><[email protected]> wrote: >>Hi all, i'm new to the list. I'm an italian student who likes security >>topics in the I.C.T world.. >> >>Browsing the nVdia web sites, i have found a very basic Url >>redirection flaw. Infact when downloading a driver i get Urls like >>this: >> >> >>http://www.nvidia.com/content/DriverDownload/download_confirmation >. >>asp?kw=&url=http://us.download.nvidia.com/Windows/179.48/179.48_no >t >>ebook_winxp_64bit_beta.exe >> >>and connecting to this another Url >> >> >>http://www.nvidia.com/content/DriverDownload/download_confirmation >. >>asp?kw=&url=http://www.google.it >> >> >>will redirects succefully to www.google.it! (or other web site of your >>choice , or downloadble content..) >> >> >>Enjoy! >> >>Lorenzo Vogelsang. >-----BEGIN PGP SIGNATURE----- >Charset: UTF8 >Version: Hush 3.0 >Note: This signature can be verified at >https://www.hushtools.com/verify > >wpwEAQMCAAYFAknJGmEACgkQfuF4tUz/X+KtEQP/fg36QI6yY9Hw6Q5eOsLUBGtPjg9 >/ >kxEmlsVdQl23h92FU75bHiOHhDMo7nLMCbHH7HHZDMvEw05OCDBaOqTx54xyTHBayH4 >s >xf4joU8LSrTOFrklgT7tGXr+AMIfi4ypgIXzRv6Gx0vD3EAKIR3KWL4qFtg/OahHkl7 >q >jOiz888= >=2MOh >-----END PGP SIGNATURE----- > >-- >Can't pay your bills? Click here to learn about filing for bankruptcy. > >http://tagline.hushmail.com/fc/BLSrjkqhNChbdTZRNxLsL4IFkcZYo7APte6M >FdjI1xth2 >KPqL4lm3VupTlG/ > >_______________________________________________ >Full-Disclosure - We believe in it. >Charter: http://lists.grok.org.uk/full-disclosure-charter.html >Hosted and sponsored by Secunia - http://secunia.com/ > >_______________________________________________ >Full-Disclosure - We believe in it. >Charter: http://lists.grok.org.uk/full-disclosure-charter.html >Hosted and sponsored by Secunia - http://secunia.com/ -----BEGIN PGP SIGNATURE----- Charset: UTF8 Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 3.0 wpwEAQMCAAYFAknKOq8ACgkQfuF4tUz/X+LiswP/SpNszHDxCxHdRLNXEZ9PyudFf6tG sD4FTWqYFJWhM5PZcZSPC7djUddE/nCuZPNv76C08Qmv+6BS4JRmtHAm3tubm4w/koG3 MoKLDxszZNKUynh7DXYc4egF63hGgaGLSeDcpI7QFL20lVdRJMUcWhvyPtuA3TdZJql8 PRQzuNQ= =ReEr -----END PGP SIGNATURE----- -- Click to get kitchen cabinets at affordable prices. http://tagline.hushmail.com/fc/BLSrjkqfY0nblyRlNkQ1SnY8628jlkeW1MTprowPL wxdTGFmbz8gxD0kAhC/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
