2009/3/25 Lorenzo Vogelsang <[email protected]> > Neverthless i think that the open redirect vulnerabilty it's serious, > because "This vulnerability is used in phishing attacks to get users to > visit malicious sites without realizing it." ( > http://www.owasp.org/index.php/Open_redirect)
Well that's actually false, because the person who WANTS to hijack/Phish someone who TRUST nvdia via this "flaw" need first to control this website ..Or trick a very very dummy person, it's almost the same as if you say " wow you can do phishing with the ADDTHIS service " only because the "from field" can be controlled, without looking at : The subject : Link shared by **spoofer** The message body : " this spoofed_emailer recommands you to see this link ,[Message sent by [email protected] via AddThis.com. Please note that the sender's email address has not been verified.] Cant do nothing about that, if you're enough silly to believe in such credibility, an A-V software wont help you too.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
