[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Fwd: nVidia.com [Url Redirection flaw]

To: full-disclosure@xxxxxxxxxxxxxxxxx, pete.licoln@xxxxxxxxx
Subject: Re: [Full-disclosure] Fwd: nVidia.com [Url Redirection flaw]
From: mac.user@xxxxxxxxxxxx
Date: Thu, 26 Mar 2009 12:32:58 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Peter, there is no reason to insult this aspiring young computer
scientist and his endeavours to fully disclose information security
errata.  Calling him stupid for citing an industry acclaimed source
makes you nothing but arrogant and uneducated.  :)

On Wed, 25 Mar 2009 18:13:53 -0400 Pete Licoln
<pete.licoln@xxxxxxxxx> wrote:
>2009/3/25 Lorenzo Vogelsang <vogelsang.lorenzo@xxxxxxxxx>
>
>> Neverthless i think that the open redirect vulnerabilty it's
>serious,
>> because "This vulnerability is used in phishing attacks to get
>users to
>> visit malicious sites without realizing it." (
>> http://www.owasp.org/index.php/Open_redirect)
>
>Well that's actually false, because the person who WANTS to
>hijack/Phish
>someone who TRUST nvdia via this "flaw" need first to control this
>website
>..Or trick a very very dummy person, it's almost the same as if
>you say "
>wow you  can do phishing with the ADDTHIS service " only because
>the "from
>field" can be controlled, without looking at :
>The subject :  Link shared by  **spoofer**
>The message body : " this spoofed_emailer recommands you to see
>this link
>,[Message sent by spoofer@xxxxxxxx via AddThis.com. Please note
>that the
>sender's email address has not been verified.]
>Cant do nothing about  that, if you're enough  silly to believe in
>such
>credibility, an A-V software wont help you too.
-----BEGIN PGP SIGNATURE-----
Charset: UTF8
Version: Hush 3.0
Note: This signature can be verified at https://www.hushtools.com/verify

wpwEAQMCAAYFAknLrjoACgkQfuF4tUz/X+Is1gP/b1A/LQzqlN7v5ZaJrwbighrftdr4
urDVAwO1ysbr0aU2HdDnhPqWwsWlt16U1MVX99XmGSpAFgzUshegVIdanhVl5Mv8g0er
6RqP+8SKf/u39G3JzmNoPMxEpRuHb+fieVobjR8e+Kx7wNRXepSiM6UH0esEgFD1+wCE
Q9L4g28=
=EuTW
-----END PGP SIGNATURE-----

--
Click here to explore the best options for affordable internet service!
 
http://tagline.hushmail.com/fc/BLSrjkqe0S2VnPNeHqWP5ERMNKhjOcFtyfEK99ikZDua4MB7zNm5kCsjiKk/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Fwd: nVidia.com [Url Redirection flaw]
  - From: Pete Licoln

Prev by Date: Re: [Full-disclosure] Fwd: nVidia.com [Url Redirection flaw]
Next by Date: Re: [Full-disclosure] nVidia.com [Url Redirection flaw]
Previous by thread: [Full-disclosure] Fwd: Fwd: nVidia.com [Url Redirection flaw]
Next by thread: Re: [Full-disclosure] Fwd: nVidia.com [Url Redirection flaw]
Index(es):
- Date
- Thread