Full Disclosure: Re: nVidia.com [Url Redirection flaw]

Re: nVidia.com [Url Redirection flaw]

From: mac.user () mac hush com
Date: Wed, 25 Mar 2009 13:20:21 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

What is this field you brag experience in?  Independent
Professional Open URL Redirection Vulnerability Reporting?  Can you
cite any of these statistics you're talking about because to be
quite honest we think you're making this up, along with everything
else.  Linking to some actual statistics will improve your full-
disclosure credibility greatly.  How did you determine the 50/50
probability or is that just based up on made-up numbers as well?  I
thought Len Rose removed all the trolls from this list, why are you
still here?

On Wed, 25 Mar 2009 12:00:27 -0400 Valdis.Kletnieks () vt edu wrote:

On Wed, 25 Mar 2009 15:21:42 BST, Lorenzo Vogelsang said:

Despite i've told to nvidia only the "url redirection"  flaw i

think

that, if "url redirection" will be solved all the xss inherently
vulnerabilites will be solved too.


Actual experience in the field has shown that in general, if you
report a URL
redirection issue to the maintainers of a website, a large
percentage of the
time they will *only* fix the problem with URL redirection, unless
you make it
clear to them *and they understand* that the URL redirection is
only one
symptom of a larger XSS issue.

I'll give it a 50-50 chance that somebody will get to send NVidia
an email
saying "Good, you fixed the URL problem.  Now about that XSS...."

-----BEGIN PGP SIGNATURE-----
Charset: UTF8
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 3.0

wpwEAQMCAAYFAknKZ9UACgkQfuF4tUz/X+KD3AP/YbCrOIuw+C0zZrAHFz4MIC4QPzpc
8RAGpJsO47ZO43C+1O2wBpj1hnNT+28C+ehawqruDEPpm5S+xIFjJ2il0LkFA9tbejUe
mV7jJP9ijFQIZs8dLHZZ+pECuhhC+Pkp/OBKMA9fPvKnzl69ifK9lHXy7aHWx1fCAU75
LGrZ7CI=
=TZMS
-----END PGP SIGNATURE-----

--
Need cash? Click to get a loan.
 http://tagline.hushmail.com/fc/BLSrjkqa48CQ27RzQ6TwH8cwK1sGaQlNM8reC47PP9IvV7OIjSJNfpAH8VS/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

By Date By Thread

Current thread:

Re: nVidia.com [Url Redirection flaw], (continued)
- Re: nVidia.com [Url Redirection flaw] mac . user (Mar 24)
  - Re: nVidia.com [Url Redirection flaw] Rubén Camarero (Mar 24)
- Re: nVidia.com [Url Redirection flaw] mac . user (Mar 24)
  - Re: nVidia.com [Url Redirection flaw] Rubén Camarero (Mar 24)
- Re: nVidia.com [Url Redirection flaw] mac . user (Mar 24)
- Re: nVidia.com [Url Redirection flaw] mac . user (Mar 25)
  - Re: nVidia.com [Url Redirection flaw] Anders Klixbull (Mar 25)
- Re: nVidia.com [Url Redirection flaw] mac . user (Mar 25)
  - Re: nVidia.com [Url Redirection flaw] Anders Klixbull (Mar 25)
- Re: nVidia.com [Url Redirection flaw] mac . user (Mar 25)
  - Fwd: nVidia.com [Url Redirection flaw] Lorenzo Vogelsang (Mar 25)
    - Re: Fwd: nVidia.com [Url Redirection flaw] Jeremy Brown (Mar 25)
    - Re: Fwd: nVidia.com [Url Redirection flaw] Pete Licoln (Mar 25)
- Re: Fwd: nVidia.com [Url Redirection flaw] mac . user (Mar 26)
  - Fwd: Fwd: nVidia.com [Url Redirection flaw] Lorenzo Vogelsang (Mar 26)
- Re: Fwd: nVidia.com [Url Redirection flaw] mac . user (Mar 26)
  - Re: Fwd: nVidia.com [Url Redirection flaw] Pete Licoln (Mar 26)
- Re: nVidia.com [Url Redirection flaw] mac . user (Mar 26)
  - Re: nVidia.com [Url Redirection flaw] Rubén Camarero (Mar 26)
    - Re: nVidia.com [Url Redirection flaw] Pete Licoln (Mar 26)
(Thread continues...)