Full Disclosure mailing list archives

Re: Fwd: nVidia.com [Url Redirection flaw]

From: mac.user () mac hush com
Date: Thu, 26 Mar 2009 12:32:58 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Peter, there is no reason to insult this aspiring young computer
scientist and his endeavours to fully disclose information security
errata.  Calling him stupid for citing an industry acclaimed source
makes you nothing but arrogant and uneducated.  :)

On Wed, 25 Mar 2009 18:13:53 -0400 Pete Licoln
<pete.licoln () gmail com> wrote:

2009/3/25 Lorenzo Vogelsang <vogelsang.lorenzo () gmail com>

Neverthless i think that the open redirect vulnerabilty it's

serious,

because "This vulnerability is used in phishing attacks to get

users to

visit malicious sites without realizing it." (
http://www.owasp.org/index.php/Open_redirect)


Well that's actually false, because the person who WANTS to
hijack/Phish
someone who TRUST nvdia via this "flaw" need first to control this
website
..Or trick a very very dummy person, it's almost the same as if
you say "
wow you  can do phishing with the ADDTHIS service " only because
the "from
field" can be controlled, without looking at :
The subject :  Link shared by  **spoofer**
The message body : " this spoofed_emailer recommands you to see
this link
,[Message sent by spoofer () bla site via AddThis.com. Please note
that the
sender's email address has not been verified.]
Cant do nothing about  that, if you're enough  silly to believe in
such
credibility, an A-V software wont help you too.

-----BEGIN PGP SIGNATURE-----
Charset: UTF8
Version: Hush 3.0
Note: This signature can be verified at https://www.hushtools.com/verify

wpwEAQMCAAYFAknLrjoACgkQfuF4tUz/X+Is1gP/b1A/LQzqlN7v5ZaJrwbighrftdr4
urDVAwO1ysbr0aU2HdDnhPqWwsWlt16U1MVX99XmGSpAFgzUshegVIdanhVl5Mv8g0er
6RqP+8SKf/u39G3JzmNoPMxEpRuHb+fieVobjR8e+Kx7wNRXepSiM6UH0esEgFD1+wCE
Q9L4g28=
=EuTW
-----END PGP SIGNATURE-----

--
Click here to explore the best options for affordable internet service!
 http://tagline.hushmail.com/fc/BLSrjkqe0S2VnPNeHqWP5ERMNKhjOcFtyfEK99ikZDua4MB7zNm5kCsjiKk/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Re: nVidia.com [Url Redirection flaw], (continued)
- Re: nVidia.com [Url Redirection flaw] mac . user (Mar 25)
  - Re: nVidia.com [Url Redirection flaw] Anders Klixbull (Mar 25)
- Re: nVidia.com [Url Redirection flaw] mac . user (Mar 25)
  - Re: nVidia.com [Url Redirection flaw] Anders Klixbull (Mar 25)
- Re: nVidia.com [Url Redirection flaw] mac . user (Mar 25)
  - Fwd: nVidia.com [Url Redirection flaw] Lorenzo Vogelsang (Mar 25)
    - Re: Fwd: nVidia.com [Url Redirection flaw] Jeremy Brown (Mar 25)
    - Re: Fwd: nVidia.com [Url Redirection flaw] Pete Licoln (Mar 25)
- Re: Fwd: nVidia.com [Url Redirection flaw] mac . user (Mar 26)
  - Fwd: Fwd: nVidia.com [Url Redirection flaw] Lorenzo Vogelsang (Mar 26)
- Re: Fwd: nVidia.com [Url Redirection flaw] mac . user (Mar 26)
  - Re: Fwd: nVidia.com [Url Redirection flaw] Pete Licoln (Mar 26)
- Re: nVidia.com [Url Redirection flaw] mac . user (Mar 26)
  - Re: nVidia.com [Url Redirection flaw] Rubén Camarero (Mar 26)
    - Re: nVidia.com [Url Redirection flaw] Pete Licoln (Mar 26)
- Re: nVidia.com [Url Redirection flaw] mac . user (Mar 26)