| ActiveMac | Anonymous | Create a User | Reviews | News | Forums | Advertise |
|
|
|
User Controls |
|
New User |
|
Login |
|
Edit/View My Profile |
|
|
|
|
|
|
|
ActiveMac |
|
Articles |
|
Forums |
|
Links |
|
News |
|
News Search |
|
Reviews |
|
|
|
|
|
|
|
News Centers |
|
Windows/Microsoft |
|
DVD |
|
ActiveHardware |
|
Xbox |
|
MaINTosh |
|
News Search |
|
|
|
|
|
|
|
ANet Chats |
|
The Lobby |
|
Special Events Room |
|
Developer's Lounge |
|
XBox Chat |
|
|
|
|
|
|
|
FAQ's |
|
Windows 98/98 SE |
|
Windows 2000 |
|
Windows Me |
|
Windows "Whistler" XP |
|
Windows CE |
|
Internet Explorer 6 |
|
Internet Explorer 5 |
|
Xbox |
|
DirectX |
|
DVD's |
|
|
|
|
|
|
|
TopTechTips |
|
Registry Tips |
|
Windows 95/98 |
|
Windows 2000 |
|
Internet Explorer 4 |
|
Internet Explorer 5 |
|
Windows NT Tips |
|
Program Tips |
|
Easter Eggs |
|
Hardware |
|
DVD |
|
|
|
|
|
|
|
Latest Reviews |
|
Applications |
|
Microsoft Windows XP Professional |
|
Norton SystemWorks 2002 |
|
|
|
Hardware |
|
Intel Personal Audio Player 3000 |
|
Microsoft Wireless IntelliMouse Explorer |
|
|
|
|
|
|
|
Site News/Info |
|
About This Site |
|
Affiliates |
|
ANet Forums |
|
Contact Us |
|
Default Home Page |
|
Link To Us |
|
Links |
|
Member Pages |
|
Site Search |
|
Awards |
|
|
|
|
|
|
|
Credits |
 |
Mozilla Duped by Hacker's 'Humorous' Presentation | |
|
||
| Time: 13:47 EST/18:47 GMT | News Source: PC World | Posted By: Robert Stein | ||
|
One of the hackers who demonstrated exploit code for a vulnerability in the way the Firefox browser handles JavaScript admitted today that the presentation last week at a hacker conference was meant to be a joke, according to Mozilla's chief of security. Mozilla security researchers spent most of Sunday and Monday scrambling to determine whether exploit code revealed during a presentation by hackers Mischa Spiegelmock and Andrew Wbeelsoi at Toorcon over the weekend could allow someone to execute malicious code through a memory corruption attack on Firefox. | ||
|
Write Comment
Return to News |
Displaying 1 through 25 of 216 Last | Next |
The time now is
10:52:36 AM
ET.
Any comment problems? E-mail us |
| #1 By 37047 (216.191.227.68) at 10/5/2006 2:38:21 PM |
|
This proves that Firefox is solid, and IE is crap, because security professionals have to make stuff up and pretend there are flaws in Firefox, just to have something different to present at a hacker conference than the usual IE exploits of the day. The whole thing was a complete and utter hoax.
I will acknowledge that there is a minor flaw there in the Javascript processing code that will cause Firefox itself to crash, but there is no known "own your box" or "code execution" exploit with this bug. |
| #2 By 32132 (142.32.208.238) at 10/5/2006 3:15:26 PM |
|
"Anderson added that Spiegelmock will not be terminated for his actions."
Now that he has agreed to pretend this was a "joke". Apple did the same thing a few months ago. Denied the exploit exists. Threatened the company until they shut the employee up. Then a week ago Apple released patches for the "non-existant" exploit. http://blogs.zdnet.com/Ou/?p=326 "After all the controversy, it turns out that there really are critical vulnerabilities in Apple's Wi-Fi drivers that affect Intel and PowerPC based Macs described in three separate CVEs. After more than six weeks of Apple's spin that strongly implied there was no Wi-Fi vulnerability and six weeks of conspiracy theories that this whole thing was a fabricated stunt to garner attention for some fake security researchers, Apple released three critical patches before next week's Toorcon event where security researchers David Maynor and Jon Ellch are planning to release details on the Apple Wi-Fi exploit and more." Read it all. Then wait for the quiet patches from Mozilla in a few weeks. OSS fanatics and Apple fanatics have no shame. They will lie and lie and lie. They've been doing it for years. This post was edited by NotParker on Thursday, October 05, 2006 at 15:18. |
| #3 By 8556 (12.217.111.92) at 10/5/2006 3:50:01 PM |
| Mystic: Take a chill pill. Opera 9.02 kicks both Firefox and IE's virtual asses. |
| #4 By 2960 (68.101.39.180) at 10/5/2006 4:14:03 PM |
|
Parker, you are one sick puppy ;)
TL |
| #5 By 37047 (216.191.227.68) at 10/5/2006 4:40:24 PM |
|
#3: I agree that Opera is a really good browser. I used to use it myself, but I stopped, because there were a few annoying little things that bugged me in one of the earlier versions. I think I last used it around version 5 or 6. I think I'll grab a copy of it and give it a try again. They have done a lot of good things with it.
#2: Spoken like a true Microsoft shill. |
| #6 By 13030 (198.22.121.110) at 10/5/2006 4:43:05 PM |
|
#2: Now that he has agreed to pretend this was a "joke".
What other ridiculous conspiracies to you subscribe to? Second gunman at the Grassy Knoll? UFOs and secret government bases analyzing alien technology for use by the military? Bush and Cheney made up the Iraqi threat so we could invade Iraq and have their oil supply all to ourselves? OSS fanatics and Apple fanatics have no shame. They will lie and lie and lie. They've been doing it for years. Just like you. Also, the challenge still stands. |
| #7 By 32132 (142.32.208.238) at 10/5/2006 4:44:53 PM |
|
#5 "I will acknowledge that there is a minor flaw there in the Javascript processing code that will cause Firefox itself to crash"
The essence of buffer overflow attacks is the ability to crash the application end inject your won code. I'm a shill because Apple lied non-stop for 6 weeks? I'm a shill because the guys boss explicitly mentions termination - which is a threat? I'm a shill because I've learned to be suspicious of a company that hides its bugs behind "Access Denied" pages to keep people from learning how they are 300 days old .. and this from the "many eyes" brigade? This post was edited by NotParker on Thursday, October 05, 2006 at 16:46. |
| #8 By 32132 (142.32.208.238) at 10/5/2006 4:51:35 PM |
|
"He pinned the claim that the hackers know of 30 yet-to-be-fixed flaws in Firefox entirely on his co-presenter, Wbeelsoi. "I have no undisclosed Firefox vulnerabilities. The person who was speaking with me made this claim, and I honestly have no idea if he has them or not," Spiegelmock wrote. Wbeelsoi could not immediately be reached for comment. "
http://news.zdnet.com/2100-1009_22-6122317.html Aaah. Mozilla posts Spiegelmock's "retraction" but it turns out that he shouldn't be retracting the 30 flaws stuff ... since Wbeelsoi is the one with the 30 flaws. Sounds like someone caving to an employers threats of termination to me. |
| #9 By 32132 (142.32.208.238) at 10/5/2006 6:14:33 PM |
|
I'm not the only suspcious one.
From todays eWeek newsletter: "Apparently it was all a big joke - although no one from Mozilla is laughing. A recent presentation by two well respected security researchers claimed that Firefox's Javascript implementation was poorly done, and left back doors wide open. Now they claim it was all just a big joke. Haha, nudge nudge, wink wink, say no more. I'm not so sure I believe them.Something's rotten, and it's not in Denmark. At any rate, read our story for what we know now - but I assure you, this is not the end." |
| #10 By 53756 (67.86.67.13) at 10/5/2006 10:47:17 PM |
|
HACKERS OF THE PLANET UNITE!!! that is funny shit!
oh, and for all those firefoxasslovers, didn't you read that Firefox had MORE NEW EXPLOITS THEN ANY OTHER BROWSER!?! "Firefox led the pack both in terms of absolute number of vulnerabilities disclosed on the last six months, and in terms of percentage growth over the year" http://arstechnica.com/news.ars/post/20060925-7818.html It's a joke. IE is the king. MS will crush anyone who tries to take them. And what's the point of trying to beat them?!? Do any of you stupid people commenting here realize how much work goes into browser development? Just like Microsoft do their job. Try and do something creative, invent your own product. Bill owns the browser. Doesn't anyone remember how much the web sucked before IE came out? I've been a loyal IE fan since day 1. I NEVER ran Netscape, and I NEVER will. This post was edited by brien86 on Thursday, October 05, 2006 at 22:48. |
| #11 By 23275 (68.17.42.38) at 10/6/2006 5:17:28 AM |
|
Window Snyder is no fool - she is a professional and she took a balanced approach that is being maintained. She and her team are continuing to investigate what she reported to be "what appears to be a legitimate vulnerability."
The question isn't whether FF/Moz is being given a pass - it is why would it even be considered? The darling of broswer security isn't - why is that it would have been, or any software for that matter? Microsoft bad.... all else good? Ridiculous. "I don't use IE becuase it is, or isn't....." Ridiculous. "Get Firefox" because it is, or isn't.... Ridiculous. Good word, too... as it is ridiculous for anyone to be identified by, or identify with anything so fundamentally - a browser, a name, an operating system? Ridiculous. People are more than that, but arguments like this, marketing hype, press, mass media, they are all designed to reduce and make common, people that should be defined by what they do. If there is a joke here - a real one that was intended by the hackers, I hope that is what it was, but I doubt it. It is likely that the only thing that will come out of this is the truth - an irresistable force that will always reveal what people are based upon what they do - or do not do. I feel for Window - I bet there is a small voice in her asking, "oh man, what did I get myself into, or with?" - when one finds out that neither the grass, or the people for that matter, are any greener on the other side. "Start Something..." - now that's not just good advertising, it's good advice. Microsoft's message - go do something... anything... yeah, use the technology to help you get started, or help you get there... but "YOU" go do something - be shaped by and identify with that. |
|
Write Comment
Return to News |
Displaying 1 through 25 of 216 Last | Next |
The time now is
10:52:36 AM
ET.
Any comment problems? E-mail us |
