Security Fix: The Truth About a Claimed Firefox Exploit

["Fergie" <fergdawg () netzero net>]

Interesting article....

Brian Krebs:

[snip]

A colorful duo of young hackers at the Toorcon security conference
presented evidence Saturday that suggested a previously undocumented
flaw in Mozilla's Firefox Web browser is actively being exploited to
compromise machines of users cruising the Web with the browser. This
story has been pretty widely reported over the past few days, but a few
key facts have been absent from most of the coverage I've seen, and I
wanted to try to help set the record straight on this.

The Toorcon talk was given by Mischa Spiegelmock a software engineer
for Six Apart's LiveJournal blogging service, and a guy speaking under
the pseudonym "Andrew Wbeelsoi." They prefaced their presentation by
calling on security researchers everywhere to stop publicizing and
fixing software security vulnerabilities.

"We do have exploits for all the stuff we're going to show you," the
21-year-old calling himself Wbeelsoi said. "We'll give them away to
anyone who proves their actions are going to be politically motivated.
We don't care what side you're on as long as you commit yourself to
destruction."

Both speakers lectured at length about ways to cloak your identity
online to engage in criminal activities, ranging from creating botnets
to installing spyware on users' machines. They ardently urged those in
attendance to use their knowledge to "ruin things" as much as possible
for Internet users.

[snip]

More:
http://blog.washingtonpost.com/securityfix/2006/10/zeroday_firefox_exploit_claime.html

- ferg


--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg(at)netzero.net
 ferg's tech blog: http://fergdawg.blogspot.com/


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.