|10-01-2006, 07:04 PM||#1|
I R Happy Goat
Join Date: May 2002
Hackers claim zero-day flaw in Firefox
"Internet Explorer, everybody knows, is not very secure. But Firefox is also fairly insecure," said Spiegelmock, who in everyday life works at blog company SixApart. He detailed the flaw, showing a slide that displayed key parts of the attack code needed to exploit it.
Snyder said she isn't happy with the disclosure and release of an apparent exploit during the presentation. "It looks like they had enough information in their slide for an attacker to reproduce it," she said. "I think it is unfortunate because it puts users at risk, but that seems to be their goal."
The hackers claim they know of about 30 unpatched Firefox flaws. They don't plan to disclose them, instead holding on to the bugs.
Jesse Ruderman, a Mozilla security staffer, attended the presentation and was called up on the stage with the two hackers. He attempted to persuade the presenters to responsibly disclose flaws via Mozilla's bug bounty program instead of using them for malicious purposes such as creating networks of hijacked PCs, called botnets.
"I do hope you guys change your minds and decide to report the holes to us and take away $500 per vulnerability instead of using them for botnets," Ruderman said.
The two hackers laughed off the comment. "It is a double-edged sword, but what we're doing is really for the greater good of the Internet, we're setting up communication networks for black hats," Wbeelsoi said.
"There is also a river called Helikon [in Pieria]. (...) But, they go on to say, the women who killed Orpheus wished to wash off in it the blood-stains, and thereat the River sank underground, so as not to lend its waters to cleanse manslaughter."
—Pausanias, Description of Greece 9. 30. 8
|Display Modes||Rate This Thread|