Tuesday, October 03, 2006

The Truth About a Claimed Firefox Exploit

Brian Krebs writes on Security Fix:

A colorful duo of young hackers at the Toorcon security conference presented evidence Saturday that suggested a previously undocumented flaw in Mozilla's Firefox Web browser is actively being exploited to compromise machines of users cruising the Web with the browser. This story has been pretty widely reported over the past few days, but a few key facts have been absent from most of the coverage I've seen, and I wanted to try to help set the record straight on this.

The Toorcon talk was given by Mischa Spiegelmock a software engineer for Six Apart's LiveJournal blogging service, and a guy speaking under the pseudonym "Andrew Wbeelsoi." They prefaced their presentation by calling on security researchers everywhere to stop publicizing and fixing software security vulnerabilities.

"We do have exploits for all the stuff we're going to show you," the 21-year-old calling himself Wbeelsoi said. "We'll give them away to anyone who proves their actions are going to be politically motivated. We don't care what side you're on as long as you commit yourself to destruction."

Both speakers lectured at length about ways to cloak your identity online to engage in criminal activities, ranging from creating botnets to installing spyware on users' machines. They ardently urged those in attendance to use their knowledge to "ruin things" as much as possible for Internet users.

More here.

0 Comments:

Post a Comment

<< Home