|Hackers Zero-Day Flaw In Firefox Was a Hoax|
System: The following 6 messages were cut out of thread at: http://www.webmasterworld.com/firefox_browser/3105107.htm [webmasterworld.com] by engine - 6:25 pm on Oct. 4, 2006 (utc +1)
And now there might be very little to the whole thing. In a note on Mozilla Developoer Center from Mischa Spiegelmock, one of the speakers: [developer.mozilla.org]
|I have not succeeded in making this code do anything more than cause a crash and eat up system resources, and I certainly havenít used it to take over anyone elseís computer and execute arbitrary code. |
I do not have 30 undisclosed Firefox vulnerabilities, nor did I ever make this claim. I have no undisclosed Firefox vulnerabilities. The person who was speaking with me made this claim, and I honestly have no idea if he has them or not.
A DoS isn't good, but it's nowhere near as serious as commandeering a system.
|Update (October 3, 2006): This BID is being retired as reports indicate that these issues are a hoax. The researchers responsible for disclosing these vulnerabilities have claimed that their original reports were not correct. It is possible that a remote denial of service vulnerability affects the browser; however this has not been confirmed. |
|Not true. IIS has many more attacks than Apache, yet Apache controls 65% of web servers or more. |
I am not so sure about that.
We run 3 sites for our company websites. 2 are Apache, one is IIS.
During the past year I have had to clean up hacks and/or exploits on the Apache ones 4 times. I have yet to have any problems with IIS.
And yes, I know it is true that a lot of the hacks sneak in through other programs, such as PHPbb flaws, but the fact remains that I have yet to have a problem with our IIS server.
They need to offer some REAL money for hacks.
Set up a couple of sites, one IIS and one Apache, with all the usual programs, like a website, forum, blog.
And then offer $10,000 to the first person to crash or hack each one :D
Relax - Hacker's claim found to be only a joke:
You can't compare personal experience with everyone else. All the security companies warn of the problems of IIS vs. Apache and IIS problems are well known.
|A hacker who claimed to have found a serious zero-day bug in Firefox now says he was never able to exploit the supposed vulnerability to hijack computers. |
But Spiegelmock has now backpedaled on those claims. In a statement provided to Mozilla, which coordinates development of Firefox, Spiegelmock said that the computer code displayed during the presentation does not fully compromise a PC running the browser.
Hackers Zero-Day Flaw In Firefox Was a Hoax
If you are using Apache then set it to identify itself as IIS and vice versa. You shouldn't get many problems doing that.
The Washington Post's Brian Krebs has a little more on the other guy in this hoax:
I did little searching with the information from the article. It looks like the "Wbeelsoi" guy is little more than an Internet prankster.
My Firefox browser may still have some vulnerabilities, but it's unlikely that this guy knows any of them.