Forum Moderators: open
I have not succeeded in making this code do anything more than cause a crash and eat up system resources, and I certainly haven’t used it to take over anyone else’s computer and execute arbitrary code.I do not have 30 undisclosed Firefox vulnerabilities, nor did I ever make this claim. I have no undisclosed Firefox vulnerabilities. The person who was speaking with me made this claim, and I honestly have no idea if he has them or not.
A DoS isn't good, but it's nowhere near as serious as commandeering a system.
Update (October 3, 2006): This BID is being retired as reports indicate that these issues are a hoax. The researchers responsible for disclosing these vulnerabilities have claimed that their original reports were not correct. It is possible that a remote denial of service vulnerability affects the browser; however this has not been confirmed.
Not true. IIS has many more attacks than Apache, yet Apache controls 65% of web servers or more.
I am not so sure about that.
We run 3 sites for our company websites. 2 are Apache, one is IIS.
During the past year I have had to clean up hacks and/or exploits on the Apache ones 4 times. I have yet to have any problems with IIS.
And yes, I know it is true that a lot of the hacks sneak in through other programs, such as PHPbb flaws, but the fact remains that I have yet to have a problem with our IIS server.
Set up a couple of sites, one IIS and one Apache, with all the usual programs, like a website, forum, blog.
And then offer $10,000 to the first person to crash or hack each one :D
[technewsworld.com...]
A hacker who claimed to have found a serious zero-day bug in Firefox now says he was never able to exploit the supposed vulnerability to hijack computers.On Saturday, Mischa Spiegelmock and Andrew Wbeelsoi told attendees at the ToorCon event in San Diego that Firefox is critically flawed in the way it handles JavaScript. An attacker could commandeer a computer running the open-source Web browser simply by crafting a Web page that contains some malicious JavaScript code, they said. They displayed some of that code.
But Spiegelmock has now backpedaled on those claims. In a statement provided to Mozilla, which coordinates development of Firefox, Spiegelmock said that the computer code displayed during the presentation does not fully compromise a PC running the browser.
Hackers Zero-Day Flaw In Firefox Was a Hoax
[news.com.com]
:-)
Also, Wbeelsoi, or "Weev" as he is called by friends, is part of a group that calls itself "Bantown," a loose-knit outfit that claimed responsibility for a fairly high-profile Javascript attack against close to a million LiveJournal users, an attack that Security Fix profiled in January.
My Firefox browser may still have some vulnerabilities, but it's unlikely that this guy knows any of them.
