Re: New Vulnerability against Firefox/ Major Extensions

["Joey Mengele" <joey.mengele () hushmail com>]

Dude did you get your PhD at K-Mart or are you just retarded? It 
seems like maybe Dr. Chris and Dr. Neal are the real trolls in this 
 joke of an 'industry'...

_Joey
Qualifications (in order of descending worthlessness):
Certified Drive by Pharming Expert / CISSP / PhD

On Wed, 30 May 2007 14:12:44 -0400 "Dr. Neal Krawetz PhD" 
<neal () krawetz org> wrote:
> Gobbles aka n3td3v,
>
> Please stop harassing aspiring young PhD students on this list.
>
> I speak for everyone in this community when I say that we are all 
> tired
> of your shenanigans and that it is time for you to grow up.  
> Clearly
> you do not have a PhD, and to the best of my knowledge you are not
> actively pursuing one, and therefor have no voice in computer 
> security.
>
> To my fans:  I have just finished reading Niels Provos' work from 
> 2001,
> and plan on presenting a summary of these dated works at Blackhat 
> 2007
> this summer.  I look forward to seeing you all there!
>
> Dr. Neal Krawetz, PhD
>
> http://www.hackerfactor.com/
> http://www.krawetz.org/
>
>
> On Wed, May 30, 2007 at 11:57:59AM -0400, Joey Mengele wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > Hello List,
> >
> > > ------------------------------------
> > > Frequently Asked Questions
> > > ------------------------------------
> > >
> > > Q: Who is at risk?
> > >
> > > A: Anyone who has installed the Firefox Web Browser and one or
> > > more
> > > vulnerable extensions. These include, but are not limited to:
> > > Google
> > > Toolbar, Google Browser Sync, Yahoo Toolbar, Del.icio.us
> > > Extension,
> > > Facebook Toolbar, AOL Toolbar, Ask.com Toolbar, LinkedIn 
> Browser
> > > Toolbar, Netcraft Anti-Phishing Toolbar, PhishTank SiteChecker.
> >
> > Don't you mean anyone who has these installed and is using a 
> rogue
> > or compromised DNS server?
> >
> > > Q: How many people are at risk?
> > >
> > > A: Millions. Exact numbers for each toolbar/extension are not
> > > released
> > > by the vendors. Google Toolbar, which is one of the most 
> popular
> > > of
> > > the vulnerable extensions, is installed as part of the download
> > > process with WinZip, RealNetworks' Real Player and Adobe's
> > > Shockwave.
> > > Google publicly pays website publishers $1 for each copy of
> > > Firefox +
> > > Google Toolbar that customers download and install through a
> > > publisher's website.
> > >
> > > Google confirmed in 2005 that their toolbar product's user base
> > > was
> > > "in the millions". Given the number of distribution deals that
> > > have
> > > been signed, the number of users can only have grown in size
> > > since.
> >
> > Oh stop being such a drama queen. Are you suggesting "millions"
> > have their DNS compromised and their home routers owned? Isn't 
> this
> > bug rather inconsequential for these people anyway?
> >
> > > Q: When am I at risk?
> > >
> > > A: When you use a public wireless network, an untrusted 
> Internet
> > > connection, or a wireless home router with the default password
> > > set.
> >
> > Duh. You don't need to be running some silly toolbar to be at 
> risk
> > in this scenario.
> >
> > > Q: What can I do to reduce my risk?
> > >
> > > A: Users with wireless home routers should change their 
> password
> > > to
> > > something other than the default.
> >
> > Are you really suggesting wide scale wireless home router
> > compromise? Is there an army of hacker dudes driving around
> > compromising unprotected wireless routers in the millions that I 
> am
> > not aware of? Surely the Security Focus PharmConMeter(TM) would
> > have alerted me if this were the case!
> >
> > > Q: Why is this attack possible?
> > >
> > > A: The problem stems from design flaws, false assumptions, and 
> a
> > > lack
> > > of solid developer documentation instructing extension authors 
> on
> > > the
> > > best way to secure their code.
> >
> > See also "because your DNS server is owned"
> >
> > > ----------------------------------
> > > Description Of Vulnerability
> > > ----------------------------------
> >
> > Blabla, you are a technical genius. Let's move on Dr. Chris.
> >
> > > -----------------------------------
> > > When Are Users Vulnerable
> > > -----------------------------------
> > >
> > > Users are most vulnerable to this attack when they cannot trust
> > > their
> > > domain name server. Examples of such a situation include:
> > >
> > >    * Using a public or unencrypted wireless network.
> > >
> > >    * Using a network router (wireless or wired) at home that 
> has
> > > been
> > > infected/hacked through a drive by pharming attack. This
> > > particular
> > > risk can be heavily reduced by changing the default password on
> > > your
> > > home router.
> >
> > Hahahahahahha. Drive by pharming. What a fucking joke. This
> > industry is the best.
> >
> > > ------------------------
> > > Fixing The Problem
> > > ------------------------
> > >
> > >
> > > The number of vulnerable extensions is more lengthy than those
> > > listed
> > > in this document. Until vendors have fixed the problems, users
> > > should
> > > remove/disable all Firefox extensions except those that they 
> are
> > > sure
> > > they have downloaded from the official Firefox Add-ons website
> > > (https://addons.mozilla.org). If in doubt, delete the 
> extension,
> > > and
> > > then download it again from a safe place.
> >
> > No way dude, use The Internet Explorer!
> >
> >
> > > ---------------------------------------------------------
> > > Self Disclosure/Conflict of Interest Statement
> > > ---------------------------------------------------------
> > >
> > >
> > > Christopher Soghoian is a PhD student in the School of 
> Informatics
> > > at
> > > Indiana University. He is a member of the Stop Phishing 
> Research
> > > Group. His research is focused in the areas of phishing, click-
> > > fraud,
> > > search privacy and airport security. He has worked an intern 
> with
> > > Google, Apple, IBM and Cybertrust. He is the co-inventor of
> > > several
> > > pending patents in the areas of mobile authentication, anti-
> > > phishing,
> > > and virtual machine defense against viruses. His website is
> > > http://www.dubfire.net/chris/ and he blogs regularly at
> > > http://paranoia.dubfire.net
> >
> > Impressive. The scholarly source Wikipedia [1] says you are also
> > that guy that made boarding passes for Al Qaeda? Kudos.
> >
> > > Information on this vulnerability was disclosed for free to the
> > > above
> > > listed vendors.
> >
> > Oi! Such a deal.
> >
> > _Joey
> >
> > [1] http://en.wikipedia.org/wiki/Christopher_Soghoian
> > -----BEGIN PGP SIGNATURE-----
> > Note: This signature can be verified at 
> https://www.hushtools.com/verify
> > Version: Hush 2.5
> wpwEAQECAAYFAkZdngYACgkQbnLzJSXnVjORJgP/e8QL9VRf4EsTEbkg91b8+J86wf1
> P
> >
> 3eYeDo7toYMiT7dV/mKgMSzO3XNVmgKrlrBafiieGxbaOFL1Spu5wKiz04G8DiQs5D7
> y
> >
> vbWeQe6o68NYwCikyE4Ed5Hs7EWJFz+6R86x0KfQ3Nn+P3L/tnssUhkmMXHeGCOLZgV
> i
> > CVVCzxM=
> > =Zd4G
> > -----END PGP SIGNATURE-----
> >
> > --
> > Click for free info on business schools and make $150K/ year
> > http://tagline.hushmail.com/fc/CAaCXv1I6ylOR9cWSogD0jO1TmrlUWwa/
> >
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/

--
Love Graphic Design? Find a school near you. Click Now.
http://tagline.hushmail.com/fc/CAaCXv1amK7RowNERVRIM56cQDM4rJzZ/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/