Full Disclosure mailing list archives
Re: New Vulnerability against Firefox/ Major Extensions
From: "Joey Mengele" <joey.mengele () hushmail com>
Date: Wed, 30 May 2007 14:41:57 -0400
Dude did you get your PhD at K-Mart or are you just retarded? It seems like maybe Dr. Chris and Dr. Neal are the real trolls in this joke of an 'industry'... _Joey Qualifications (in order of descending worthlessness): Certified Drive by Pharming Expert / CISSP / PhD On Wed, 30 May 2007 14:12:44 -0400 "Dr. Neal Krawetz PhD" <neal () krawetz org> wrote:
Gobbles aka n3td3v, Please stop harassing aspiring young PhD students on this list. I speak for everyone in this community when I say that we are all tired of your shenanigans and that it is time for you to grow up. Clearly you do not have a PhD, and to the best of my knowledge you are not actively pursuing one, and therefor have no voice in computer security. To my fans: I have just finished reading Niels Provos' work from 2001, and plan on presenting a summary of these dated works at Blackhat 2007 this summer. I look forward to seeing you all there! Dr. Neal Krawetz, PhD http://www.hackerfactor.com/ http://www.krawetz.org/ On Wed, May 30, 2007 at 11:57:59AM -0400, Joey Mengele wrote:-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello List,------------------------------------ Frequently Asked Questions ------------------------------------ Q: Who is at risk? A: Anyone who has installed the Firefox Web Browser and one or more vulnerable extensions. These include, but are not limited to: Google Toolbar, Google Browser Sync, Yahoo Toolbar, Del.icio.us Extension, Facebook Toolbar, AOL Toolbar, Ask.com Toolbar, LinkedInBrowserToolbar, Netcraft Anti-Phishing Toolbar, PhishTank SiteChecker.Don't you mean anyone who has these installed and is using arogueor compromised DNS server?Q: How many people are at risk? A: Millions. Exact numbers for each toolbar/extension are not released by the vendors. Google Toolbar, which is one of the mostpopularof the vulnerable extensions, is installed as part of the download process with WinZip, RealNetworks' Real Player and Adobe's Shockwave. Google publicly pays website publishers $1 for each copy of Firefox + Google Toolbar that customers download and install through a publisher's website. Google confirmed in 2005 that their toolbar product's user base was "in the millions". Given the number of distribution deals that have been signed, the number of users can only have grown in size since.Oh stop being such a drama queen. Are you suggesting "millions" have their DNS compromised and their home routers owned? Isn'tthisbug rather inconsequential for these people anyway?Q: When am I at risk? A: When you use a public wireless network, an untrustedInternetconnection, or a wireless home router with the default password set.Duh. You don't need to be running some silly toolbar to be atriskin this scenario.Q: What can I do to reduce my risk? A: Users with wireless home routers should change theirpasswordto something other than the default.Are you really suggesting wide scale wireless home router compromise? Is there an army of hacker dudes driving around compromising unprotected wireless routers in the millions that Iamnot aware of? Surely the Security Focus PharmConMeter(TM) would have alerted me if this were the case!Q: Why is this attack possible? A: The problem stems from design flaws, false assumptions, andalack of solid developer documentation instructing extension authorsonthe best way to secure their code.See also "because your DNS server is owned"---------------------------------- Description Of Vulnerability ----------------------------------Blabla, you are a technical genius. Let's move on Dr. Chris.----------------------------------- When Are Users Vulnerable ----------------------------------- Users are most vulnerable to this attack when they cannot trust their domain name server. Examples of such a situation include: * Using a public or unencrypted wireless network. * Using a network router (wireless or wired) at home thathasbeen infected/hacked through a drive by pharming attack. This particular risk can be heavily reduced by changing the default password on your home router.Hahahahahahha. Drive by pharming. What a fucking joke. This industry is the best.------------------------ Fixing The Problem ------------------------ The number of vulnerable extensions is more lengthy than those listed in this document. Until vendors have fixed the problems, users should remove/disable all Firefox extensions except those that theyaresure they have downloaded from the official Firefox Add-ons website (https://addons.mozilla.org). If in doubt, delete theextension,and then download it again from a safe place.No way dude, use The Internet Explorer!--------------------------------------------------------- Self Disclosure/Conflict of Interest Statement --------------------------------------------------------- Christopher Soghoian is a PhD student in the School ofInformaticsat Indiana University. He is a member of the Stop PhishingResearchGroup. His research is focused in the areas of phishing, click- fraud, search privacy and airport security. He has worked an internwithGoogle, Apple, IBM and Cybertrust. He is the co-inventor of several pending patents in the areas of mobile authentication, anti- phishing, and virtual machine defense against viruses. His website is http://www.dubfire.net/chris/ and he blogs regularly at http://paranoia.dubfire.netImpressive. The scholarly source Wikipedia [1] says you are also that guy that made boarding passes for Al Qaeda? Kudos.Information on this vulnerability was disclosed for free to the above listed vendors.Oi! Such a deal. _Joey [1] http://en.wikipedia.org/wiki/Christopher_Soghoian -----BEGIN PGP SIGNATURE----- Note: This signature can be verified athttps://www.hushtools.com/verifyVersion: Hush 2.5wpwEAQECAAYFAkZdngYACgkQbnLzJSXnVjORJgP/e8QL9VRf4EsTEbkg91b8+J86wf1 P3eYeDo7toYMiT7dV/mKgMSzO3XNVmgKrlrBafiieGxbaOFL1Spu5wKiz04G8DiQs5D7 yvbWeQe6o68NYwCikyE4Ed5Hs7EWJFz+6R86x0KfQ3Nn+P3L/tnssUhkmMXHeGCOLZgV iCVVCzxM= =Zd4G -----END PGP SIGNATURE----- -- Click for free info on business schools and make $150K/ year http://tagline.hushmail.com/fc/CAaCXv1I6ylOR9cWSogD0jO1TmrlUWwa/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
-- Love Graphic Design? Find a school near you. Click Now. http://tagline.hushmail.com/fc/CAaCXv1amK7RowNERVRIM56cQDM4rJzZ/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- New Vulnerability against Firefox/ Major Extensions Christopher Soghoian (May 29)
- Re: New Vulnerability against Firefox/ Major Extensions Tim (May 30)
- Re: New Vulnerability against Firefox/ Major Extensions Ferruh Mavituna (May 30)
- Re: New Vulnerability against Firefox/ Major Extensions Steven Adair (May 30)
- Re: New Vulnerability against Firefox/ Major Extensions Matthew Murphy (May 30)
- <Possible follow-ups>
- Re: New Vulnerability against Firefox/ Major Extensions Joey Mengele (May 30)
- Re: New Vulnerability against Firefox/ Major Extensions Dr. Neal Krawetz PhD (May 30)
- Re: New Vulnerability against Firefox/ Major Extensions coderman (May 30)
- Re: New Vulnerability against Firefox/ Major Extensions tx (May 30)
- Re: New Vulnerability against Firefox/ Major Extensions Dr. Neal Krawetz PhD (May 30)
- Re: New Vulnerability against Firefox/ Major Extensions Joey Mengele (May 30)