| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20070530184159.7130D22820@mailserver9.hushmail.com> Date: Wed, 30 May 2007 14:41:57 -0400 From: "Joey Mengele" <joey.mengele@...hmail.com> To: <joey.mengele@...hmail.com>, <full-disclosure@...ts.grok.org.uk>, <neal@...wetz.org> Subject: Re: New Vulnerability against Firefox/ Major Extensions Dude did you get your PhD at K-Mart or are you just retarded? It seems like maybe Dr. Chris and Dr. Neal are the real trolls in this joke of an 'industry'... _Joey Qualifications (in order of descending worthlessness): Certified Drive by Pharming Expert / CISSP / PhD On Wed, 30 May 2007 14:12:44 -0400 "Dr. Neal Krawetz PhD" <neal@...wetz.org> wrote: >Gobbles aka n3td3v, > >Please stop harassing aspiring young PhD students on this list. > >I speak for everyone in this community when I say that we are all >tired >of your shenanigans and that it is time for you to grow up. >Clearly >you do not have a PhD, and to the best of my knowledge you are not >actively pursuing one, and therefor have no voice in computer >security. > >To my fans: I have just finished reading Niels Provos' work from >2001, >and plan on presenting a summary of these dated works at Blackhat >2007 >this summer. I look forward to seeing you all there! > >Dr. Neal Krawetz, PhD > >http://www.hackerfactor.com/ >http://www.krawetz.org/ > > >On Wed, May 30, 2007 at 11:57:59AM -0400, Joey Mengele wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Hello List, >> >> > >> >------------------------------------ >> >Frequently Asked Questions >> >------------------------------------ >> > >> >Q: Who is at risk? >> > >> >A: Anyone who has installed the Firefox Web Browser and one or >> >more >> >vulnerable extensions. These include, but are not limited to: >> >Google >> >Toolbar, Google Browser Sync, Yahoo Toolbar, Del.icio.us >> >Extension, >> >Facebook Toolbar, AOL Toolbar, Ask.com Toolbar, LinkedIn >Browser >> >Toolbar, Netcraft Anti-Phishing Toolbar, PhishTank SiteChecker. >> > >> >> Don't you mean anyone who has these installed and is using a >rogue >> or compromised DNS server? >> >> >Q: How many people are at risk? >> > >> >A: Millions. Exact numbers for each toolbar/extension are not >> >released >> >by the vendors. Google Toolbar, which is one of the most >popular >> >of >> >the vulnerable extensions, is installed as part of the download >> >process with WinZip, RealNetworks' Real Player and Adobe's >> >Shockwave. >> >Google publicly pays website publishers $1 for each copy of >> >Firefox + >> >Google Toolbar that customers download and install through a >> >publisher's website. >> > >> >Google confirmed in 2005 that their toolbar product's user base >> >was >> >"in the millions". Given the number of distribution deals that >> >have >> >been signed, the number of users can only have grown in size >> >since. >> > >> >> Oh stop being such a drama queen. Are you suggesting "millions" >> have their DNS compromised and their home routers owned? Isn't >this >> bug rather inconsequential for these people anyway? >> >> >Q: When am I at risk? >> > >> >A: When you use a public wireless network, an untrusted >Internet >> >connection, or a wireless home router with the default password >> >set. >> > >> >> Duh. You don't need to be running some silly toolbar to be at >risk >> in this scenario. >> >> >Q: What can I do to reduce my risk? >> > >> >A: Users with wireless home routers should change their >password >> >to >> >something other than the default. >> > >> >> Are you really suggesting wide scale wireless home router >> compromise? Is there an army of hacker dudes driving around >> compromising unprotected wireless routers in the millions that I >am >> not aware of? Surely the Security Focus PharmConMeter(TM) would >> have alerted me if this were the case! >> >> > >> >Q: Why is this attack possible? >> > >> >A: The problem stems from design flaws, false assumptions, and >a >> >lack >> >of solid developer documentation instructing extension authors >on >> >the >> >best way to secure their code. >> > >> >> See also "because your DNS server is owned" >> >> >---------------------------------- >> >Description Of Vulnerability >> >---------------------------------- >> > >> >> Blabla, you are a technical genius. Let's move on Dr. Chris. >> >> > >> >----------------------------------- >> >When Are Users Vulnerable >> >----------------------------------- >> > >> >Users are most vulnerable to this attack when they cannot trust >> >their >> >domain name server. Examples of such a situation include: >> > >> > * Using a public or unencrypted wireless network. >> > >> > * Using a network router (wireless or wired) at home that >has >> >been >> >infected/hacked through a drive by pharming attack. This >> >particular >> >risk can be heavily reduced by changing the default password on >> >your >> >home router. >> > >> >> Hahahahahahha. Drive by pharming. What a fucking joke. This >> industry is the best. >> >> > >> >------------------------ >> >Fixing The Problem >> >------------------------ >> > >> > >> >The number of vulnerable extensions is more lengthy than those >> >listed >> >in this document. Until vendors have fixed the problems, users >> >should >> >remove/disable all Firefox extensions except those that they >are >> >sure >> >they have downloaded from the official Firefox Add-ons website >> >(https://addons.mozilla.org). If in doubt, delete the >extension, >> >and >> >then download it again from a safe place. >> > >> >> No way dude, use The Internet Explorer! >> >> >> >--------------------------------------------------------- >> >Self Disclosure/Conflict of Interest Statement >> >--------------------------------------------------------- >> > >> > >> >Christopher Soghoian is a PhD student in the School of >Informatics >> >at >> >Indiana University. He is a member of the Stop Phishing >Research >> >Group. His research is focused in the areas of phishing, click- >> >fraud, >> >search privacy and airport security. He has worked an intern >with >> >Google, Apple, IBM and Cybertrust. He is the co-inventor of >> >several >> >pending patents in the areas of mobile authentication, anti- >> >phishing, >> >and virtual machine defense against viruses. His website is >> >http://www.dubfire.net/chris/ and he blogs regularly at >> >http://paranoia.dubfire.net >> > >> >> Impressive. The scholarly source Wikipedia [1] says you are also >> that guy that made boarding passes for Al Qaeda? Kudos. >> >> > >> >Information on this vulnerability was disclosed for free to the >> >above >> >listed vendors. >> > >> >> Oi! Such a deal. >> >> _Joey >> >> [1] http://en.wikipedia.org/wiki/Christopher_Soghoian >> -----BEGIN PGP SIGNATURE----- >> Note: This signature can be verified at >https://www.hushtools.com/verify >> Version: Hush 2.5 >> >> >wpwEAQECAAYFAkZdngYACgkQbnLzJSXnVjORJgP/e8QL9VRf4EsTEbkg91b8+J86wf1 >P >> >3eYeDo7toYMiT7dV/mKgMSzO3XNVmgKrlrBafiieGxbaOFL1Spu5wKiz04G8DiQs5D7 >y >> >vbWeQe6o68NYwCikyE4Ed5Hs7EWJFz+6R86x0KfQ3Nn+P3L/tnssUhkmMXHeGCOLZgV >i >> CVVCzxM= >> =Zd4G >> -----END PGP SIGNATURE----- >> >> -- >> Click for free info on business schools and make $150K/ year >> http://tagline.hushmail.com/fc/CAaCXv1I6ylOR9cWSogD0jO1TmrlUWwa/ >> >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ -- Love Graphic Design? Find a school near you. Click Now. http://tagline.hushmail.com/fc/CAaCXv1amK7RowNERVRIM56cQDM4rJzZ/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists