FYI...

RETIRED: Mozilla Firefox Multiple Unspecified Javascript Vulnerabilities
- http://www.securityfocus.com/bid/20294/discuss
"Update (October 3, 2006): This BID is being retired as reports indicate that these issues are a hoax. The researchers responsible for disclosing these vulnerabilities have claimed that their original reports were not correct. It is possible that a remote denial of service vulnerability affects the browser; however this has not been confirmed. A new BID will be created if subsequent reports confirm the possibility of the potential denial of service issue. Please see references for more information."

.

I think Window is female, so "SHE was not amused."

You wrote: "Window Snyder, head of security strategy for Mozilla stood next to me as Spiegelmock explained; he was not amused."

Er, Window is a "she". Did you really attend ToorCon?

This whole situation sounds familiar. David Maynor did the same thing at Black Hat: showed a supposed exploitable vulnerability, then later could not show any evidence that there was anything, even a crasher. Although he has yet to admit that publicly... instead he is just staying silent.

Oh I know, you saw the "exploit" in person. But actually, you saw a faked demonstration just like everyone else.

Why the yellow shirts? Black hats with a dress code for their members?

I think these two wanna-be's were simply looking for some cheap publicity. Even so, I'm sure the Mozilla guy asked local P.D. to dust the podium for fingerprints afterwards.

The truly skilled and malicious hackers, those working out of a Bulgarian or Moscow apartment, would never expose themselves or their Russian mob bosses by speaking on a podium. Or by wearing a yellow shirt in public.

A free pass to slander a browser?

Is this a free pass to slander a browser? If this was an attempt at a joke, I can tell you many supporting the movement to Firefox aren't amused.

The real joke is how these clown hats are given free reign to slander and the media for incessantly hopping on its bandwagon prior to learning the facts.

Barber Sink -- Nice anagram of my name for your sig there.
My favorite is Biker Barns.

I hung out with Window at Toorcon several times, and I already wrote that she was with me, so this is obviously a typo, and it has been fixed. Anyway, thanks for not being obnoxious about it.

Their mothers must be proud.

I suspect the vulnerability is real. I also think someone informed these loud-mouthed morons that they were now on an FBI watch list for talking about creating a "blackhat communications network". They're trying to cover their butts. Too late. I don't think anyone should get too comfortable just yet. I suspect the "we were only joking" part is the real hoax.

Already switched to Opera.

I find it highly suspect that a LiveJournal developer and a member of a group that hacked LiveJournal are friends. Someone at Six Apart needs to take a long, hard look at Mischa Spiegelmock...

These jerks must be prosecuted. How many sleepless nights we have to bear to amuse them? Behead them. BTW: this means to be humorous except the call to behead them.

BanTown have a history of making misleading, overstated, or downright false claims about their "attacks". They're a group of trolls, and calling them Black Hats is, imo, a disgrace to the real thing. I'm still not convinced that the attack on LiveJournal happened the way BanTown described it.

Anything directly associated with Bantown has a huge credibility problem from the moment it appears.

Window? I wonder if Gatess can sue over that.

How long before U.S. Cert drops their "warning" about possible a Mozilla exploit? It's still up on their site.

Funny, there's still _several_ unpatched (but documented) Microsoft vulnerabilities that haven't appeared on U.S. Cert's site.

I'm not connecting the dots, but some might.

"Window? I wonder if Gatess can sue over that."

I can demonstrate prior use.

The LJ developer probably discovered, at the podium, that Mozilla wasn't written in perl and that was the end of the vulnerability assessment.

Between this and the mac wireless hoax, it looks the phrase "professional security researcher" is an oxymoron.

Brian,
How big a problem is the Firefox-JavaScript hole if one installs Firefox's JavaBlocker extension?

These two clowns say, in part, "We don't care what side you're on as long as you commit yourself to destruction." Let me pose this question...would it not be the sign of a true leader to lead by personal example? If they want their followers to destroy things belonging to other people, why don't these sophomoric, self-centered, bone-headed brats show us all how it's done by destroying themselves first?

They say in part, " We don't care what side you're on as long as you commit yourself to destruction." Is it not the sign of a true leader to lead by example? If these two sophomoric, self-centered, bone-headed brats want to be real leaders, heroes of the first caliber, let them show us how it is done by first destroying themselves...or at least their computer systems.

Does this mean that I have to stop telling my friends that firefox is the Best web browser around.
I think not!.

I switch between opera and firefox, just to confuse boneheads like these two.
As for self destruction for these two,time will eventually make that a reality.

Listen up and listen well. If all of you would quit running around on the internet with anything other than a 'user account' all this crappy hacking would be a thing of the past.

I didn't say a guest account, I said a user account. You can't install software on a user account, so hacks are a thing of the past. Wise up people and get informed.

Saw the report of the -alleged- flaw yesterday (Mon) and ignored it.
Dead giveaway was that they named it "unfixable".
Nothing in software is unfixable. Hence the source had an obvious bias.

"Window? I wonder if Gatess can sue over that."
-I can demonstrate prior use.
Posted by: Window | October 3, 2006 03:11 PM "

Priceless!

******News Flash End of Hacks********

IF A HUMAN MADE CODED IT, IT IS VULNERABLE..

****************************************

Wasnt sure if you were aware of that..

He's Got a point End of hacks.. not the best wording, but none the less a valid point

Wow, you went for the jugular on that one! In all honesty I cannot say I blame you.

They have no other reason for commiting career suicide other than if they are going to be paid some money for this slander.

Many hackers outthere know of a number of hacks with IE that have been exploited for years and these don't seem to have been aired or talked about by all of those columnists who decided to write about this...

This stinks of some sort of "Get the facts" through the back door campaign...It has all of the hallmarks of a Microsoft drive by!

it seems to me that these young lads are playing a little game of follow the carrot. They will be mostly interested in other people trying to hack them. It will be really exicting to be watched and still be able to play spy vs. spy.

"Fear, uncertainty, and doubt (FUD) is a sales or marketing strategy of disseminating negative (and vague) information on a competitor's product." In this case - competior's browser.

I'm not so sure that the wireless driver issue was a hoax. However, the firefox issues appear to be much more suspect. I don't think you can compare the two. In any event, these ppl appear to be idiotic and have gotten a lot of bad press for mozilla. Is this a black-hat bloc event designed to create FUD?

From what I'm hearing, if you were actually in the audience for their presentation -- and had half a brain -- it was pretty obvious that this presentation was a joke. Apparently some reporters didn't meet one of the above two qualifications.

Even some of the statements that Brian describes here make it prety clear:

"We don't care what side you're on as long as you commit yourself to destruction."

"They ardently urged those in attendance to use their knowledge to "ruin things" as much as possible for Internet users."

Hopefully someone will do the world a favor and shoot these two moronic losers and rid the world of some excess fatty tissue.

Hackers suck, pretend hackers even more.

Window! Can't you sue Gates??

reality - "Hackers suck, pretend hackers even more."

Read the definition of hacker please.

However i agree.. they should be shot.
FireFox FTW!!!!!!111111

The issue isn't whether the wireless MacBook hack exists or not. There is a possibility that Maynor discovered something; it is his inablity to tell a straight story since then that makes people question him. The issues with the wireless hack are 1) was the demo a fake (evidence is pointing in that direction) 2) should reporters have done a better job initally the story (again, suggests yes) and 3) did Maynor act responsibly and tell Apple about the flaw (currenly in dispute, and now nobody is going to talk). Keep in mind with #3 is Maynor is now claiming a flaw in FreeBSD as well, but has not notified anyone (Sam Lefler) about the problem with FreeBSD.

ROFL! well they certainly got the publicity that they were after, didn't they? And they successfully tested out the waters for whatever other projects they might have in the future.

Script kiddies comes to mind, except they look too old to be kiddies. Definate wannabes... now it remains to be seen if they turn into something other than wannabes. If so, they'd better learn how to hide as well as hack, because the entire world now knows more about them than is safe.

Doug, that shows you that the way Mozilla handled the problem (damage control) was poor and the Mozilla powers took far too much time to clear the air on the matter.

Window was at the meeting, was she not? If so, she would have known if it came across as a joke and should have rallied the Mozilla troups to squash that joke from gaining any media traction whatsoever.

take this into consideration, after idk how many patches windows came out with there are still flaws and holes, think of a web browser the piece of software that allows you to travel the web and catch these nasty things do you really think there gunna catch every flaw. Java is also a big problem.. No matter how hard any company trys, there software will have leaks and it will be exploited. THE END.. P.S - BY A FIREWALL LMAO

Barber Sink: you're a bit twisted, no? Brian knows Window personally. Do you? Brian knows computer security and has been writing about it for longer than you've been picking your nose. Do you?

charlie, you're so eloquent. It's obvious you've gone through higher education. You have an inimitable way of expressing yourself. We're all so glad you opened a blog to bash this reporter. You mother must be very proud of you.