full-disclosure-uk May 2007 archive
Main Archive Page > Month Archives  > full-disclosure-uk archives
full-disclosure-uk: Re: [Full-disclosure] New Vulnerability agai

Re: [Full-disclosure] New Vulnerability against Firefox/ Major Extensions

From: Joey Mengele <joey.mengele_at_nospam>
Date: Wed May 30 2007 - 18:41:57 GMT
To: <joey.mengele@hushmail.com>, <full-disclosure@lists.grok.org.uk>, <neal@krawetz.org>


Dude did you get your PhD at K-Mart or are you just retarded? It seems like maybe Dr. Chris and Dr. Neal are the real trolls in this  joke of an 'industry'...

_Joey
Qualifications (in order of descending worthlessness): Certified Drive by Pharming Expert / CISSP / PhD

On Wed, 30 May 2007 14:12:44 -0400 "Dr. Neal Krawetz PhD" <neal@krawetz.org> wrote:
>Gobbles aka n3td3v,
>
>Please stop harassing aspiring young PhD students on this list.
>
>I speak for everyone in this community when I say that we are all
>tired
>of your shenanigans and that it is time for you to grow up.
>Clearly
>you do not have a PhD, and to the best of my knowledge you are not
>actively pursuing one, and therefor have no voice in computer
>security.
>
>To my fans: I have just finished reading Niels Provos' work from
>2001,
>and plan on presenting a summary of these dated works at Blackhat
>2007
>this summer. I look forward to seeing you all there!
>
>Dr. Neal Krawetz, PhD
>
>http://www.hackerfactor.com/
>http://www.krawetz.org/
>
>
>On Wed, May 30, 2007 at 11:57:59AM -0400, Joey Mengele wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Hello List,
>>
>> >
>> >------------------------------------
>> >Frequently Asked Questions
>> >------------------------------------
>> >
>> >Q: Who is at risk?
>> >
>> >A: Anyone who has installed the Firefox Web Browser and one or
>> >more
>> >vulnerable extensions. These include, but are not limited to:
>> >Google
>> >Toolbar, Google Browser Sync, Yahoo Toolbar, Del.icio.us
>> >Extension,
>> >Facebook Toolbar, AOL Toolbar, Ask.com Toolbar, LinkedIn
>Browser
>> >Toolbar, Netcraft Anti-Phishing Toolbar, PhishTank SiteChecker.
>> >
>>
>> Don't you mean anyone who has these installed and is using a
>rogue
>> or compromised DNS server?
>>
>> >Q: How many people are at risk?
>> >
>> >A: Millions. Exact numbers for each toolbar/extension are not
>> >released
>> >by the vendors. Google Toolbar, which is one of the most
>popular
>> >of
>> >the vulnerable extensions, is installed as part of the download
>> >process with WinZip, RealNetworks' Real Player and Adobe's
>> >Shockwave.
>> >Google publicly pays website publishers $1 for each copy of
>> >Firefox +
>> >Google Toolbar that customers download and install through a
>> >publisher's website.
>> >
>> >Google confirmed in 2005 that their toolbar product's user base
>> >was
>> >"in the millions". Given the number of distribution deals that
>> >have
>> >been signed, the number of users can only have grown in size
>> >since.
>> >
>>
>> Oh stop being such a drama queen. Are you suggesting "millions"
>> have their DNS compromised and their home routers owned? Isn't
>this
>> bug rather inconsequential for these people anyway?
>>
>> >Q: When am I at risk?
>> >
>> >A: When you use a public wireless network, an untrusted
>Internet
>> >connection, or a wireless home router with the default password
>> >set.
>> >
>>
>> Duh. You don't need to be running some silly toolbar to be at
>risk
>> in this scenario.
>>
>> >Q: What can I do to reduce my risk?
>> >
>> >A: Users with wireless home routers should change their
>password
>> >to
>> >something other than the default.
>> >
>>
>> Are you really suggesting wide scale wireless home router
>> compromise? Is there an army of hacker dudes driving around
>> compromising unprotected wireless routers in the millions that I
>am
>> not aware of? Surely the Security Focus PharmConMeter(TM) would
>> have alerted me if this were the case!
>>
>> >
>> >Q: Why is this attack possible?
>> >
>> >A: The problem stems from design flaws, false assumptions, and
>a
>> >lack
>> >of solid developer documentation instructing extension authors
>on
>> >the
>> >best way to secure their code.
>> >
>>
>> See also "because your DNS server is owned"
>>
>> >----------------------------------
>> >Description Of Vulnerability
>> >----------------------------------
>> >
>>
>> Blabla, you are a technical genius. Let's move on Dr. Chris.
>>
>> >
>> >-----------------------------------
>> >When Are Users Vulnerable
>> >-----------------------------------
>> >
>> >Users are most vulnerable to this attack when they cannot trust
>> >their
>> >domain name server. Examples of such a situation include:
>> >
>> > * Using a public or unencrypted wireless network.
>> >
>> > * Using a network router (wireless or wired) at home that
>has
>> >been
>> >infected/hacked through a drive by pharming attack. This
>> >particular
>> >risk can be heavily reduced by changing the default password on
>> >your
>> >home router.
>> >
>>
>> Hahahahahahha. Drive by pharming. What a fucking joke. This
>> industry is the best.
>>
>> >
>> >------------------------
>> >Fixing The Problem
>> >------------------------
>> >
>> >
>> >The number of vulnerable extensions is more lengthy than those
>> >listed
>> >in this document. Until vendors have fixed the problems, users
>> >should
>> >remove/disable all Firefox extensions except those that they
>are
>> >sure
>> >they have downloaded from the official Firefox Add-ons website
>> >(https://addons.mozilla.org). If in doubt, delete the
>extension,
>> >and
>> >then download it again from a safe place.
>> >
>>
>> No way dude, use The Internet Explorer!
>>
>>
>> >---------------------------------------------------------
>> >Self Disclosure/Conflict of Interest Statement
>> >---------------------------------------------------------
>> >
>> >
>> >Christopher Soghoian is a PhD student in the School of
>Informatics
>> >at
>> >Indiana University. He is a member of the Stop Phishing
>Research
>> >Group. His research is focused in the areas of phishing, click-
>> >fraud,
>> >search privacy and airport security. He has worked an intern
>with
>> >Google, Apple, IBM and Cybertrust. He is the co-inventor of
>> >several
>> >pending patents in the areas of mobile authentication, anti-
>> >phishing,
>> >and virtual machine defense against viruses. His website is
>> >http://www.dubfire.net/chris/ and he blogs regularly at
>> >http://paranoia.dubfire.net
>> >
>>
>> Impressive. The scholarly source Wikipedia [1] says you are also
>> that guy that made boarding passes for Al Qaeda? Kudos.
>>
>> >
>> >Information on this vulnerability was disclosed for free to the
>> >above
>> >listed vendors.
>> >
>>
>> Oi! Such a deal.
>>
>> _Joey
>>
>> [1] http://en.wikipedia.org/wiki/Christopher_Soghoian
>> -----BEGIN PGP SIGNATURE-----
>> Note: This signature can be verified at
>https://www.hushtools.com/verify
>> Version: Hush 2.5
>>
>>
>wpwEAQECAAYFAkZdngYACgkQbnLzJSXnVjORJgP/e8QL9VRf4EsTEbkg91b8+J86wf1
>P
>>
>3eYeDo7toYMiT7dV/mKgMSzO3XNVmgKrlrBafiieGxbaOFL1Spu5wKiz04G8DiQs5D7
>y
>>
>vbWeQe6o68NYwCikyE4Ed5Hs7EWJFz+6R86x0KfQ3Nn+P3L/tnssUhkmMXHeGCOLZgV
>i
>> CVVCzxM=
>> =Zd4G
>> -----END PGP SIGNATURE-----
>>
>> --
>> Click for free info on business schools and make $150K/ year
>> http://tagline.hushmail.com/fc/CAaCXv1I6ylOR9cWSogD0jO1TmrlUWwa/
>>
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
-- Love Graphic Design? Find a school near you. Click Now. http://tagline.hushmail.com/fc/CAaCXv1amK7RowNERVRIM56cQDM4rJzZ/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/