The Geforce chip is made of copper instead of aluminium, which means it can run faster - Spencer Kelly, BBC Click Online
|
|
|
Firefox zero day flaw disputed
THE MOZILLA FOUNDATION has hit out at claims that Firefox 3.6 has a zero day flaw.
The claim was made by Intevydis developer Evgeny Legerov who claimed on his forum that his exploit for Windows XP (SP3) and Vista is quite reliable. He said it was an interesting challenge to find the buffer overflow flaw and work out a way to exploit it.
The Mozzarella outfit has been curiously silent about the flaw and according to our source there it is not surprising why.
Our source said that Legerov has hardly been forthcoming with information about the flaw. In fact he hasn't proven his zero day exploit to anyone that can verify it.
Apparently Mozilla asked him to come up with some details and he wouldn't. Nor has he provided anything in the way of proof to Secunia.
The feeling is that it is all smoke and mirrors until some actual, factual information is given to someone, one Firebadger developer told us.
So why wouldn't Legerov be forthcoming? The thoughts within Mozilla are that he could be a Russian black hat hacker who wants to flog a hack to the highest bidder before disclosing it to Mozilla. The press picking up on his posts on a security blog would give any hacker like him some free publicity. Of course we don't believe that for a minute. Legerov's outfit Intevydis has a web page and everything.
We do know that Firebadger crashes suddenly hit a high on February 12th and 13th. It was suggested that these might have been caused by the exploit being tested. However to do that someone connected to Legerov must have been using it a lot to make a dent in the statistics.
Mozilla's development team told us that the press should be asking why Legerov has not given them information. We have an email in but he has not been forthcoming so far. µ
Share this:
Share
@ Yag Kohha: Prove it my friend! It's very easy to say that it's a great bug.
Having a eastern European or Polish name and giving comments in broken English does not make you a Russian/East European black hatter:) (apologies to all hackers!).
VulnDisco could have simply said "we want you to buy our software. Therefore, we refuse to disclose the bug". When did Mozilla ever say that they had the most secure browser?
You too have some crack and be happy:)
Keep trying harder!
Its real bug and really working at xpsp3 vista and w7 (really better than IE aurora), wanna check this - get access to VulnDisco. Mozilla reaction for Legerov alert is too strange. Firefox is most secured browser??? This is a big lie:D Some words about mass FF crash after Legerov alert is too stupid too, Intevydis never exploit founded bugs and dont has blackhats in subscribers list. Please stop to eat psilocybe mushrooms. Be happy.
1) Microsoft gets egg on its face for multiple security holes in IE6,7,8, and whole countries warn their citizens not to use IE at all.
2) Microsoft contacts Legerov, and asks him to try to find a weakness in Firefox, and then publicly and maliciously release any findings he comes up with "for no reason" (besides the $150K cheque he got from his Microsoft friends).
3) Microsoft then effectively points an accusing finger at Mozilla..."see, theirs is no better, people should just stick with good ol' IE.
The fact that their may be nothing whatsoever wrong with Firefox is immaterial. Legerov stirred up FUD according to Microsoft's plan, a job well done, enjoy your money!
Microsoft has played virtually every dirty trick in the book (like bribing whole countries to support OOXML to ISO, or funding SCO to attack their "buddy" Novell) so it should be no stretch that they bribe one or two little hacker dudes to attack open source (which Heir Ballmer hates with a passion).
Just because FF is open source and the source code freely available, doesn't make it an easier target, it just means it's less work to see the code. I'm sure that hackers have no moral problems with breaking MS's EULA and reversing IE's source code.
I disagree - With all the people employed by MS, imagine just as many people have a look at IE as do at firebadger. Who's to say that MS employees aren't selling exploits to hackers - maybe even coding them in the first place!
Because, this is a benefit for hackers to exploit this buffer overflow to attack firefox user who does not know anything. The hacker knew the line in the code which is flawed. Firefox as open source browser is easy to monitor every new release for its source so more vulnerable than Opera and Internet Explorer.