Smile, we’ve been on candid camera, and we’ve been caught with our pants down, standing on our heads, with umbrellas between our teeth. “I have not succeeded in making this code do anything more than cause a crash and eat up system resources, and I certainly haven’t used it to take over anyone else’s computer and execute arbitrary code. I do not have 30 undisclosed Firefox vulnerabilities, nor did I ever make this claim. I have no undisclosed Firefox vulnerabilities. The person who was speaking with me made this claim, and I honestly have no idea if he has them or not.” Of course it did not take long for black helicopters to arrive. Microsoft has computers, so do the hackers: a link! MS is behind it all!
The attempt to create a communication network for black hats has miserably failed. OMG, what a joke.
These days you just can’t go around publicly degrading a security-sensitive product with a security-sensitive fan-base (even if you’re mostly joking)… unless you have all the proof to back up your claims.
I’m glad this guy apologized publicly – that’s the only right thing to do in that scenario.
Still important to note that his code crashes Firefox, so at least he wasn’t a complete farce.
Edited 2006-10-03 19:24
Well, he wasn’t the one to make the claim, so he doesn’t really have to apologize. You cannot apologize for something somebody else did.
Pardon my paranoia, but I can’t help but wonder if there might have been something of substance to this whole business. Was it really all a joke?
OK. Probably, it was.
But it seems to me that this is exactly the sort of statement that Mozilla Corp would request that he make if he decided to take the $500 per exploit after all. ($15,000 USD if all 30 were valid.)
That’s probably just a paranoid delusion… right?
Edited 2006-10-03 23:12
It seems the browser wars are more fearsome than ever. If Microsoft had such a better product they wouldn’t need to, just think whats going to happen when Linux gets more desktop market share.
Build better software like in your adverts MS, but in the real world we know this to be not true.
Perhaps this sorry mess wouldn’t have happened if outfits like Cnet hadn’t reported it as straight news. Here are some follow-up reports from SecurityFocus and Brian Krebs:
http://www.securityfocus.com/news/11416
http://blog.washingtonpost.com/securityfix/2006/10/zeroday_firefox_…
What emerges from the stories is the joking nature of the talk, that people found it funny, and most did not take it seriously. Mozilla obviously did, it’s their job to take stuff like this seriously. Cnet and their ilk, however, have a duty to provide a bit of context.
As a Firefox user, I browse most sites with Javascript disabled via the Noscript extension. Noscript is a vital tool for browsing the Web, as it selectively can unblock scripts per Web page.
https://addons.mozilla.org/firefox/722/
Given the nature of today’s Web, it’s always a good idea to control tightly how Javascript is used.
Yeah, the one good thing to come of this was exposure for Noscript, which I got the impression a lot of people installed and started using.
Yeah, that’s me, I just gotta keep looking for that silver lining!
it’s terribly difficult to use noscript as so many sites require javascript. I’ve come across a lot of site that have their layout and navigation menus managed by javascript. Crazy but true.
Most site don’t go to the effort of checking if you have javascript enabled before trying to use it.
it’s very annoying.
I am not surprised. If one knows the way Mozilla rate security issues and knows just a bit about computers could see there was very little, if anything.
Now, in the next few minutes the anti-FLOSS gang will start the Damage Control-dance. Or completely ignore this submission.
You need to chill with the “anti-FLOSS gang” crap. It’s pointless and annoying.
//You need to chill with the “anti-FLOSS gang” crap. It’s pointless and annoying.//
You need to chill with the “always defend Microsoft” crap. It’s pointless, annoying and just plain misguided.
Except I don’t and it’s not even relevant, so your post was just childish trolling.
Try again next time.
Edited 2006-10-04 01:55
Except that you do. His/her post was no more childish than yours.
Sit down, grab a beer, and be happy we aren’t pointing at you for your FF-fud.
Except that you do. His/her post was no more childish than yours.
Actually, my post was meant to be a “mirror” to the original poster.
It is amazing how many times you can legitimately post a person’s own words back at them, and they then accuse you of being the “childish troll” or whatever.
My irony meter always blows a fuse when that happens.
Edited 2006-10-04 05:02
It must blow quite a few fuses here at OSN…
//It must blow quite a few fuses here at OSN…
//
I suspect the OSN people must own shares in an irony-meter-fuse company …
… maybe in a tinfoil-hat company as well.
😀
Edited 2006-10-04 05:15
Ahh, but I don’t. YOU know for a fact that I do not always defend Microsoft. Just as I know for a fact you don’t always go against them.
That, and it wasn’t relevant at all.
Just as I know for a fact you don’t always go against them.
Damn you.. that was supposed to be a secret, you know
The fact is that the anti-FLOSS gang exists and is very active. Therefore it is not pointless. Annoying that I mention it? Perhaps, but the truth tends to be annoying.
Nah, the OSS fundies and black helicopters. lol
It was pretty funny.
anyone mirror this article:
http://developer.mozilla.org/devnews/index.php/2006/10/02/update-po…
before it went down?
I’m dying to read it…..
up again now…but this also works:
http://developer.mozilla.org.nyud.net:8080/devnews/index.php/2006/1…
Seems that Firefox hasn’t acquired the neccessary market share yet (and there are enough unpatched XPs lying around – why to break existing “black hats communicaton networks” anyway?).
I told you is was sponsored by microsoft!
I thought this whole thing was just a joke that was spun by “responsible” media such as the “esteemed” news source CNET.
Then again, there is always SCO…
Which type of tinfoil hat design do you favour – the fedora or the dunce cap style?
Well, the party _was_ sponsored by MS. I don’t think it had any influence, but the party was MS-sponsored.
That’s it?
That’s the evidence behind all this nonsense?
Wow … 😐
So far I’m not aware of any evidence in any direction.
The, “Napolean”, (o_o), gets better reception.
Hahaha swilling microsoft beer and spreading FUD and making up lies about other’s products, yeah, good times!
Could something like this pretty much bench you as a security consultant or analyst like, forever?
When I first read that headline I thought it was going to be about a mozilla firefox hacker(programmer) breaking down and admitting that firefox wasn’t actually as secure as people make out.
But again we have the hacker vs. cracker definition issue. I hate how the mass media stole ‘hacker’ away from it.
http://www.betanews.com/article/Alleged_Unfixable_Exploit_in_Firefo…
http://arstechnica.com/news.ars/post/20061002-7885.html
http://www.vnunet.com/vnunet/news/2165546/fifefox-hacker-back-peddl…
i’m a dyed-in-the-wool Linux nut, but enough already with the “it’s all a big MS conspiracy” crap.
this is an open and shut case of two guys basing a comedy bit around one tiny Firefox flaw, and Cnet et al reporting it as fact.
if you want to get pissed at someone, point your finger at the organizations you get your news from.