Australian IT JOBS : Sydney IT jobs, UNIX jobs, Linux jobs, Java jobs, ASP jobs Linux.conf.au Linux.conf.au
Technology news and Jobs arrow Information Technology News arrow Firefox vulnerability exposed as a hoax
Firefox vulnerability exposed as a hoax PDF Print E-mail
Written by Stan Beer   
Wednesday, 04 October 2006
ImageOne of two hackers who got up on stage and gave a presentation detailing a so-called Javascript vulnerability in Firefox has come forward and admitted the presentation was a hoax.

During a presentation at the Toorcon conference in San Diego last Saturday, young hackers Mischa Spiegelmock and Andrew Wbeelsoi detailed a vulnerability which they claimed was not able to be patched unless Mozilla rewrites key sections of its JavaScript code. The two hackers gave a detailed presentation on stage showing a slide with what was claimed to be key information on how a hacker could gain control of a computer which visits a web page containing malicious JavaScript code.

The hackers also claimed to have knowledge of a total of 30 Firefox exploits.
 
However, Spiegelmock has since issued a statement saying that presentation was meant to be a tongue-in-cheek humorous hoax. He has issued the following statement, which was posted on iTWire in the comments section of our previous story:

"The main purpose of our talk was to be humorous.
 
"As part of our talk we mentioned that there was a previously known Firefox vulnerability that could result in a stack overflow ending up in remote code execution. However, the code we presented did not in fact do this, and I personally have not gotten it to result in code execution, nor do I know of anyone who has.
 
"I have not succeeded in making this code do anything more than cause a crash and eat up system resources, and I certainly haven’t used it to take over anyone else’s computer and execute arbitrary code.
 
"I do not have 30 undisclosed Firefox vulnerabilities, nor did I ever make this claim. I have no undisclosed Firefox vulnerabilities. The person who was speaking with me made this claim, and I honestly have no idea if he has them or not.
 
"I apologize to everyone involved, and I hope I have made everything as clear as possible.
 
Sincerely,
Mischa Spiegelmock"

While, the open source community is currently expressing its annoyance at the childish actions of the two young pranksters, the Mozilla development team has indicated that it remains vigilant about the issues raised in the bogus presentation.
 
"Even though Mischa hasn’t been able to achieve code execution, we still take this issue seriously. We will continue to investigate," stated the leader of the Mozilla security team, Window Snyder.{moscomment}

Tags See All Tags


Internet  Software 

Get stories like this delivered daily - FREE - subscribe now
When you subscribe get a 12 months license for LiveProject
Valued at $99 USD


LiveWire - Desktop alerts Download the FREE iTWire desktop alert widget LiveWire - Desktop alerts


Del.icio.us!
 
< Prev   Next >
JobsWire Technology Jobs in Sydney
Active Directory  Apache  Software Architect  C#  C++  Cisco  Citrix Cognos  Coldfusion  CRM  Crystal Reports  Software Development  ERP  HTML  IBM  IT Infrastructure  ITIL  J2EE  Java  LAN/WAN  Linux  Lotus Notes  MS Project  .NET  Oracle  SDLC  SQL  IT Support  IT Training  UAT  UML  Unix  XML
JobWire - IT Jobs
Contact , Register , Advertise with iTWire , Links , Register , About iTWire , Feedback , Post your jobs , Events , iTWire site map , Start Blogging
Industry Releases , Submit your release now , Start submitting to iTWire , How to post video