Domain: computerterrorism.com
Stories and comments across the archive that link to computerterrorism.com.
Comments · 18
-
Re:Must be joking
Here's the link I meant to send.
-
Taking issue with TFA
According to the article, "...Microsoft felt it unnecessary to patch a flaw six months ago that was originally low risk but mutated in to something extremely dangerous." This is, presumably, in reference to the JavaScript exploit that was recently covered on Slashdot and in an Eweek article.
The thing is, this flaw didn't "mutate" -- it's just that we didn't until recently understand how dangerous this security flaw really is. That there's already a working proof of concept is alarming.
It's quite inaccurate to say that the flaw "mutated" when in reality it never changed -- only our understanding of it changed. Who's to say that someone, somewhere, wasn't already aware of the true potential for abuse when the flaw was first discovered half a year ago? Microsoft didn't make fixing this a high priority because they were lulled into the belief (along with almost everyone else, apparently) that this was a simple DoS exploit instead of the own-the-machine exploit it turned out to be. (Yeah, it takes a lot more work to actually gain control of the machine, but the same fundamental mechanism is used.) -
Re:Lets keep it fair!
This doesn't crash my Firefox 1.5, nor does anything else out of the ordinary happen - it just seems to reload the page. Please tell me what I'm doing wrong
:D -
Firefox vulnerable too
The proof of concept crashes firefox 1.0.7 (as reported in this thread by numerous others).
I'm not surprised that IE hasn't been patched, but as this vulnerability has been known for some time (this post is a dupe - not that there's anything wrong with that), but why hasn't firefox been patched yet? -
Worthless eWeek
They just copied half the story from this site:
http://www.security.ithub.com
The Proof of Concept didn't load calc.exe for me. Instead, it crashed my IE windows on WindowsXP SP1.
I run Ad Muncher, so that might have caught and foiled the malicious javascript. -
McAfee Catches it
My virus scanner seemed to stop it on the proof of concept page. McAfee sees it as JS/Exploit-BO.gen
-
Proof of Concept
Here is a link to the Proof of Concept page, which will launch an instance of calc.exe if you're vulnerable. AVG Free caught the exploit in the cached page, but calc.exe ran anyway, even after I deleted the file.
-
There is a huge unaddressed problem here...
Most of the security establishment is focused on patching holes *after* they're discovered. This goes for application/product vendors as well as the security companies that are tasked with protecting those assets. The reasoning goes something along the lines that the sooner you patch your systems, the sooner you are safe from the "bad guys".
The problem is that many of the vulnerabilities have been sitting there for YEARS before they're discovered by the establishment. Take Blaster for example... how long was that vulnerability present in shipping product before it was disclosed by Microsoft? Try nearly 7 years. Of course, only a few short weeks after this disclosure, the worm propagated. So, how long were blackhats exploiting the vuln before the disclosure? We'll probably never know. How many other "undiscovered" vulnerabilities have been exploited prior to the vendor acknowledging the vulnerability? Dunno, but I suspect it ain't just a handful. How about yesterday's IE proof of concept remote root exploit that works just as well against a fully patched Windows XP SP2 as it does against Windows 2000? You think any signature or "behavior"-based IDS/IPS can even detect this sort of thing 0-day? I'm willing to bet money on the fact that they can't.
See here for a fun new way to run Calc.exe on your Windows box:
http://www.computerterrorism.com/research/ie/ct21- 11-2005
So long as vendors remain profit motivated and focused on short-term competitiveness, they will never adequately address the software quality issue. Unexposed vulnerabilities are ripe picking for blackhats, while vendors and the security establishment continue to address the reactive post-vulnerability disclosure space. -
Links
-
Links
-
POC not even working.http://www.computerterrorism.com/research/ie/poc.
h tm
I cant seem to get the Proof of Concept to work... All I get:
Windows XP fully patched: Prompt box, but it never actually loads, its just white after 5 min I kill IE in the Task Manager.
Windows 2000 SP4, missing last 30 critical upadates: Same as XP, but the prompt box actually gets loaded so I can read the text, but it locks up if I click ok or cancel. Then I kill IE In the task Manager after a few minutes.
Could my firewall be blocking this type of attack? (WatchGuard)Right now it doesnt seem like a Proof of Concept, rather just bad website design.
-
Re:Firefox & IE
Sorry that should have been
I tried the Proof of Concept with IE6 & Firefox 1.0.2.
Both the browsers hung when I clicked on the link on the page.
So what's the story? -
Re:lazy story submitters
-
Re:Zero-day? No.
Actually it is a 0day exploit. Though it uses the "javascript window()" vulnerability release months back, at the time it was thought to be a DoS exploit. The information released today shows that it is remotely expoitable. The PoC is here. http://www.computerterrorism.com/research/ie/poc.
h tm -
Re:Zero-day? No.
It is a 0day exploit. The vuln was previously released months back, but at the time it was thought to DoS(not a remote exploit). But information released today shows that this vuln can be exploited remotely. So it is 0day.
BTW the POC is here
http://www.computerterrorism.com/research/ie/poc.h tm
Start the slashdotting.... -
Re:This is why...
http://www.computerterrorism.com/research/ie/poc.
h tm Proof of Concept, Haven't tested since didn't have access to any machine with IE at the moment, but seems all it does is open up calc.exe -
Proof of Concept Code
Computer Terrorism Ltd. published the proof of concept code on Monday. Their example even seems to hang my copy of Firefox.
-
Re:Link to a copy?
Here you can test an exploit on IE: http://www.computerterrorism.com/research/ie/poc.
h tm -- http://tvilda.stilius.net/