Slashdot Mirror

← Back to Stories (view on slashdot.org)

Researcher Claims To Have Chrome Zero-Day, Google Says "Prove It"

Posted by samzenpus on from the secret-security dept.

chicksdaddy writes "Google's been known to pay $60,000 for information on remotely exploitable vulnerabilities in its Chrome web browser. So, when a researcher says that he has one, but isn't interested in selling it, eyebrows get raised. And that's just what's happening this week, with Google saying it will wait and see what Georgian researcher Ucha Gobejishvili has up his sleeve in a presentation on Saturday at the Malcon conference in New Delhi. Gobejishvili has claimed that he will demonstrate a remotely exploitable hole in the Chrome web browser at Malcon. He described the security hole in Chrome as a 'critical vulnerability' in a Chrome DLL. 'It has silent and automatically (sp) download function and it works on all Windows systems,' he told Security Ledger. However, more than a few questions hang over Gobejishvili's talk. The researcher said he discovered the hole in July, but hasn't bothered to contact Google. He will demonstrate the exploit at MalCon, and have a 'general discussion' about it, but won't release source code for it. 'I know this is a very dangerous issue that's why I am not publishing more details about this vulnerability,' he wrote. Google said that, with no information on the hole, it can only wait to hear the researcher's Malcon presentation before it can assess the threat to Chrome users."

106 comments

  1. Certainly has a legitimate track record by Tontoman · · Score: 3, Insightful

    He certainly has a history of uncovering exploits. Here are his youtube videos: http://www.youtube.com/user/longrifle0x

    1. Re:Certainly has a legitimate track record by Anonymous Coward · · Score: 5, Insightful

      He's doing it for fame, not for profit. By selling out a single hole, he gets a one-time check. By talking about it in the abstract, he gets attention. Perhaps a lot of attention, and people listening to him speak. Some people value attention more than money.

    2. Re:Certainly has a legitimate track record by Anonymous Coward · · Score: 5, Insightful

      Sorry, but this is one of the most clueless security researchers on the planet.

      See https://code.google.com/p/chromium/issues/detail?id=108651

    3. Re:Certainly has a legitimate track record by Anonymous Coward · · Score: 2, Interesting

      He's doing it for fame, not for profit. By selling out a single hole, he gets a one-time check. By talking about it in the abstract, he gets attention. Perhaps a lot of attention, and people listening to him speak. Some people value attention more than money.

      or maybe he just wants to advertise his product before setting the price

    4. Re:Certainly has a legitimate track record by trdtaylor · · Score: 5, Interesting

      He's advertising to sell to one of the big 0-day sellers in the world. Probably get a lot more than 60,000 for something this useful

    5. Re:Certainly has a legitimate track record by Anonymous Coward · · Score: 5, Interesting

      No, it just means Google had an error.

      The issue in question has this source code:

      <script>
      var cxrili=new Array("1337","longrifle0x?");
      var a=0;
      while (a=1)
      {
      document.write(cxrili[a])
      a++;
      }
      </script>

      Researcher claims this crashes chrome, turns out it just crashes the tab nicely with what they call a "sad" tab.

      Researcher then says: "Hmm.. really? I tested it on two other PC and got result." because he clearly didn't understand what they said.

      They then close the "bug".

      Nice ad hominem and appeal to authority though. Jackass.

    6. Re:Certainly has a legitimate track record by LordLimecat · · Score: 4, Interesting

      I particularly like this part from his bug report:

      VERSION
      Chrome Version:Ubuntu 11.4 version
      Operating System: [Ubuntu 11.4]

      Man I love that version of chrome. What do you call a security researcher who cant even identify his platform in his bug reports?

    7. Re:Certainly has a legitimate track record by Anonymous Coward · · Score: 0

      Oh, boy. Sleep well Google Chrome users, this is one "security researcher" that even ITT Tech would not accept.

    8. Re:Certainly has a legitimate track record by Justin_Schuh · · Score: 5, Informative

      Here's every "security" report he's made against Chrome. None were valid.

    9. Re:Certainly has a legitimate track record by mark-t · · Score: 1

      Personally, I think that he doesn't have something that Google would actually pay as much for as he'll get from the publicity he receives by making this announcement.

      --
      File under 'M' for 'Manic ranting'
    10. Re:Certainly has a legitimate track record by Anonymous Coward · · Score: 0

      Nice ad hominem and appeal to authority though. Jackass.

      Thank you for this. It appears people with critical thought are becoming persecuted with ever increasing fervor.

    11. Re:Certainly has a legitimate track record by Anonymous Coward · · Score: 0

      Most likely it's a plugin vulnerability. Those are 20k at pwnium, not 60k. Still good money though :-)

    12. Re:Certainly has a legitimate track record by dissy · · Score: 4, Informative

      I seriously doubt any of the big zero-day sellers (or buyers for that matter) would be interested in an "exploit" where you use java script to change the *status bar* (Not address bar) to spoof what URL a link actually goes to.

      Yes, that really is what this person considers an exploit, and he has never discovered nor shown he understands anything more complex than that :P

    13. Re:Certainly has a legitimate track record by Anonymous Coward · · Score: 0

      Gotta appreciate the professionalism of the Chromium staff responding to these reports, though.

    14. Re:Certainly has a legitimate track record by Pieroxy · · Score: 3, Insightful

      And Google staff has a great temper on that one. I would have pointed out "Programming for Dummies" to the guy straight out and I would have banned him from my bug tracker. I mean, by this bug alone you can see the guy is utterly clueless about CS in general.

      --
      Write boring code, not shiny code!
    15. Re:Certainly has a legitimate track record by hairyfeet · · Score: 1

      Actually he can make more money off the bug by selling his services for lectures and consulting than he can by just selling it to Google. Having a rep of finding vulnerabilities in major software like Chrome will get you more work, whereas that check will be gone quick enough.

      --
      ACs don't waste your time replying, your posts are never seen by me.
    16. Re:Certainly has a legitimate track record by WindBourne · · Score: 1, Insightful

      I would suggest keep in mind that some ppl are not native english speakers, and therefore make more mistakes.
      However, I do not believe that is the case here.

      --
      I prefer the "u" in honour as it seems to be missing these days.
    17. Re:Certainly has a legitimate track record by ameen.ross · · Score: 5, Informative

      LMAO

      The very first video where he purportedly shows an Office 2010 0-day vulnerability ("it has silent and automatically download function"), I noticed he right clicked the desktop and clicked pressed "refresh"...
      He then moves on to show that he really is running Office 2010, and then he opens a link, not a word file, which opens MS Word and then opens a local, not silently downloaded, executable: Putty. He finishes by typing "1337" in the connectbox of Putty.

      There are unthinkably many scenarios that lead to this behavior, but this dude having been able to find an actual 0-day vulnerability in any software is not one of them.

      --
      $(echo cm0gLXJmIC8= | base64 --decode)
    18. Re:Certainly has a legitimate track record by Anonymous Coward · · Score: 0

      He's still a douchebag for not just goin to the chrome devs with it.

    19. Re:Certainly has a legitimate track record by Anonymous Coward · · Score: 0

      Per follow-up comments on his track record, you might have a point if by attention, you mean becoming the laugh stock of Slashdot.

    20. Re:Certainly has a legitimate track record by wonkey_monkey · · Score: 1

      and then he opens a link, not a word file

      How can you tell it's a link (and what do you mean by "link" - shortcut? URL file?) and not a Word file? The filename of whatever he clicks on (which admittedly doesn't look like any Word .doc icon I've seen, but I don't see very many) does seem to match the filename showing in the titlebar of the opened Word window.

      Not that I don't believe this guy really is clueless.

      --
      systemd is Roko's Basilisk.
    21. Re:Certainly has a legitimate track record by Anonymous Coward · · Score: 0

      He certainly has a history of uncovering exploits. Here are his youtube videos:
      http://www.youtube.com/user/longrifle0x

      Huh, you managed to get this shill post up first along with links to videos I see. You just revealed your slashdot handle, Mr. Gobejishvili.
      But based on your track record, I'm not surprised.

    22. Re:Certainly has a legitimate track record by ameen.ross · · Score: 1

      If you look closely sometimes you see the little icon that designates a shortcut. I don't know why it isn't visible all the time, may have something to do with the recorder he used. Also look at some of his other video's, he basically does the exact same thing everytime.

      He could have bound a keyboard shortcut to open Putty for all we know, and he just times pressing the combination to "prove" he has an exploit. Kinda stupid that he never ever gives the source for his exploits, maybe he's just furious that his issue reports on Chromium were all marked invalid.

      --
      $(echo cm0gLXJmIC8= | base64 --decode)
    23. Re:Certainly has a legitimate track record by ark1 · · Score: 1

      He certainly has a history of uncovering exploits. Here are his youtube videos: http://www.youtube.com/user/longrifle0x

      Notice the comment section was disabled on all his video. He certainly does not like having his crap exposed publicly.

    24. Re:Certainly has a legitimate track record by LordLimecat · · Score: 1

      When you go to the Chrome "about" screen, I dont believe the words "ubuntu 11.4 version" ever pop up. I believe the version is an all numeric string that is the same regardless of what language you speak, like "23.0.1271.64 m"

    25. Re:Certainly has a legitimate track record by Anonymous Coward · · Score: 0

      He can simply use an extension like this one : http://developer.chrome.com/extensions/npapi.html
      witch allow you to call external dlls/exe

    26. Re:Certainly has a legitimate track record by wonkey_monkey · · Score: 2

      If you look closely sometimes you see the little icon that designates a shortcut.

      Oh, I see what you mean now - I think you've mistaken the optional Windows item selection checkbox for a shortcut indicator.

      http://www.sevenforums.com/tutorials/10111-select-items-check-boxes.html

      But yes, you're right, that video is proof of nothing.

      --
      systemd is Roko's Basilisk.
    27. Re:Certainly has a legitimate track record by Anonymous Coward · · Score: 0

      And you come from which shithole country?

      http://www.spamhaus.org/statistics/countries/

    28. Re:Certainly has a legitimate track record by ameen.ross · · Score: 1

      Oh right, anyway it would still be anything, like a batch script of which he changed the icon or whatever.

      --
      $(echo cm0gLXJmIC8= | base64 --decode)
    29. Re:Certainly has a legitimate track record by fahrbot-bot · · Score: 1

      Never trust a guy with 7+ vowels in his name...

      --
      It must have been something you assimilated. . . .
    30. Re:Certainly has a legitimate track record by Anonymous Coward · · Score: 0

      You mean like....

      Google Chrome 23.0.1271.64 (Official Build 165188) m
      OS Windows
      WebKit 537.11 (@132838)
      JavaScript V8 3.13.7.5
      Flash 11.5.31.2
      User Agent Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.64 Safari/537.11

      who knew

    31. Re:Certainly has a legitimate track record by WindBourne · · Score: 1

      Actually, on mine, it does:
      Version 20.0.1132.47 Ubuntu 12.04 (144678)

      --
      I prefer the "u" in honour as it seems to be missing these days.
    32. Re:Certainly has a legitimate track record by Tontoman · · Score: 1

      Maybe not so legitimate, but he is certainly an active hacker. For example : http://laetitia-schlumberger.com/index0.php and http://horeblawski.eu/euricms/
      Softpedia profiled this person in an article: http://news.softpedia.com/news/Hackers-Around-the-World-No-Flaws-Escape-This-Georgian-s-Longrifle0x-252180.shtml
      However, a subsequent comment by the author says:
      "When this article was published the researcher was a respected member of an important security research team. In the meantime, his work became more "controversial."

  2. Researcher Claims To Have Chrome Zero-Day by Anonymous Coward · · Score: 1, Funny

    Google Says "Prove It"
    World yawns

  3. Clueless by Anonymous Coward · · Score: 2, Insightful

    Maybe he's talking about this lol. Or mybe this one. tl;dr dude is clueless.

    1. Re:Clueless by Anonymous Coward · · Score: 1

      oop link is https://code.google.com/p/chromium/issues/detail?id=108651

  4. This researcher has a poor track record by Anonymous Coward · · Score: 5, Informative

    This security researcher has a track record of not understanding even basic security concepts.

    Basic misunderstanding of "memory corruption" vs. an "out of memory" condition: https://code.google.com/p/chromium/issues/detail?id=108651

    Basic misunderstanding of web security and the capabilities of Javascript: https://code.google.com/p/chromium/issues/detail?id=148636

    This does not preclude the case where he's stumbled across something real, but it seems highly unlikely.

    1. Re:This researcher has a poor track record by Anonymous Coward · · Score: 0

      I get a 500 Server Error on both of those links.

      <tinfoilhat> What are Google trying to hide something from us? </tinfoilhat>

    2. Re:This researcher has a poor track record by Anonymous Coward · · Score: 0

      What makes you think he does not. May be he is just lazy, like me (I never bother to create clickable links on /.)

    3. Re:This researcher has a poor track record by Anonymous Coward · · Score: 1

      The same goes for, you chief - be constructive (No - i'm not the person who originally posted this)

      This security researcher has a track record of not understanding even basic security concepts.

      Basic misunderstanding of "memory corruption" vs. an "out of memory" condition: https://code.google.com/p/chromium/issues/detail?id=108651

      Basic misunderstanding of web security and the capabilities of Javascript: https://code.google.com/p/chromium/issues/detail?id=148636

      This does not preclude the case where he's stumbled across something real, but it seems highly unlikely.

    4. Re:This researcher has a poor track record by AK+Marc · · Score: 1

      Half the time Slashdot makes them clickable, so I never bother either, but sometimes it works anyway. Meh.

      --
      Learn to love Alaska
    5. Re:This researcher has a poor track record by tbird81 · · Score: 1

      In Firefox, just select the url, right click, and "Open Link in New Tab".

      You can't do this in Chrome (last time I tried about a year ago) which is one of the reasons I stayed with FF.

    6. Re:This researcher has a poor track record by Anonymous Coward · · Score: 0

      You can do that with chrome now.

    7. Re:This researcher has a poor track record by Anonymous Coward · · Score: 0

      And we all know Chrome is updated every 2 years only.
      My version must be from the future, as I can do exactly what you described, in Chrome.

    8. Re:This researcher has a poor track record by Anonymous Coward · · Score: 0

      In Firefox, just select the url, right click, and "Open Link in New Tab".

      You can't do this in Chrome (last time I tried about a year ago) which is one of the reasons I stayed with FF.

      On Chrome: Select the link (text) drag it to the Tab bar.

    9. Re:This researcher has a poor track record by Anonymous Coward · · Score: 0

      Bah! we've been doing this in Opera since the late '80s

    10. Re:This researcher has a poor track record by Anonymous Coward · · Score: 1

      Oh dear God, check this one:

      https://code.google.com/p/chromium/issues/detail?id=142864

    11. Re:This researcher has a poor track record by tbird81 · · Score: 1

      Thanks ACs. I still probably won't try it again, as I didn't find it any fast, and hated that auto-updater that ran constantly in the background it installed.

      (I'm not sure if it still does that either, but I'm happy with FF at moment.)

    12. Re:This researcher has a poor track record by Anonymous Coward · · Score: 0

      You can also middle-click practically anything to make a new tab; links, bookmarks, back\forward\refresh buttons, etc.

  5. Fermat's Last Exploit by Anonymous Coward · · Score: 5, Funny

    I have discovered a truly marvelous exploit, which allows a remote attacker to compromise any computer regardless of OS, hardware, or software installed. Unfortunately, this post is too small to contain the details of it.

    1. Re:Fermat's Last Exploit by micheas · · Score: 1

      There are many marvelous exploits that attack the problem existing between keyboard and chair.

      --
      Work bio at MMWD
    2. Re:Fermat's Last Exploit by crutchy · · Score: 5, Funny

      its not like the age old ctrl+F4 exploit that affects all browsers in all operating systems and has the uncanny result of closing which ever browser window you happen to be viewing... it even works on some other programs. i think it must be a bug in the processor or something.... stupid intel

    3. Re:Fermat's Last Exploit by Anonymous Coward · · Score: 2, Insightful

      i don't think the repliers got the fermat's reference :)

    4. Re:Fermat's Last Exploit by Psicopatico · · Score: 2

      I have discovered a truly marvelous exploit, which allows a remote attacker to compromise any computer regardless of OS, hardware, or software installed. Unfortunately, this post is too small to contain the details of it.

      The user?

      Looks like it fits well enough in this post...

      --
      Mastering the English language is fucking easy: all you have to do is to put an f* word in every fucking sentence.
    5. Re:Fermat's Last Exploit by IAmGarethAdams · · Score: 1

      some operating systems

      FTFY

    6. Re:Fermat's Last Exploit by tlhIngan · · Score: 1

      I have discovered a truly marvelous exploit, which allows a remote attacker to compromise any computer regardless of OS, hardware, or software installed. Unfortunately, this post is too small to contain the details of it.

      Yeah, too bad you have to either be admin, give admin permissions, use sudo or be root, ...

      (You won't believe how many local "exploits" get reported where the prerequisite is that the user is administrator or root to begin with. Or require scripts to be run with similar permissions. (Hint: you already have those permissions to begin with - just do what you're going to do rather than run around doing them via proxy).

    7. Re:Fermat's Last Exploit by Anonymous Coward · · Score: 0

      . <-- Joke
      o
      -|- <-- You
      / \

    8. Re:Fermat's Last Exploit by Anonymous Coward · · Score: 0

      The only sensible comment in the whole thread!

    9. Re:Fermat's Last Exploit by crutchy · · Score: 1

      in all fairness, the original fermat reference wasn't really that funny or even relevant... it possibly could have been if worded better

  6. Odd indeed. by mark-t · · Score: 1

    If he gives this lecture and somebody watching figures out how it works, then that somebody else could claim the bounty.

    --
    File under 'M' for 'Manic ranting'
    1. Re:Odd indeed. by Psychotria · · Score: 1

      If he gives this lecture and somebody watching figures out how it works, then that somebody else could claim the bounty.

      I just wish I was going to the conference. The lecture is sure to be fun.

    2. Re:Odd indeed. by citizenr · · Score: 1

      fun != funny

      --
      Who logs in to gdm? Not I, said the duck.
  7. Big deal... by Anonymous Coward · · Score: 1

    "it works on all Windows systems,"

    Stopped reading after that

    1. Re:Big deal... by Anonymous Coward · · Score: 0

      If it works on my Windows 3.11, I would be very impressed. Even if he got chrome to run on this OS, I would be very very impressed.

  8. Re: it works on all Windows systems by johnsnails · · Score: 1
    Stop repeating yourself...
    http://mobile.slashdot.org/story/12/11/19/0438206/windows-phone-8-users-hit-some-snags?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+(Slashdot)

    Of course it's defective! Which part of "Microsoft Product" did you not understand?

  9. He has a video up of this exploit.... by Anonymous Coward · · Score: 1

    He has a video of the Google Chrome exploit that he discovered up already:

    http://youtu.be/AvkbhFmJcn4

    He can get your browser to launch an arbitrary application on your PC when you open a webpage.

    1. Re:He has a video up of this exploit.... by WindBourne · · Score: 1

      Nope. That did not show that. Just the opposite. He had a browser up, clicks on what appears to be a .doc, which simply creates a tab. However, I did not see the browser exec an app.

      --
      I prefer the "u" in honour as it seems to be missing these days.
    2. Re:He has a video up of this exploit.... by beelsebob · · Score: 1

      So putty opened all by itself, right?

    3. Re:He has a video up of this exploit.... by seann · · Score: 1

      The word document, which was already on his local system, which is already preset to trusted which can execute macros, executed putty.

      --
      I'm a big retard who forgot to log out of Slashdot on Mike's computer! LOOK AT ME.
    4. Re:He has a video up of this exploit.... by WindBourne · · Score: 1

      I thought so as well, but just ran the video again. Just dawned on me that he restarts the web page and putty comes up.
      Well, this guy MAY actually have something.

      --
      I prefer the "u" in honour as it seems to be missing these days.
    5. Re:He has a video up of this exploit.... by stderr_dk · · Score: 1

      Well, this guy MAY actually have something.

      Or maybe the page has a hidden image loaded from a webserver running on localhost. The webserver is configured to start putty when someone connects...

      I did something like that 15+ years ago, so it's nothing new at all.

      --
      alias sudo="echo make it yourself #" ; # https://pipedot.org/~stderr & http://soylentnews.org/~stderr
    6. Re:He has a video up of this exploit.... by WindBourne · · Score: 1

      Correct. That is possible. However, why do that for the publicity? That is SUCH negative publicity that he would never work in software again.

      --
      I prefer the "u" in honour as it seems to be missing these days.
    7. Re:He has a video up of this exploit.... by Anonymous Coward · · Score: 0

      Have you seen his bug reports? Making a fool of himself and getting negative publicity doesn't seem to be a concern.
      Maybe we should just wait for the conference and see what he has to say.

  10. Re: it works on all Windows systems by Anonymous Coward · · Score: 0

    And yet, it warrants repeating.

  11. Well, yes. "Ubuntu 11.4" isn't english. by Anonymous Coward · · Score: 0

    And the name of the product is the name of the product whatever language it is in.

  12. Re:2012 cheap Air jordan shoes(1-24) sale by Psychotria · · Score: 0

    Who modded this offtopic? It's not offtopic because it was the security researcher posting.

  13. Additional photo of hacker by Psychotria · · Score: 1

    I did some analysis (too advanced and secret for me to disclose) and came up with this. Needless to say it's almost an exact match for his photo in the article. No wonder he's not disclosing his 0-day.

    1. Re:Additional photo of hacker by crutchy · · Score: 1

      looks like you wiped your ass with a cheap bedsheet after eating waaaaaay to much mcd's

  14. side issue by Anonymous Coward · · Score: 0

    but do you think ChromeOS is an unfortunate name for Google's thin client offering?

    Given that exploits that are Windows related - DLL's etc. are probably going to be an ongoing issue for the browser?

  15. Re: it works on all Windows systems by johnsnails · · Score: 1

    point taken.

  16. Somebody has something by Anonymous Coward · · Score: 0

    I only use chrome at work. I white list javascript and flash so I have as simple a browser as I would think you can get, but one day at work last week I tried downloading a few MP3 from some random russian sites - stupid I know and my machine got infected with something. Chrome died, then all programs died, then this fake anti-virus popped up. I don't know what it was. The URL said mp3, I did right click save as and while it was downloading a popup appeared and my computer, then everything was out of commission for a few hours until I rebuilt it. This was latest chrome, windows 7 64 bit.

    1. Re:Somebody has something by Anonymous Coward · · Score: 0

      Sure... What site?

    2. Re:Somebody has something by crutchy · · Score: 1

      aaahh... there's your problem.... you were using windows.

      that will be $340 please

  17. I wonder how much botnet owners would pay ? by Anonymous Coward · · Score: 0

    So if google is paying up to 60k i wonder how much would a 0 day go for on the "black market" ? :)

    1. Re:I wonder how much botnet owners would pay ? by Anonymous Coward · · Score: 0

      Botnet owners? What? I think you have as much knowledge about security as that guy (just look up his bug reports).

    2. Re:I wonder how much botnet owners would pay ? by crutchy · · Score: 1

      why not? i'm sure there are botnet owners who publish ads in the tabloids:

      WANTED: GOOGLE CHROME ZERO-DAY EXPLOITS
      WILL PAY BIG BUX
      GO TO http://www.mybotnet.somerussianwebsite.com/just-for-morons/drive-by-windows-malware/google-advert/really-dumb-fucks/specially-designed-for-nigerians/click-me-page.asp

  18. Re:2012 cheap Air jordan shoes(1-24) sale by wonkey_monkey · · Score: 0

    Is he demonstrating the ... Slashdot bug that turns text into clickable links?

    --
    systemd is Roko's Basilisk.
  19. Wait for the conference by PPH · · Score: 2

    I'm sure this will attract more attention to the MalCon tent.

    --
    Have gnu, will travel.
  20. i know one and im not telling either by Anonymous Coward · · Score: 0

    haha
    not everyone requires money google.....

    1. Re:i know one and im not telling either by Anonymous Coward · · Score: 0

      i have a photo of you shoving a shit-stained dildo in your mouth

      if you want to make sure it doesn't get out, it will cost you $60k

  21. Four out of five U.S. Presidents by tepples · · Score: 0

    Never trust a guy with 7+ vowels in his name...

    Do you know how easy it'd be for someone with a middle name to trip that heuristic? By that measure, you'd trust only one of the last five U.S. Presidents.

    • Ronald Wilson Reagan: oaioeaa (7)
    • George Herbert Walker Bush: eoeeeaeu (8)
    • William Jefferson Clinton: iiaeeoio (8)
    • George Walker Bush: eoeaeu (6)
    • Barack Hussein Obama: aaueioaa (8)
    1. Re:Four out of five U.S. Presidents by fahrbot-bot · · Score: 1

      Never trust a guy with 7+ vowels in his name...

      Do you know how easy it'd be for someone with a middle name to trip that heuristic? By that measure, you'd trust only one of the last five U.S. Presidents.

      • Ronald Wilson Reagan: oaioeaa (7)
      • George Herbert Walker Bush: eoeeeaeu (8)
      • William Jefferson Clinton: iiaeeoio (8)
      • George Walker Bush: eoeaeu (6)
      • Barack Hussein Obama: aaueioaa (8)

      Your point being?

      But apples vs. oranges anyway. I don't know Ucha Gobejishvili's middle name (if he even has one), else I might have upped the minimum number, if I hadn't been completely joking... Though 7 vowels in just a first+last name seems excessive; I blame his parents.

      --
      It must have been something you assimilated. . . .
  22. This guy's a clown. by Anonymous Coward · · Score: 0

    Read this guy's bug reports to Google, they're hilarious. No understanding of basic security concepts, and comments like "will I still get a bounty for this?" which make it obvious he's just a bounty hunter, and not a very good one at that.

    No, I'll trust this guy about as far as I can comfortably spit out a water buffalo.

  23. Giving MalCon a bad name by brunes69 · · Score: 1

    I can't believe MalCon is letting this guy present based on the other examples posted in this story of how clueless this guy is. If I was running MalCon I would DEMAND evidence of an actual exploit before agreeing that he be allowed to present anything this stupid and discredit the whole conference.

  24. Stephanie Peterson by tepples · · Score: 1

    if I hadn't been completely joking

    For me, it was just a fun thought exercise to see how your heuristic held up against real-world American names or otherwise plausible anglophone names like Stephanie Peterson: eaieeeo (7).

    Though 7 vowels in just a first+last name seems excessive; I blame his parents.

    For one thing, different languages have different standards for a last name. Russian, for example, has lots of surnames that carry the suffix "-ov" (fem. "-ova"), "-ev" (fem. "-eva") or "-in" (fem. "-ina"). Greek has the suffix "-opoulos", which corresponds to English "-son" but has four vowels by itself. I just wanted to make sure your joke wasn't made out of racism. We're already getting enough racist jokes about "Black" Friday discounts.

    1. Re:Stephanie Peterson by fahrbot-bot · · Score: 1

      Dude(tte?). You have *way* too much free time. Although, I wish you had been in my college Semantics class way back when, instead of the lazy ass-clowns (hyphen intentional) who took it looking for an easy grade. I had to wait until after class to ask the professor any serious questions to avoid the ire of my classmates.

      Racism? Vowels don't see race, color, gender, etc ... - or orientation, though that (sometimes) "Y" is a little sketchy. Sure, maybe after a little wine... :-)

      BTW. Your example, "Stephanie Peterson?" Google didn't really clear that up for me: makeup artist, model, Psych professor ... ?

      --
      It must have been something you assimilated. . . .
    2. Re:Stephanie Peterson by mgcarley · · Score: 1

      Georgian names aren't entirely dissimilar: "-shvili" is like "child of" (sort of like the Icelandic "-sson" or "-sonur"), and I wouldn't be surprised if "Gobeji" was the name of a village or something.

      --
      Founder & COO, Hayai India (hayai.in) / USA (hayaibroadband.com) // t: @mgcarley
  25. jeez - why didn't by Anonymous Coward · · Score: 0

    you say "windoze" up front? those people wouldn't expect anything less

  26. Re:2012 cheap Air jordan shoes(1-24) sale by crutchy · · Score: 0

    next there will be slashdot iframe injection rootkits :)

  27. esse pesquisador irá ganhar muito dinheiro by Anonymous Coward · · Score: 0

    There are nevegadores 100% safe, but certainly this researcher will make lots of money with this descobeta.

    http://www.truedicas.com