Iria

Source: News.com
______
SAN DIEGO, Calif.--The open-source Firefox Web browser is critically flawed in the way it handles JavaScript, two hackers said Saturday afternoon.

An attacker could commandeer a computer running the browser simply by crafting a Web page that contains some malicious JavaScript code, Mischa Spiegelmock and Andrew Wbeelsoi said in a presentation at the ToorCon hacker conference here. The flaw affects Firefox on Windows, Apple Computer's Mac OS X and Linux, they said.

TheBlackCat

Looks like it is finally time to install scriptblock.

These guys are serious evil people, though. Laughing in the face of someone asking you merely not hurt other people, instead telling him that is precisely your plan and there is nothing he can do to stop you. Just evil, there is no other way to describe it.

__________________
[color=#000000]There is always an easy solution to every human problem—neat, plausible and wrong.[/color]
-H. L. Mencken

Rayder

It seems to me that the authorities should storm these "hacker conventions" and bust them all.

Treat them as world terrorists. I'm sure not ALL of them are evil, but if they know something, they should be FORCED to disclose that info or risk some jail time.

Maybe I'm just not understanding something that allows those people to hold conventions for hacking.....

dj_stick

it's better they find the flaws and let us + the companies know rather than releasing exploits…

__________________

TheBlackCat

That's the point. They want to release exploits because they want to hackers to attack people. They are not doing this in spite of the fact that it might be used by hackers, they are doing it with the express purpose of getting hackers to use it for malicious purposes.

__________________
[color=#000000]There is always an easy solution to every human problem—neat, plausible and wrong.[/color]
-H. L. Mencken

YAYitsAndrew

One thing that's nice about this is that it will shut up those firefox diehards that think their browser is any safer than IE. The exploits go where the marketshare is going.

If you want to use the most secure browser right now, then that is Opera. Secunia's advisory reports from the last two years will tell you this and those are hard facts.

You can use firefox for the plugins, or because all your friends are using it and you think it makes you cool, but you can't use it and make fun of IE for being insecure. Not when you aren't using the most secure web browser to date.

www.opera.com

__________________
"It is because the resistance to paying for copyrighted material, although often characterized as arising from a supposed technical burden or principled concern for the public interest, arises rather from exactly the same segment of the brain that is dominant in shoplifters."
- Mark Helprin, Digital Barbarism
In other words, it's never okay to steal even if you think you have a good reason!

www.yayitsandrew.com

Erroneus

Ehm no it will not shut us up and you want to know why? Because MS is about avg. 10 days to fix a critically flaw, while Mozilla does it in 1 day (Opera two days). There will always be flaws in Firefox, and since it's open source, hackers can easly scope for flaws, but at the same time it also means that bugs can be fixed fast.

I agree though Opera is more secure, to bad it doesn't have the same extension possibilities as Firefox.

__________________

temeteus82

Hmm... this might bee the reason that I get po-ups in firefox that some programs want to use my dial-up link to go online :P

__________________

ChrisW

These people are not finding an existing flaw in the software. They are devising a new way to exploit the software. They are not trying to help us by exposing a flaw to be fixed. The fact of the matter is there is an infinite number of ways to exploit the software, no matter how well written. The problem is not that holes exist...the problem is the fact that there are people looking for new ways to exploit the software. The hackers are the problem, not the solution.

YAYitsAndrew

Your numbers seem a little off from secunia's reports. Opera tends to fix the highest risk vulnerabilities faster than firefox despite being closed source.
http://www.webdevout.net/security_summary.php

Like I said in another thread about this though, the numbers for firefox and opera are too close to really mean anything. The only conclusion I can come to is that when it comes to security, open source and closed source make very little difference with the right team. (I suppose IE has the wrong team)

__________________
"It is because the resistance to paying for copyrighted material, although often characterized as arising from a supposed technical burden or principled concern for the public interest, arises rather from exactly the same segment of the brain that is dominant in shoplifters."
- Mark Helprin, Digital Barbarism
In other words, it's never okay to steal even if you think you have a good reason!

www.yayitsandrew.com