Oct 4, 2006

[Firefox] Javascript Hack Hoax

Last week, CNet News reported that two hackers at the Toorcon hacker conference claimed to have found a vulnerability in Firefox that would allow a user's PC to be compromised. Supposedly, the error was related to the manner in which the open source browser handles Javascript.

Washington Post ImagesA lot of folks in the tech world, including Window Synder who is head of security strategy for Mozilla, were already irked with the manner in which the presentation was handled given their demonstration practically acted as a how-to guide for other hackers to exploit the flaw rather than to act as a responsible presentation of a potential security flaw as compared to how other groups like Black Hat handle such discoveries. In addition, they pair also claimed to know of at least 30 other related flaws in the browser they were not planning on revealing at this time.

Enter this week and it turns out the flaw isn't as bad as originally reported. Articles are now streaming in that it turns out hackers are only able to crash Firefox but not control the user's system sufficient in order to install spyware. Mischa Spiegmock, the Toorcon speaker, issued this statement to Mozilla admiting that they could not actually control a user's PC and neither did they know of 30 or so vulnerabilities. Mischa pretty much distanced himself from his partner at the time, an individual known as "Andrew Wbeelsoi."

The reason for all this hullabaloo? Mischa claimed in his statement that the purpose of the talk was to be humours somehow. Given how the media had initially covered this supposed revelation, let's see who'll be laughing now.

No comments:

Post a Comment