Gobbles aka n3td3v, Please stop harassing aspiring young PhD students on this list.
I speak for everyone in this community when I say that we are all tired of your shenanigans and that it is time for you to grow up. Clearly you do not have a PhD, and to the best of my knowledge you are not actively pursuing one, and therefor have no voice in computer security. To my fans: I have just finished reading Niels Provos' work from 2001, and plan on presenting a summary of these dated works at Blackhat 2007 this summer. I look forward to seeing you all there! Dr. Neal Krawetz, PhD http://www.hackerfactor.com/ http://www.krawetz.org/ On Wed, May 30, 2007 at 11:57:59AM -0400, Joey Mengele wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hello List, > > > > >------------------------------------ > >Frequently Asked Questions > >------------------------------------ > > > >Q: Who is at risk? > > > >A: Anyone who has installed the Firefox Web Browser and one or > >more > >vulnerable extensions. These include, but are not limited to: > >Google > >Toolbar, Google Browser Sync, Yahoo Toolbar, Del.icio.us > >Extension, > >Facebook Toolbar, AOL Toolbar, Ask.com Toolbar, LinkedIn Browser > >Toolbar, Netcraft Anti-Phishing Toolbar, PhishTank SiteChecker. > > > > Don't you mean anyone who has these installed and is using a rogue > or compromised DNS server? > > >Q: How many people are at risk? > > > >A: Millions. Exact numbers for each toolbar/extension are not > >released > >by the vendors. Google Toolbar, which is one of the most popular > >of > >the vulnerable extensions, is installed as part of the download > >process with WinZip, RealNetworks' Real Player and Adobe's > >Shockwave. > >Google publicly pays website publishers $1 for each copy of > >Firefox + > >Google Toolbar that customers download and install through a > >publisher's website. > > > >Google confirmed in 2005 that their toolbar product's user base > >was > >"in the millions". Given the number of distribution deals that > >have > >been signed, the number of users can only have grown in size > >since. > > > > Oh stop being such a drama queen. Are you suggesting "millions" > have their DNS compromised and their home routers owned? Isn't this > bug rather inconsequential for these people anyway? > > >Q: When am I at risk? > > > >A: When you use a public wireless network, an untrusted Internet > >connection, or a wireless home router with the default password > >set. > > > > Duh. You don't need to be running some silly toolbar to be at risk > in this scenario. > > >Q: What can I do to reduce my risk? > > > >A: Users with wireless home routers should change their password > >to > >something other than the default. > > > > Are you really suggesting wide scale wireless home router > compromise? Is there an army of hacker dudes driving around > compromising unprotected wireless routers in the millions that I am > not aware of? Surely the Security Focus PharmConMeter(TM) would > have alerted me if this were the case! > > > > >Q: Why is this attack possible? > > > >A: The problem stems from design flaws, false assumptions, and a > >lack > >of solid developer documentation instructing extension authors on > >the > >best way to secure their code. > > > > See also "because your DNS server is owned" > > >---------------------------------- > >Description Of Vulnerability > >---------------------------------- > > > > Blabla, you are a technical genius. Let's move on Dr. Chris. > > > > >----------------------------------- > >When Are Users Vulnerable > >----------------------------------- > > > >Users are most vulnerable to this attack when they cannot trust > >their > >domain name server. Examples of such a situation include: > > > > * Using a public or unencrypted wireless network. > > > > * Using a network router (wireless or wired) at home that has > >been > >infected/hacked through a drive by pharming attack. This > >particular > >risk can be heavily reduced by changing the default password on > >your > >home router. > > > > Hahahahahahha. Drive by pharming. What a fucking joke. This > industry is the best. > > > > >------------------------ > >Fixing The Problem > >------------------------ > > > > > >The number of vulnerable extensions is more lengthy than those > >listed > >in this document. Until vendors have fixed the problems, users > >should > >remove/disable all Firefox extensions except those that they are > >sure > >they have downloaded from the official Firefox Add-ons website > >(https://addons.mozilla.org). If in doubt, delete the extension, > >and > >then download it again from a safe place. > > > > No way dude, use The Internet Explorer! > > > >--------------------------------------------------------- > >Self Disclosure/Conflict of Interest Statement > >--------------------------------------------------------- > > > > > >Christopher Soghoian is a PhD student in the School of Informatics > >at > >Indiana University. He is a member of the Stop Phishing Research > >Group. His research is focused in the areas of phishing, click- > >fraud, > >search privacy and airport security. He has worked an intern with > >Google, Apple, IBM and Cybertrust. He is the co-inventor of > >several > >pending patents in the areas of mobile authentication, anti- > >phishing, > >and virtual machine defense against viruses. His website is > >http://www.dubfire.net/chris/ and he blogs regularly at > >http://paranoia.dubfire.net > > > > Impressive. The scholarly source Wikipedia [1] says you are also > that guy that made boarding passes for Al Qaeda? Kudos. > > > > >Information on this vulnerability was disclosed for free to the > >above > >listed vendors. > > > > Oi! Such a deal. > > _Joey > > [1] http://en.wikipedia.org/wiki/Christopher_Soghoian > -----BEGIN PGP SIGNATURE----- > Note: This signature can be verified at https://www.hushtools.com/verify > Version: Hush 2.5 > > wpwEAQECAAYFAkZdngYACgkQbnLzJSXnVjORJgP/e8QL9VRf4EsTEbkg91b8+J86wf1P > 3eYeDo7toYMiT7dV/mKgMSzO3XNVmgKrlrBafiieGxbaOFL1Spu5wKiz04G8DiQs5D7y > vbWeQe6o68NYwCikyE4Ed5Hs7EWJFz+6R86x0KfQ3Nn+P3L/tnssUhkmMXHeGCOLZgVi > CVVCzxM= > =Zd4G > -----END PGP SIGNATURE----- > > -- > Click for free info on business schools and make $150K/ year > http://tagline.hushmail.com/fc/CAaCXv1I6ylOR9cWSogD0jO1TmrlUWwa/ > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/