Dude did you get your PhD at K-Mart or are you just retarded? It
seems like maybe Dr. Chris and Dr. Neal are the real trolls in this
joke of an 'industry'...
_Joey
Qualifications (in order of descending worthlessness):
Certified Drive by Pharming Expert / CISSP / PhD
On Wed, 30 May 2007 14:12:44 -0400 "Dr. Neal Krawetz PhD"
<neal@krawetz.org> wrote:
Gobbles aka n3td3v,
Please stop harassing aspiring young PhD students on this list.
I speak for everyone in this community when I say that we are all
tired
of your shenanigans and that it is time for you to grow up.
Clearly
you do not have a PhD, and to the best of my knowledge you are not
actively pursuing one, and therefor have no voice in computer
security.
To my fans: I have just finished reading Niels Provos' work from
2001,
and plan on presenting a summary of these dated works at Blackhat
2007
this summer. I look forward to seeing you all there!
Dr. Neal Krawetz, PhD
http://www.hackerfactor.com/
http://www.krawetz.org/
On Wed, May 30, 2007 at 11:57:59AM -0400, Joey Mengele wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello List,
------------------------------------
Frequently Asked Questions
------------------------------------
Q: Who is at risk?
A: Anyone who has installed the Firefox Web Browser and one or
more
vulnerable extensions. These include, but are not limited to:
Google
Toolbar, Google Browser Sync, Yahoo Toolbar, Del.icio.us
Extension,
Facebook Toolbar, AOL Toolbar, Ask.com Toolbar, LinkedIn
Browser
Toolbar, Netcraft Anti-Phishing Toolbar, PhishTank SiteChecker.
Don't you mean anyone who has these installed and is using a
rogue
or compromised DNS server?
Q: How many people are at risk?
A: Millions. Exact numbers for each toolbar/extension are not
released
by the vendors. Google Toolbar, which is one of the most
popular
of
the vulnerable extensions, is installed as part of the download
process with WinZip, RealNetworks' Real Player and Adobe's
Shockwave.
Google publicly pays website publishers $1 for each copy of
Firefox +
Google Toolbar that customers download and install through a
publisher's website.
Google confirmed in 2005 that their toolbar product's user base
was
"in the millions". Given the number of distribution deals that
have
been signed, the number of users can only have grown in size
since.
Oh stop being such a drama queen. Are you suggesting "millions"
have their DNS compromised and their home routers owned? Isn't
this
bug rather inconsequential for these people anyway?
Q: When am I at risk?
A: When you use a public wireless network, an untrusted
Internet
connection, or a wireless home router with the default password
set.
Duh. You don't need to be running some silly toolbar to be at
risk
in this scenario.
Q: What can I do to reduce my risk?
A: Users with wireless home routers should change their
password
to
something other than the default.
Are you really suggesting wide scale wireless home router
compromise? Is there an army of hacker dudes driving around
compromising unprotected wireless routers in the millions that I
am
not aware of? Surely the Security Focus PharmConMeter(TM) would
have alerted me if this were the case!
Q: Why is this attack possible?
A: The problem stems from design flaws, false assumptions, and
a
lack
of solid developer documentation instructing extension authors
on
the
best way to secure their code.
See also "because your DNS server is owned"
----------------------------------
Description Of Vulnerability
----------------------------------
Blabla, you are a technical genius. Let's move on Dr. Chris.
-----------------------------------
When Are Users Vulnerable
-----------------------------------
Users are most vulnerable to this attack when they cannot trust
their
domain name server. Examples of such a situation include:
* Using a public or unencrypted wireless network.
* Using a network router (wireless or wired) at home that
has
been
infected/hacked through a drive by pharming attack. This
particular
risk can be heavily reduced by changing the default password on
your
home router.
Hahahahahahha. Drive by pharming. What a fucking joke. This
industry is the best.
------------------------
Fixing The Problem
------------------------
The number of vulnerable extensions is more lengthy than those
listed
in this document. Until vendors have fixed the problems, users
should
remove/disable all Firefox extensions except those that they
are
sure
they have downloaded from the official Firefox Add-ons website
(https://addons.mozilla.org). If in doubt, delete the
extension,
and
then download it again from a safe place.
No way dude, use The Internet Explorer!
---------------------------------------------------------
Self Disclosure/Conflict of Interest Statement
---------------------------------------------------------
Christopher Soghoian is a PhD student in the School of
Informatics
at
Indiana University. He is a member of the Stop Phishing
Research
Group. His research is focused in the areas of phishing, click-
fraud,
search privacy and airport security. He has worked an intern
with
Google, Apple, IBM and Cybertrust. He is the co-inventor of
several
pending patents in the areas of mobile authentication, anti-
phishing,
and virtual machine defense against viruses. His website is
http://www.dubfire.net/chris/ and he blogs regularly at
http://paranoia.dubfire.net
Impressive. The scholarly source Wikipedia [1] says you are also
that guy that made boarding passes for Al Qaeda? Kudos.
Information on this vulnerability was disclosed for free to the
above
listed vendors.
Oi! Such a deal.
_Joey
[1] http://en.wikipedia.org/wiki/Christopher_Soghoian
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at
https://www.hushtools.com/verify
Version: Hush 2.5
wpwEAQECAAYFAkZdngYACgkQbnLzJSXnVjORJgP/e8QL9VRf4EsTEbkg91b8+J86wf1
P
3eYeDo7toYMiT7dV/mKgMSzO3XNVmgKrlrBafiieGxbaOFL1Spu5wKiz04G8DiQs5D7
y
vbWeQe6o68NYwCikyE4Ed5Hs7EWJFz+6R86x0KfQ3Nn+P3L/tnssUhkmMXHeGCOLZgV
i
CVVCzxM=
=Zd4G
-----END PGP SIGNATURE-----
--
Click for free info on business schools and make $150K/ year
http://tagline.hushmail.com/fc/CAaCXv1I6ylOR9cWSogD0jO1TmrlUWwa/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
--
Love Graphic Design? Find a school near you. Click Now.
http://tagline.hushmail.com/fc/CAaCXv1amK7RowNERVRIM56cQDM4rJzZ/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
