I consider that exploiting a users stupidity, not their computer.
Edited by Zero, 18 March 2005 - 10:41 AM.
WE'RE SURE THAT YOU'LL LOVE US!
Hey there! 
Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. 
Join 93122 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.
Try What the Tech -- It's free!
Theory
Started by
Coyote
, Mar 04 2005 10:10 AM
116 replies to this topic
#76
Zero
-
- Authentic Member
-
- 268 posts
Not really Less Than One ;-)
- Interests:Long walks on the beach.
Posted 18 March 2005 - 10:40 AM
I consider that exploiting a users stupidity, not their computer.
Register to Remove
#77
Guest_Paperghost_*
Guest_Paperghost_*
-
- Guests
Posted 18 March 2005 - 12:23 PM
Kevin Mitnick would disagree? Sorry but me and some fellow IRCrs had a good laugh with that.
...and that proves the validity of your argument how?
I know what a hacker is, Ive read Richard Stallman head to toe.
Again, I stand corrected.
Im not a fool with 'hacking'. I know about social engineering. I own Kevins 'Art of Deception', I've read about bank scams etc but that has little to do with the topic at hand.
You should know, because Kevin's book has vast swathes of examples of social engineers using the exploitation of trust - just like the java applet - to con banks, companies and videostores, to name but a few.
Its great that you own all these books - I do too. Though just because you've read about them doesn't mean you necessarily know anything about "being" a hacker. Have you actually ever been a hacker and experienced it first hand?
Funny you should say that. I suppose you don’t know how slashdot works. Let me elaborate. Users from around the world submit stories to slashdot linking to various news sites such as cnn (which is a very big news source fyi), news.com.com, zdnet, tomshardware, among other valuable news sites. It’s a collaboration of people from around the world. This is how I get new from many different sources, a very well put together site for 'news for nerds', kid.
Thanks for pointing out that CNN is a big news source. Let me tell you how slashdot works - link to article gets posted, bunch of tech-geeks dive on said site, go back to slashdot and rate each others clever comments rather than discuss the issue at hand then move onto another site.
I should been know, my sites been slashdotted quite a few times.
Though funnily enough the debate there on this topic (from what i saw) was a lot more intelligent than the last time i was featured. They made some good points.
I see you never remarked on how some internet users can be idiotic. Do you agree or ignore it?
Generally, teachers don't call those they are trying to educate "stupid". At least, not the good ones.
2 : to make use of meanly or unjustly for one's own advantage
I consider that exploiting a users stupidity, not their computer.
A computer doesn't do very much of anything without a user, unless you have access to a PC that does all its own surfing. The fact that you said that makes me think you skipped quite a few sections of Kevin's book, so you'd best go back and check it out. It gets good towards the end
#78
aad
-
- New Member
-
- 6 posts
New Member
Posted 18 March 2005 - 12:29 PM
I will add that the exploit WOULD work on Linux. The reason "nothing happened" (as one user put it) is because A win32 executable is not going to run on Linux. And with that in mind...
Bingo!!!! "A Win32 executable it not going to run on Linux."
For years people have been saying that malware/Trojans/viruses,etc., can work with Linux. Yes, viruses/trojans(malware??? not sure have not seen a linux based malware/spyware) have been created to run on Linux, but these have been quickly contained and have not quickly spread to the extent Windows based viruses and Trojans have spread.
http://www.theregist...indows_viruses/
http://www.nuneaton....e=article&sid=3
O.k., for all intensive persons, I admit I am a total Moron when it comes to this issue, so perhaps someone can explain this to me. Assuming that the exploit(or whatever you choose to call it) is adapted to work in Linux. Now, I pop in a Linux Live CD, access the questionable site with FirFox, and allow Java applet permission. Now, I assume some of my files would have to be permanenly modified in order for the Malware/Trojan to take a permanent footing. So, how does this happen with a Linux Live "read only" CD Distro??? Let's see once this happens, I exit out of the browser, remove my CD and reboot my computer into Windows. The next time I put in the Live CD and access the Internet, my settings have reverted to default.
Risk of these kinds of things will always exist as long as people access the Internet. That is fact, regardless of what you use. Overall, as far as risk goes, risk will always be higher with Windows OS's as we have seen time and time again. To be 100% risk free don't log onto the Internet. To minimize your risk, switch to Linux or supplement your Windows OS with Linux(to access the internet). We can either try to take some preventative measures to reduce risk or depend on others to provide a fix.
Bingo!!!! "A Win32 executable it not going to run on Linux."
For years people have been saying that malware/Trojans/viruses,etc., can work with Linux. Yes, viruses/trojans(malware??? not sure have not seen a linux based malware/spyware) have been created to run on Linux, but these have been quickly contained and have not quickly spread to the extent Windows based viruses and Trojans have spread.
http://www.theregist...indows_viruses/
http://www.nuneaton....e=article&sid=3
O.k., for all intensive persons, I admit I am a total Moron when it comes to this issue, so perhaps someone can explain this to me. Assuming that the exploit(or whatever you choose to call it) is adapted to work in Linux. Now, I pop in a Linux Live CD, access the questionable site with FirFox, and allow Java applet permission. Now, I assume some of my files would have to be permanenly modified in order for the Malware/Trojan to take a permanent footing. So, how does this happen with a Linux Live "read only" CD Distro??? Let's see once this happens, I exit out of the browser, remove my CD and reboot my computer into Windows. The next time I put in the Live CD and access the Internet, my settings have reverted to default.
Risk of these kinds of things will always exist as long as people access the Internet. That is fact, regardless of what you use. Overall, as far as risk goes, risk will always be higher with Windows OS's as we have seen time and time again. To be 100% risk free don't log onto the Internet. To minimize your risk, switch to Linux or supplement your Windows OS with Linux(to access the internet). We can either try to take some preventative measures to reduce risk or depend on others to provide a fix.
Edited by aad, 18 March 2005 - 12:30 PM.
#79
Avohir
-
- Authentic Member
-
- 12 posts
basic
Posted 18 March 2005 - 12:30 PM
I wouldn't touch this debate with a 10 foot pole, but I would like to point out that the definition of exploit that efwis provided is the verb: "to exploit" not the noun, which is the subject of the debate here...
*retreats into the shadows*
To err is human, to really foul up requires a computer
#80
Zero
-
- Authentic Member
-
- 268 posts
Not really Less Than One ;-)
- Interests:Long walks on the beach.
Posted 18 March 2005 - 01:15 PM
"...and that proves the validity of your argument how?"
A nice form of humor.
"You should know, because Kevin's book has vast swathes of examples of social engineers using the exploitation of trust - just like the java applet - to con banks, companies and videostores, to name but a few."
In the example of the applet presented, you are given more than enough information to come to the conclusion the applet is bad. Claiming to be someone you are not is different as the applet tells you its bad unless the user is blind or has no eyes.
"Though just because you've read about them doesn't mean you necessarily know anything about "being" a hacker. Have you actually ever been a hacker and experienced it first hand?"
Yes, I am a hacker. I modify code, I write code. I have played practical jokes.
"Let me tell you how slashdot works - link to article gets posted, bunch of tech-geeks dive on said site, go back to slashdot and rate each others clever comments rather than discuss the issue at hand then move onto another site."
*cough* steriotyping *cough*. Slashdot gets an average of something like 500, 000 hits a dat, do you see 500, 000 comments posted? No because people go their for the articles, not neccesarily to as you so eloquently put it "rate each others clever comments".
"Generally, teachers don't call those they are trying to educate "stupid". At least, not the good ones."
Truth hurts. Users are idiots, they do idiotic things. If the world had no idiots, there would be no anti-viruses or firewalls or security applications.
and I repeat, if a user is presented with as much information in that applet and they still click yes, its an exploit of human stupidity.
"I will add that the exploit WOULD work on Linux. The reason "nothing happened" (as one user put it) is because A win32 executable is not going to run on Linux"
Run the exploit in wine and get back to me.
"Bingo!!!! "A Win32 executable it not going to run on Linux."
See above.
Edited by Zero, 18 March 2005 - 01:21 PM.
#81
Guest_Paperghost_*
Guest_Paperghost_*
-
- Guests
Posted 18 March 2005 - 02:04 PM
[quote]Truth hurts. Users are idiots, they do idiotic things. If the world had no idiots, there would be no anti-viruses or firewalls or security applications.[/quote]
...which proves you can't possibly work (in the paid sense) in the security field. A piece of zero-day worm code, out in the wild, does not exploit human "stupidity" in the sense that its tricking an end-user into letting it run. It finds a box that cannot handle the threat as no defence exists for it yet and then nails it.
Firewalls can be used to cut down on excess noise amongst other things, depending on the implementation used. They are not always just about "stopping the nasty hackers".
And what of a hardware firewall sitting on a network protecting a bunch of servers? that firewall hasnt got anything to do with idiots - it just sits there.
Unless of course, you mean the idiots are the hackers, in which case i agree with you
Bottom line - theres more to security than just "user stupidity" (which is all you seem to infer is the root cause of security problems - im sure you consider other things to be a threat, but it does seem to be your main focal point).
And - seeing as the base of your defence of firefox in all this is that this isnt an "exploit" - if you want semantics then:
[quote]This is not an exploit![/quote]
[quote]An exploit (which this clearly is not the case)[/quote]
[quote]There is no possible way this is an exploit.[/quote]
[quote]Doesent mean its an exploit.[/quote]
[quote]Its not an exploit, it never was an exploit, it may be an exploit in the future if they rid themselves of the applet, btu for now it remain not an exploit.[/quote]
That's funny, because you just said...and i quote...
[quote]Run the exploit in wine and get back to me.[/quote]
Either it is an exploit, or it isn't - but considering you seem to take issue with using the word....why are you now using it?
Incidentally, I found some other examples where you referred to this exploit and i take issue with this one in particular:
[quote]Exploits are NOT this user friendly.[/quote]
I beg to differ. Most pieces of social engineering would fall flat on their face if they weren't exactly that.
And, on the subject of Wine - one final point to note.
[quote]Paperghost: A Win32 executable it not going to run on Linux.[/quote]
[quote]Zero: Run the exploit in wine and get back to me.[/quote]
I can only assume you ran out and quickly discovered the joys of wine to "prove" a rather spurious point, as you only posted the below yesterday!:
[quote]Zero: Funny. I dont recall saying anything about Linux, however, I use Linux all the time, and im willing to bet more than you do. I have tried the exploit on Linux -- nothing happens.[/quote]
A pretty quick change of mind, I'm sure you'll agree
EDIT - i have no idea why the quote function doesnt seem to be working.
Also edited a sentence that made no sense.
...which proves you can't possibly work (in the paid sense) in the security field. A piece of zero-day worm code, out in the wild, does not exploit human "stupidity" in the sense that its tricking an end-user into letting it run. It finds a box that cannot handle the threat as no defence exists for it yet and then nails it.
Firewalls can be used to cut down on excess noise amongst other things, depending on the implementation used. They are not always just about "stopping the nasty hackers".
And what of a hardware firewall sitting on a network protecting a bunch of servers? that firewall hasnt got anything to do with idiots - it just sits there.
Unless of course, you mean the idiots are the hackers, in which case i agree with you
Bottom line - theres more to security than just "user stupidity" (which is all you seem to infer is the root cause of security problems - im sure you consider other things to be a threat, but it does seem to be your main focal point).
And - seeing as the base of your defence of firefox in all this is that this isnt an "exploit" - if you want semantics then:
[quote]This is not an exploit![/quote]
[quote]An exploit (which this clearly is not the case)[/quote]
[quote]There is no possible way this is an exploit.[/quote]
[quote]Doesent mean its an exploit.[/quote]
[quote]Its not an exploit, it never was an exploit, it may be an exploit in the future if they rid themselves of the applet, btu for now it remain not an exploit.[/quote]
That's funny, because you just said...and i quote...
[quote]Run the exploit in wine and get back to me.[/quote]
Either it is an exploit, or it isn't - but considering you seem to take issue with using the word....why are you now using it?
Incidentally, I found some other examples where you referred to this exploit and i take issue with this one in particular:
[quote]Exploits are NOT this user friendly.[/quote]
I beg to differ. Most pieces of social engineering would fall flat on their face if they weren't exactly that.
And, on the subject of Wine - one final point to note.
[quote]Paperghost: A Win32 executable it not going to run on Linux.[/quote]
[quote]Zero: Run the exploit in wine and get back to me.[/quote]
I can only assume you ran out and quickly discovered the joys of wine to "prove" a rather spurious point, as you only posted the below yesterday!:
[quote]Zero: Funny. I dont recall saying anything about Linux, however, I use Linux all the time, and im willing to bet more than you do. I have tried the exploit on Linux -- nothing happens.[/quote]
A pretty quick change of mind, I'm sure you'll agree
EDIT - i have no idea why the quote function doesnt seem to be working.
Also edited a sentence that made no sense.
Edited by Paperghost, 18 March 2005 - 02:23 PM.
#82
Zero
-
- Authentic Member
-
- 268 posts
Not really Less Than One ;-)
- Interests:Long walks on the beach.
Posted 18 March 2005 - 02:30 PM
"...which proves you can't possibly work (in the paid sense) in the security field. A piece of zero-day worm code, out in the wild, does not exploit human "stupidity" in the sense that its tricking an end-user into letting it run. It finds a box that cannot handle the threat as no defence exists for it yet and then nails it."
A zero-day worm exploits a machine (no user interaction required). The blaster worm is a perfect example.
If users were not idiotic, there would be no need for security applications. A lot of intelligent people go without firewalls and antiviruses. (the creator of filezilla has no need for either of them so he says, and his box is fine). EDIT: A lot of intelligent people do go with security applications, please note im not saying people who use security applications are idiots.
"Bottom line - theres more to security than just "user stupidity" (which is all you seem to infer is the root cause of security problems - im sure you consider other things to be a threat, but it does seem to be your main focal point)."
Yes, there is more to security then human stupidity, however, it plays a large role in security. The main root in my opinion, is idiots which yes I mean computer intruders (I wont use the term 'hacker') and the end user. Do not like the term idiot? Heres a few others: lockhead, dimwit, dumb, dumbbell, dunce, fool, halfwit, ignoramus, imbecile, etc.
"Either it is an exploit, or it isn't - but considering you seem to take issue with using the word....why are you now using it?"
Should be in quotations "exploits" -- none the less, you know my opinion, now you're just being picky and trying to rip my sentences apart.
"I beg to differ. Most pieces of social engineering would fall flat on their face if they weren't exactly that."
Go to securityfocus. I can post many exploits here that give the user no warning, but then that would be foolish for some users would click them. Im not talking of Social Engineering (Term used among crackers and samurai for cracking
techniques that rely on weaknesses in wetware rather than
software).
"I can only assume you ran out and quickly discovered the joys of wine to "prove" a rather spurious point, as you only posted the below yesterday!:
Zero: Funny. I dont recall saying anything about Linux, however, I use Linux all the time, and im willing to bet more than you do. I have tried the exploit on Linux -- nothing happens."
Yes. I ran the exploit under linux nothing happens, nothing will happen, run it under WINE and something will. There is a difference between WINE and LINUX. Wine is a windows emulator, Linux is a whole different operating system, just so you know. I said it would not run under Linux and I said it would under wine, note there is a difference.
A zero-day worm exploits a machine (no user interaction required). The blaster worm is a perfect example.
If users were not idiotic, there would be no need for security applications. A lot of intelligent people go without firewalls and antiviruses. (the creator of filezilla has no need for either of them so he says, and his box is fine). EDIT: A lot of intelligent people do go with security applications, please note im not saying people who use security applications are idiots.
"Bottom line - theres more to security than just "user stupidity" (which is all you seem to infer is the root cause of security problems - im sure you consider other things to be a threat, but it does seem to be your main focal point)."
Yes, there is more to security then human stupidity, however, it plays a large role in security. The main root in my opinion, is idiots which yes I mean computer intruders (I wont use the term 'hacker') and the end user. Do not like the term idiot? Heres a few others: lockhead, dimwit, dumb, dumbbell, dunce, fool, halfwit, ignoramus, imbecile, etc.
"Either it is an exploit, or it isn't - but considering you seem to take issue with using the word....why are you now using it?"
Should be in quotations "exploits" -- none the less, you know my opinion, now you're just being picky and trying to rip my sentences apart.
"I beg to differ. Most pieces of social engineering would fall flat on their face if they weren't exactly that."
Go to securityfocus. I can post many exploits here that give the user no warning, but then that would be foolish for some users would click them. Im not talking of Social Engineering (Term used among crackers and samurai for cracking
techniques that rely on weaknesses in wetware rather than
software).
"I can only assume you ran out and quickly discovered the joys of wine to "prove" a rather spurious point, as you only posted the below yesterday!:
Zero: Funny. I dont recall saying anything about Linux, however, I use Linux all the time, and im willing to bet more than you do. I have tried the exploit on Linux -- nothing happens."
Yes. I ran the exploit under linux nothing happens, nothing will happen, run it under WINE and something will. There is a difference between WINE and LINUX. Wine is a windows emulator, Linux is a whole different operating system, just so you know. I said it would not run under Linux and I said it would under wine, note there is a difference.
Edited by Zero, 18 March 2005 - 02:32 PM.
#83
Guest_Paperghost_*
Guest_Paperghost_*
-
- Guests
Posted 18 March 2005 - 02:42 PM
"There is a difference between WINE and LINUX. Wine is a windows emulator, Linux is a whole different operating system"
Which doesnt really make your point any clearer - youre saying they are both different (which they are) in that statement, yet in response to me saying "a win32 binary won't work on linux" you said "it works on Wine!" to assert the validity of your argument!
You can't class wine as both different and the same in order to fit your point at the time. or to put i another way, you cant class Wine as linux and then effectively say "it works in linux, but it doesnt work in linux".
"A zero-day worm exploits a machine (no user interaction required). The blaster worm is a perfect example."
I'm not sure why you mention this, as thats what i said - that stupidity (in the human sense) isnt required for a zero-day worm, and no human involvement (in the sense we're talking about) is neccesary.
Im talking about the user factor involved in a social-engineering exploit. This java applet is a clever piece of social engineering. the cleverest pieces of social engineering involve convincing a human that the intentions are noble, or at least innocent then hitting them with a whammy.
Your position seems to be that you, at least, are 100% invulnerable to this kind of tactic and so are applying the same high standards to everyone else. And as we all know, thats when social engineering is at its best
"Go to securityfocus. I can post many exploits here that give the user no warning, but then that would be foolish for some users would click them."
Again - im not sure how this backs up what youre saying and negates what im saying.
Yes, you can show me plenty of examples of exploits that give the user no warning - and?
I can give you plenty of examples of exploits that DO give the user warning and play with their expectations of the end result. And this is one such exploit.
Which doesnt really make your point any clearer - youre saying they are both different (which they are) in that statement, yet in response to me saying "a win32 binary won't work on linux" you said "it works on Wine!" to assert the validity of your argument!
You can't class wine as both different and the same in order to fit your point at the time. or to put i another way, you cant class Wine as linux and then effectively say "it works in linux, but it doesnt work in linux".
"A zero-day worm exploits a machine (no user interaction required). The blaster worm is a perfect example."
I'm not sure why you mention this, as thats what i said - that stupidity (in the human sense) isnt required for a zero-day worm, and no human involvement (in the sense we're talking about) is neccesary.
Im talking about the user factor involved in a social-engineering exploit. This java applet is a clever piece of social engineering. the cleverest pieces of social engineering involve convincing a human that the intentions are noble, or at least innocent then hitting them with a whammy.
Your position seems to be that you, at least, are 100% invulnerable to this kind of tactic and so are applying the same high standards to everyone else. And as we all know, thats when social engineering is at its best
"Go to securityfocus. I can post many exploits here that give the user no warning, but then that would be foolish for some users would click them."
Again - im not sure how this backs up what youre saying and negates what im saying.
Yes, you can show me plenty of examples of exploits that give the user no warning - and?
I can give you plenty of examples of exploits that DO give the user warning and play with their expectations of the end result. And this is one such exploit.
#84
Zero
-
- Authentic Member
-
- 268 posts
Not really Less Than One ;-)
- Interests:Long walks on the beach.
Posted 18 March 2005 - 02:56 PM
"Which doesnt really make your point any clearer - youre saying they are both different (which they are) in that statement, yet in response to me saying "a win32 binary won't work on linux" you said "it works on Wine!" to assert the validity of your argument! You can't class wine as both different and the same in order to fit your point at the time. or to put i another way, you cant class Wine as linux and then effectively say "it works in linux, but it doesnt work in linux"."
I never classed Wine and Linux as the same.
"This java applet is a clever piece of social engineering."
Id rather it be called social engineering then an exploit, for an exploit it is not.
"Your position seems to be that you, at least, are 100% invulnerable to this kind of tactic and so are applying the same high standards to everyone else. And as we all know, thats when social engineering is at its best"
No, I am not saying I am 100% invulnerable, you're force feeding me words or mis-interpreting. Im saying that a lot of your so called 'exploits' can be stopped if users took the time to read.
"I can give you plenty of examples of exploits that DO give the user warning and play with their expectations of the end result. And this is one such exploit."
No, its not an exploit! If it gives the user a chance to opt-out its not an exploit. By your logic, the chatroom at SWI is an exploit. If a parent tells a child not to enter any chatrooms, and he clicks YES to enter the chatroom, who's fault is it, the applet, or the kids?
This argument is going no where, around in circles. Its pointless.
#85
Guest_Paperghost_*
Guest_Paperghost_*
-
- Guests
Posted 18 March 2005 - 03:17 PM
Zero: Yes. I ran the exploit under linux nothing happens, nothing will happen, run it under WINE and something will.
Suggests that Wine and Linux are different. Okay so far. But then:
"Paperghost: I will add that the exploit WOULD work on Linux. The reason "nothing happened" (as one user put it) is because A win32 executable is not going to run on Linux"
Zero: Run the exploit in wine and get back to me.
And yet in the above statement you are defining Wine as Linux in response to me saying that a Win32 exe wont work on linux to make your point valid.
The chatroom at SWI doesnt hijack your machine - nothing bad happens as a result of the end-users trust in the applets facade = not an exploit.
The applet at lyricspy results in a hijack - something bad happens as a result of the end-users trust in the applets facade = an exploit. it exploited the users trust.
This isnt an argument, its a discussion.
Though i do agree with you that this is now going round in circles - which is why Rob left, i suppose as the discussion keeps going back to the rather banal issue of "its the stupid users fault!!"
Mozilla looked at this and considered a whitelist for java applets - the browser vendor considered it a browser problem that could be corrected - therefore its a browser issue - that needs resolving in tandem with sun.
Which has been stated and restated a mind numbing amount of times.
Granted, its more than one browser - but that doesnt then justify Mozilla (or anyone else) not having to then try and tackle the problem, or pretend that it somehow isnt just because someone has to click yes to something.
The issue here is that only Mozilla HAVE tried to address the issue - no one else has, at least not publically. and to that effect, when Firefox is protected from this kind of malicious install and all other browsers are still trailing in its wake, they'll have yet another security advantage to boast about and everyone else will have to play catch-up.
I can't possibly see how that is a bad thing.
Edited by Paperghost, 18 March 2005 - 03:23 PM.
Register to Remove
#86
Zero
-
- Authentic Member
-
- 268 posts
Not really Less Than One ;-)
- Interests:Long walks on the beach.
Posted 18 March 2005 - 04:23 PM
"And yet in the above statement you are defining Wine as Linux in response to me saying that a Win32 exe wont work on linux to make your point valid."
That is not my intent at all. I know the differences between the WINE and LINUX. But WINE and LINUX have nothing to do with the "exploit" at hand.
"The chatroom at SWI doesnt hijack your machine - nothing bad happens as a result of the end-users trust in the applets facade = not an exploit.
The applet at lyricspy results in a hijack - something bad happens as a result of the end-users trust in the applets facade = an exploit. it exploited the users trust."
The same convention is used. An applet is diaplyed. With the applet at lyricspy you are basically saying yes to your so called "Exploit" which in turn does not make it accountable as an exploit.
"Granted, its more than one browser - but that doesnt then justify Mozilla (or anyone else) not having to then try and tackle the problem, or pretend that it somehow isnt just because someone has to click yes to something."
I do not believe it to be a browser issue if the user is giving his or her concent to the applet.
"The issue here is that only Mozilla HAVE tried to address the issue - no one else has, at least not publically"
See above.
I am all for a whitelist of bad XPI's, that to me is an addition to the browser, not a fix.
#87
aad
-
- New Member
-
- 6 posts
New Member
Posted 18 March 2005 - 04:35 PM
PaperGhost: Yes, I have to totally agree. I still believe that FireFox is still one of the best browsers out there re:security and the fact that Mozilla has aknowleged the problem and is working on a solution speaks highly of them.
Obviously people can agree to disagree and there is nothing wrong with that. Thanks for bringing this issue to peoples' awareness.
Now since this thread is dedicated to talking about this problem. Here is something I thought I would leave members with. I tried to access the questionable website using WindowsXP and Mozilla FireFox. I use Protowall Firewall to minimize my risk of connecting to malicious web sites (Spyware/Trojan related IP addresses). Well the minute, I tried Protowall blocked my access to this web site and the following was logged in my Protowall Log.
2005/03/15 14:29:04 [<-] BLOCKED [!] - Destination is Lyricsdomain/ISPrime Inc-Spl3[many trojans] (66.230.172.84) [protocol: TCP / destport: 80]
2005/03/15 14:29:07 [<-] BLOCKED [!] - Destination is Lyricsdomain/ISPrime Inc-Spl3[many trojans] (66.230.172.84) [protocol: TCP / destport: 80]
2005/03/15 14:29:13 [<-] BLOCKED [!] - Destination is Lyricsdomain/ISPrime Inc-Spl3[many trojans] (66.230.172.84) [protocol: TCP / destport: 80]
2005/03/15 14:29:14 [<-] BLOCKED [!] - Destination is Lyricsdomain/ISPrime Inc-Spl3[many trojans] (66.230.172.84) [protocol: TCP / destport: 80]
2005/03/15 14:29:17 [<-] BLOCKED [!] - Destination is Lyricsdomain/ISPrime Inc-Spl3[many trojans] (66.230.172.84) [protocol: TCP / destport: 80]
2005/03/15 14:29:23 [<-] BLOCKED [!] - Destination is Lyricsdomain/ISPrime Inc-Spl3[many trojans] (66.230.172.84) [protocol: TCP / destport: 80]
2005/03/15 14:29:35 [<-] BLOCKED [!] - Destination is Lyricsdomain/ISPrime Inc-Spl3[many trojans] (66.230.172.84) [protocol: TCP / destport: 80]
2005/03/15 14:29:38 [<-] BLOCKED [!] - Destination is Lyricsdomain/ISPrime Inc-Spl3[many trojans] (66.230.172.84) [protocol: TCP / destport: 80]
2005/03/15 14:29:44 [<-] BLOCKED [!] - Destination is Lyricsdomain/ISPrime Inc-Spl3[many trojans] (66.230.172.84) [protocol: TCP / destport: 80]
I also discovered that the exploit does not execute if the web page is accessed using an anonymization proxy service like anonymizer or guardster, "regardless" of the Web Browser being used.
#88
Guest_Paperghost_*
Guest_Paperghost_*
-
- Guests
Posted 18 March 2005 - 04:39 PM
An interesting find re proxies...havent tested that yet.
protowall added the site a few days back which is why its now picking it up.
glad to see it works
#89
aad
-
- New Member
-
- 6 posts
New Member
Posted 18 March 2005 - 05:23 PM
An interesting find re proxies...havent tested that yet.
protowall added the site a few days back which is why its now picking it up.
glad to see it works
I subscribe to Anonymizer and guardster SSL Proxy. I found that the Java Applet box did not appear in both when I accessed the site using these proxy servers and Mozilla FireFox. As you probably guessed, using these proxy services makes some legitimate web sites that require use of Sun Java inaccessible or inoperational, which can be kind of annoying.
Edited by aad, 18 March 2005 - 05:24 PM.
#90
Guest_Paperghost_*
Guest_Paperghost_*
-
- Guests
Posted 19 March 2005 - 01:03 PM
One small thing that everybody is missing on this "issue".
People are now debating over whether this "is" or "isnt" an exploit.
Some people would even go as far to say this isnt a problem at all - because bad things only happen if you click "yes".
if youre of that opinion, try this.
go to your control panel and open up the java console.
go to the cache option and clear it.
Empty? Good.
Now visit the lyricspy site, and when you see the yes / no prompt, click "no".
Nothing happened, right?
Go back and open up your java console.
open up the cache.
dont be surprised when you find this in there. In case you don't know what it is, its a .Jar. Inside that zipfile is an installerapplet.class. That installerapplet is what is recognised as the Java / Openstream virus.
I will state this very deliberately so no one can misinterpret this:
Even if you click "NO" to the applet, you will still end up with a virus on your PC as a result of this install process.
So sorry, but all this talk about this "exploit" (or whatever choice phrase you end up deciding on) not doing anything to the end-user if they're "smart" enough to click "no" is totally, utterly wrong. From start to finish, from the moment you visit that site you're going to be very lucky not to walk away with either a raft of IE spyware on board or a virus sitting in your Java cache, depending on
1) what browser you chose to visit the site with (because of the javascript that detects what browser you're using, which determines whether you get the active x prompt or the java applet) and
2) whether you clicked yes or no.
Thats not just exploiting a yes / no decision, that's out and out hostile, and a cleverly crafted multi-level attack designed to try and nail you even if you are net-savvy and know not to click "yes" to everything.
People are now debating over whether this "is" or "isnt" an exploit.
Some people would even go as far to say this isnt a problem at all - because bad things only happen if you click "yes".
if youre of that opinion, try this.
go to your control panel and open up the java console.
go to the cache option and clear it.
Empty? Good.
Now visit the lyricspy site, and when you see the yes / no prompt, click "no".
Nothing happened, right?
Go back and open up your java console.
open up the cache.
dont be surprised when you find this in there. In case you don't know what it is, its a .Jar. Inside that zipfile is an installerapplet.class. That installerapplet is what is recognised as the Java / Openstream virus.
I will state this very deliberately so no one can misinterpret this:
Even if you click "NO" to the applet, you will still end up with a virus on your PC as a result of this install process.
So sorry, but all this talk about this "exploit" (or whatever choice phrase you end up deciding on) not doing anything to the end-user if they're "smart" enough to click "no" is totally, utterly wrong. From start to finish, from the moment you visit that site you're going to be very lucky not to walk away with either a raft of IE spyware on board or a virus sitting in your Java cache, depending on
1) what browser you chose to visit the site with (because of the javascript that detects what browser you're using, which determines whether you get the active x prompt or the java applet) and
2) whether you clicked yes or no.
Thats not just exploiting a yes / no decision, that's out and out hostile, and a cleverly crafted multi-level attack designed to try and nail you even if you are net-savvy and know not to click "yes" to everything.
Edited by Paperghost, 19 March 2005 - 01:54 PM.
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
