hacker


Ingresar con nombre de usuario, contraseña y duración de la sesión
| Portal Hacker | Editorial | Descargas | Ezine |
Inicio Ayuda Ingresar Registrarse
13 de Octubre de 2008, 12:45:20
Noticias: La 1era E-Zine de CPH ya fue liberada, encuentrala
Para ver este enlace Registrate o Inicia Sesion
> aquí

+  Foros pOrtal Hacker
|-+  General de Foros CPH
| |-+  Dudas generales
| | |-+  Noticias de la red (Moderadores: vart001, bonillas)
| | | |-+  Hackers pick at Firefox holes		 0 Usuarios y 1 Visitante están viendo este tema. « anterior próximo »
Páginas: [1] Ir Abajo Imprimir
Autor Tema: Hackers pick at Firefox holes  (Leído 339 veces)
Vassily
Administrador
*****
Desconectado Desconectado

Mensajes: 4,127



Ver Perfil WWW
« : 20 de ſeptiembre de 2005, 03:44:38 »
A recently patched flaw in the open source browser is under active investigation by security researchers and hackers alike; experts warn an attack is imminent
      
   
Security researchers claim to have found ways to exploit a serious bug in Firefox and Mozilla Web browsers, a sign that attacks could be on the way.

The vulnerability, which could let attackers secretly run malicious software on PCs, was disclosed on Thursday by security researcher Tom Ferris. The Mozilla Foundation, which distributes and coordinates the development of the Firefox and Mozilla browsers, responded swiftly and released a temporary fix on Friday.

The problem also affects the latest Netscape Web browser, according to security experts. Netscape, a division of Time Warner's America Online subsidiary, is investigating the issue, a company representative said on Tuesday.

Disclosure of a flaw typically starts a race in the security community to exploit it. In the past few days, at least two security researchers have posted messages to popular security mailing lists claiming they have found ways attackers could take advantage of the vulnerability.

The postings said that exploits that work on Windows and Linux operating systems had been found. At the time the flaw details were disclosed, there were no known exploits for the vulnerability, beyond the one Ferris claimed to have for Windows.

"It took only about 3 hours and 30 minutes to develop the exploit, so I might not be the only one able to write it," Berend-Jan Wever, a computer science student in the Netherlands, wrote in a posting to the Full Disclosure mailing list on Saturday. Wever said he had found an exploit that works on Windows XP and Windows Server 2003.

Wever and Ferris have kept their exploit code private, and no attacks that take advantage of this flaw have been reported. However, criminal hackers are unlikely to be far behind the researchers in working out a mode of attack, experts said.

"We did not see any public exploit for the vulnerability. However, security researchers and hackers are actively working on this issue," a representative of FrSIRT, said in an email interview. The FrSIRT tags the issue as "critical" in its advisory, its most serious rating.

Ferris agreed that miscreants are looking to write or even buy code that can use the vulnerability to attack people's machines. "I have been emailed a couple of times by people asking for an exploit," he said. "This tells me the Trojan writers are out there looking for something."

Name game
The problem in Firefox, Mozilla and Netscape has to do with the way the browsers handle International Domain Names. IDNs are domain names that use local language characters. Experts advise Firefox and Mozilla users to apply the temporary fix provided by the Mozilla Foundation, which disables the IDN feature.

"I would certainly recommend that users implement the vendor workarounds until a patch is made available," said Michael Sutton, director of security company iDefense. "We feel that exploit code can and will be created."

The security vulnerability in question is a buffer overflow flaw. An attacker could host a Web site containing malicious code to exploit the vulnerability. Mozilla has posted an advisory on its Web site that includes the patch and instructions to manually disable IDN.

Mozilla has said that it is working to fix the actual vulnerability in an upcoming version of Firefox and that it will re-enable the IDN feature in that version. Switching off IDN support impacts Firefox and Mozilla customers who actually use such special domain names.

Firefox has risen in popularity in recent years as a viable alternative to Microsoft's Internet Explorer. Though its market share slipped slightly recently, researchers estimate that between 8 and 9 percent of the Internet population use the open source Web browser.

Security has been a main selling point for Firefox over Internet Explorer. However, Firefox has had its own security woes. Numerous serious holes in the browser have been plugged since its official release, and experts have said that safe Web browsers don't exist.

Fuente news.zdnet.co. uk
En línea

Para ver este enlace Registrate o Inicia Sesion

Pícale no seas culero

VY 4Ever
Si tienes una cuenta de Rs que quieres compartir, pues hazlo, no seas culero
Páginas: [1] Ir Arriba Imprimir 
« anterior próximo »
Ir a:  


Ingresar con nombre de usuario, contraseña y duración de la sesión

Powered by SMF 1.1.6 | SMF © 2006-2008, Simple Machines LLC hacker

Juegos gratis - Articulos PHP - Juegos - Trucos - Letras - Juegos - Juegos Online