Hey Erik: THAT FIREFOX SECURITY HOLE IS A HOAX
yttrx
peterwn
yttrx
Uh, no, it wasn't. And stop polluting the point with that
kind of idiocy.
-----yttrx
The Ghost In The Machine
<pet...@paradise.net.nz>
wrote
on 3 Oct 2006 10:58:38 -0700
<1159898318.1...@k70g2000cwa.googlegroups.com>:
Gotta drum up enthusiasm for XP SP3 -- erm, I mean Vista -- somehow. :-)
--
#191, ewi...@earthlink.net
Linux. The choice of a GNU generation.
Windows. The choice of a bunch of people who like very weird behavior on
a regular basis, random crashes, and "extend, embrace, and extinguish".
Roy Schestowitz
>
> http://www.heise-security.co.uk/news/78970
>
> Well?
>
> We're all waiting, erik.
Also see:
Firefox flaw overrated
,----[ Quote ]
| I do not have 30 undisclosed Firefox vulnerabilities, nor did I
| ever make this claim. I have no undisclosed Firefox
| vulnerabilities. The person who was speaking with me made this
| claim, and I honestly have no idea if he has them or not.
|
| I apologize to everyone involved, and I hope I have made
| everything as clear as possible.
`----
Who could possibly support such FUD? Yes, you've guessed it right.
ToorCon ("Firefox security is a mess") sponsored by Microsoft
,----[ Quote ]
| Lately, I read the headline: "Open Source browser Firefox is so
| critically flawed that it is impossible to fix, according to two
| hackers." Further on, in the ZDNet article I read: "The hackers claim
| they know of about 30 unpatched Firefox flaws. They don't plan to
| disclose them, instead holding onto the bugs."
|
| Since that sounds suspicious, I decided to start searching for
| connections with MS. Easy enough, here it is...
`----
Roy Schestowitz
> On Tue, 03 Oct 2006 17:21:53 +0000, yttrx wrote:
>
>>
>> http://www.heise-security.co.uk/news/78970
>>
>> Well?
>>
>> We're all waiting, erik.
No doubt it's libel. Someone ought to react in legal ways.
ToorCon ("Firefox security is a mess") sponsored by Microsoft
,----[ Quote ]
| Lately, I read the headline: "Open Source browser Firefox is so
| critically flawed that it is impossible to fix, according to two
| hackers." Further on, in the ZDNet article I read: "The hackers claim
| they know of about 30 unpatched Firefox flaws. They don't plan to
| disclose them, instead holding onto the bugs."
|
| Since that sounds suspicious, I decided to start searching for
| connections with MS. Easy enough, here it is...
`----
http://lxer.com/module/newswire/view/70873/index.html
The damage has been done, that's for sure.
Roy Schestowitz
> peterwn <pet...@paradise.net.nz> wrote:
>>
>> yttrx wrote:
>>> http://www.heise-security.co.uk/news/78970
>>>
>>> Well?
>>>
>>> We're all waiting, erik.
>>>
>> A hoax no doubt sponsored by Bill and Steve.
>>
>
> Uh, no, it wasn't. And stop polluting the point with that
> kind of idiocy.
yttrx,
Given the history of that company (FUD and lies being a routine), the
following just _cannot_ be ignored.
ToorCon ("Firefox security is a mess") sponsored by Microsoft
,----[ Quote ]
| Lately, I read the headline: "Open Source browser Firefox is so
| critically flawed that it is impossible to fix, according to two
| hackers." Further on, in the ZDNet article I read: "The hackers claim
| they know of about 30 unpatched Firefox flaws. They don't plan to
| disclose them, instead holding onto the bugs."
|
| Since that sounds suspicious, I decided to start searching for
| connections with MS. Easy enough, here it is...
`----
http://lxer.com/module/newswire/view/70873/index.html
Best wishes,
Roy
--
Roy S. Schestowitz | Useless fact: Falsity implies anything
http://Schestowitz.com | Free as in Free Beer Ś PGP-Key: 0x74572E8E
Load average (/proc/loadavg): 1.63 1.06 0.74 4/144 26904
http://iuron.com - semantic search engine project initiative
Linonut
> __/ [ yttrx ] on Tuesday 03 October 2006 20:42 \__
>
>> peterwn <pet...@paradise.net.nz> wrote:
>>>
>>> yttrx wrote:
>>>> http://www.heise-security.co.uk/news/78970
>>>>
>>>> Well?
>>>>
>>>> We're all waiting, erik.
>>>>
>>> A hoax no doubt sponsored by Bill and Steve.
>>
>> Uh, no, it wasn't. And stop polluting the point with that
>> kind of idiocy.
>
> yttrx,
>
> Given the history of that company (FUD and lies being a routine), the
> following just _cannot_ be ignored.
>
> ToorCon ("Firefox security is a mess") sponsored by Microsoft
>
> http://lxer.com/module/newswire/view/70873/index.html
ToorCon wasn't sponsored by Microsoft. Just the "Saturday Night Party",
from 9:30PM until 3:OOAM.
21:30-03:00
ToorCon Saturday Night Party - Sponsored by Microsoft
Sunday, October 1st, 2006
ToorCon will be starting back up on Sunday at 11am, so make sure
to get back from Tijuana at a reasonable hour. We'll be throwing a
Sunday night party nearby, so make sure to stick around for the
festivities!
--
Microslave: You aren't going anywhere today!
z
> After takin' a swig o' grog, Roy Schestowitz belched out this bit o'
> wisdom:
>> ToorCon ("Firefox security is a mess") sponsored by Microsoft
>>
>> http://lxer.com/module/newswire/view/70873/index.html
>
> ToorCon wasn't sponsored by Microsoft. Just the "Saturday Night Party",
> from 9:30PM until 3:OOAM.
Microsoft was a "Platinum Sponsor" -- the highest level of sponsor:
http://www.toorcon.org/2006/sponsors.html
Roy Schestowitz
Microsoft sponsor many thinks it should _NOT_ be sponsoring. It's a smiling
crocodile. Plain and simple.
Look. Microsoft, the very same company that refuses to comply with the EU and
make its servers talk to others or be accessible to others, sponsors a
conference on interoperability.
http://www.techxworld.com/registration/index.cfm?fuseaction=dynamic&v=0&p=5069&code=digg
And speaking of "interoperability", Microsoft corrupts the key terms.
Microsoft Announces Cross-Platform Ad Strategy
^^^^^^^^^^^^^^
,----[ Snippet ]
| ...will allow marketers to reach customers across Microsoft's many
| platforms, including MSN, the XBox, Microsoft Live, Office Online,
| Windows Mobile, and Microsoft TV.
`----
http://biz.yahoo.com/indie/060926/293_id.html?.v=2
It also sponsors PHP.
PHP, Windows: Not an Oxymoron?
,----[ Quote ]
| Though Microsoft is a sponsor of the php|works conference, Stagner noted
| for the record that Microsoft did not pay for him to speak and he wasn't
| lost and knows that the conference isn't TechED.
`----
http://www.internetnews.com/dev-news/article.php/3632136
And Open Source/Linux.
LinuxChix Brazil Meeting - Webcast, teachers and sponsors
,----[ Quote ]
| To make all this possible, we this year have the support of several
| companies and people, and two major sponsors: Caixa Economica Federal and
| Microsoft. The Caixa, as a Brazil federal institution, has always been
| involved in supporting development projects. And to go ahead with its
| "let's talk" movement, Microsoft supports the Meeting, as well will also
| be open to talk about their recent actions to cooperate and interoperate
| with Open Source community. We invite all attendees to debate with the
| representants their ideas and give suggestions.
`----
Erik Funkenbusch
> http://www.heise-security.co.uk/news/78970
>
> Well?
>
> We're all waiting, erik.
No, this is just poor journalism.
You do understand the difference between "Meant to be humorous" and "hoax",
right?
The vulnerability is real. The exploit was simply overblown, though it did
produce Denial Of Service.
Handover Phist
yttrx
> Erik Funkenbusch :
>> On Tue, 03 Oct 2006 17:21:53 GMT, yttrx wrote:
>>
>>> http://www.heise-security.co.uk/news/78970
>>>
>>> Well?
>>>
>>> We're all waiting, erik.
>>
>> No, this is just poor journalism.
>>
>> You do understand the difference between "Meant to be humorous" and "hoax",
>> right?
>>
>> The vulnerability is real. The exploit was simply overblown, though it did
>> produce Denial Of Service.
>
> The possibility of.
>
Exactly. Oh look, erik lied again.
-----yttrx
Erik Funkenbusch
> Erik Funkenbusch :
>> On Tue, 03 Oct 2006 17:21:53 GMT, yttrx wrote:
>>
>>> http://www.heise-security.co.uk/news/78970
>>>
>>> Well?
>>>
>>> We're all waiting, erik.
>>
>> No, this is just poor journalism.
>>
>> You do understand the difference between "Meant to be humorous" and "hoax",
>> right?
>>
>> The vulnerability is real. The exploit was simply overblown, though it did
>> produce Denial Of Service.
>
> The possibility of.
No, not "the possibility of". The exploit DID produce a denial of service
by crashing Firefox. For what it's worth, Mozilla haven't even figured out
if this is a real vulnerability or not based on the comments in the bug
report.
https://bugzilla.mozilla.org/show_bug.cgi?id=355069
See also:
http://blog.washingtonpost.com/securityfix/2006/10/zeroday_firefox_exploit_claime.html
"Turns out, they confirmed that the bug they found could be used to crash
Firefox, but that they hadn't bothered to do the work to tell whether that
crash could be exploited to allow bad guys to install software."
So it's not "the possibility of" a DoS, it is, in fact, a DoS exploit.
![[H]omer's profile photo](http://lh3.googleusercontent.com/a-/ALV-UjWMQWyYwHeIwxhG3nGUeGWmLQD0R8TeZrvdWDiv5-2S_z3rHg=s40-c)
[H]omer
> Microsoft Announces Cross-Platform Ad Strategy
> ^^^^^^^^^^^^^^
> ,----[ Snippet ]
> | ...will allow marketers to reach customers across Microsoft's many
> | platforms, including MSN, the XBox, Microsoft Live, Office Online,
> | Windows Mobile, and Microsoft TV.
> `----
The only thing in that list that I would describe as a "platform" is
Windows Mobile (wince). Everything else is just a service and/or stack
of protocols.
For the benefit of the Microsoft nihilists, here's a short list of
"real" platforms:
GNU/Linux
UNIX/BSD
BeOS
AmigaOS
RISC OS
Atari TOS
PalmOS
Symbian/EPOC
Java
.NET
QNX
z/OS
MenuetOS
SkyOS
Visopsys
Win32
The list goes on; really, there's hundreds of them. Not that Microsoft
would have a clue.
--
K.
http://slated.org - Slated, Rated & Blogged
.----
| Another name for a Windows tutorial is "crash course".
`----
Fedora Core release 5 (Bordeaux) on sky, running kernel 2.6.16-1.2133_FC5
02:49:43 up 108 days, 3:06, 4 users, load average: 1.19, 1.00, 0.89
Linonut
>>> The vulnerability is real. The exploit was simply overblown, though it did
>>> produce Denial Of Service.
>>
>> The possibility of.
>
> No, not "the possibility of". The exploit DID produce a denial of service
> by crashing Firefox.
Ah-ha-ah-ha-ha-ha-ha!
> "Turns out, they confirmed that the bug they found could be used to crash
> Firefox, but that they hadn't bothered to do the work to tell whether that
> crash could be exploited to allow bad guys to install software."
>
> So it's not "the possibility of" a DoS, it is, in fact, a DoS exploit.
Ah-ha-ah-ha-ha-ha-ha!
You're worse than a SYN flood!
--
I had only one nerve left, and -dang- if you didn't git on it!
Sinister Midget
The link from there goes to here:
http://www.toorcon.org/2006/conference.html
And has:
21:30-03:00 ToorCon Saturday Night Party - Sponsored by Microsoft
Heh heh. It was just a little joke! They didn't really expect anybody
to take them seriously! C'mon folks, smile!
--
If your OS needs a virus scanner, RUN!!
chrisv
>>> The vulnerability is real. The exploit was simply overblown, though it did
>>> produce Denial Of Service.
>>
>> The possibility of.
>
>No, not "the possibility of". The exploit DID produce a denial of service
>by crashing Firefox.
Idiot.
Roy Schestowitz
Lxer didn't point at quite the right page, IMO.
http://www.toorcon.org/2006/sponsors.html
Microsoft is among the "Official Sponsors".
Linonut
Yeah, he wants to DOS COLA.
--
"I think we're all Bozos on this bus." -- The Firesign Theatre
flatfish+++
> After takin' a swig o' grog, chrisv belched out this bit o' wisdom:
>
>> Erik Funkenbusch wrote:
>>
>>>>> The vulnerability is real. The exploit was simply overblown, though it did
>>>>> produce Denial Of Service.
>>>>
>>>> The possibility of.
>>>
>>>No, not "the possibility of". The exploit DID produce a denial of service
>>>by crashing Firefox.
>>
>> Idiot.
>
> Yeah, he wants to DOS COLA.
That's already been done.
See Roy Shestowich and Mark Kent for details.